Does EO 14409 — Promoting Advanced Artificial Intelligence Innovation and Security require Risk Assessment?

United States • voluntary

Yes — 1 provision

Requirements at a glance

This regulation imposes 3 specific requirements for Risk Assessment across 1 provision:

Covered Frontier Model Designation and Benchmarking #

Obligation:
Risk Assessment
voluntary
Effective:
Jun 2, 2026
Risk tier:
general-purpose
Scope:
providers
upcoming
Directs Treasury, NSA, and CISA to develop and maintain a classified benchmarking process that assesses the advanced cyber capabilities of AI models and sets the threshold for designating a "covered frontier model." This is the first federal mechanism defining a frontier-model threshold by capability rather than compute. Developers engage the designation process voluntarily; assessments are shared with developers as appropriate. The benchmark and threshold are pending — agencies have 60 days to develop them.

Requirements

RequirementDetails
Classified benchmarkingGovernment to develop and maintain a classified process benchmarking the advanced cyber capabilities of AI models
Threshold designationThe benchmark sets the threshold at which a model is designated a "covered frontier model"
Assessment sharingCapability assessments are shared with AI developers as appropriate

Penalties

ViolationFine
N/AVoluntary designation; no penalties. Designation does not trigger any mandatory licensing or permitting (§ 3(c)).
View full regulation View obligation Obligation matrix