Final Pre-Inauguration AI Policy Recaps: What the Biden EO Meant
Table of Contents
Final Pre-Inauguration AI Policy Recaps: What the Biden EO Meant #
In three days, Donald Trump will be sworn in as the 47th President of the United States, and the AI policy landscape is about to shift dramatically. Today—January 17, 2025—I want to take a comprehensive look at what Biden's Executive Order 14110 actually required, what got implemented during its 15-month lifespan, and what might survive the incoming administration's promised regulatory overhaul.
The timing matters. On Monday, January 20, the Biden era of AI governance—characterized by voluntary partnerships, safety testing requirements, and federal agency coordination—potentially ends. What replaces it remains unclear, though campaign rhetoric and early transition signals suggest a pivot toward innovation promotion over risk mitigation. For companies that have spent the past year adapting to EO 14110's requirements, the transition creates immediate operational questions.
If you're building AI systems, this isn't just political theater. The requirements that have been in place since October 2023 have shaped how frontier labs operate, how compute infrastructure gets reported, and how safety testing gets conducted. Understanding what was required—and what might be rescinded—matters for your compliance posture and your roadmap.
What Was Executive Order 14110 and When Did It Take Effect? #
Executive Order 14110, titled "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence," was signed by President Biden on October 30, 2023, and took effect immediately. It established a government-wide framework directing over 50 federal entities to undertake more than 100 specific actions across eight policy areas.
The EO didn't wait for legislation—it used existing authorities including the Defense Production Act to impose immediate reporting requirements on AI companies developing dual-use foundation models. Within 90 days (by January 28, 2024), companies were already required to report training activities, model weights ownership, and red-team testing results to the Department of Commerce.
The eight policy pillars established were:
| Policy Area | Core Focus | Key Requirements |
|---|---|---|
| Safety and Security | Risk evaluation, testing, critical infrastructure | 27 requirements across 30+ agencies |
| Innovation and Competition | Talent retention, IP clarity, startup support | 21 requirements across 10 agencies |
| Worker Support | Workforce disruption mitigation | 4 requirements across 2 agencies |
| AI Bias and Civil Rights | Equity, discrimination prevention | 10 requirements across 7 agencies |
| Consumer Protection | Fraud prevention, privacy enforcement | 7 requirements across 5 agencies |
| Privacy | Data protection, PETs | 6 requirements across 5 agencies |
| Federal Use of AI | Government adoption with safeguards | 15 requirements across 20+ agencies |
| International Leadership | Global standards, ally coordination | 13 requirements across 10 agencies |
The scope of the EO was ambitious. Unlike previous technology policy initiatives that focused on narrow domains—privacy, cybersecurity, or specific applications—the EO attempted to govern AI as a general-purpose technology cutting across every sector of the economy. This breadth made it both comprehensive and difficult to implement, as dozens of agencies with different missions and capabilities had to coordinate on overlapping responsibilities.
|-------------|------------|------------------|
| Safety and Security | Risk evaluation, testing, critical infrastructure | 27 requirements across 30+ agencies |
| Innovation and Competition | Talent retention, IP clarity, startup support | 21 requirements across 10 agencies |
| Worker Support | Workforce disruption mitigation | 4 requirements across 2 agencies |
| AI Bias and Civil Rights | Equity, discrimination prevention | 10 requirements across 7 agencies |
| Consumer Protection | Fraud prevention, privacy enforcement | 7 requirements across 5 agencies |
| Privacy | Data protection, PETs | 6 requirements across 5 agencies |
| Federal Use of AI | Government adoption with safeguards | 15 requirements across 20+ agencies |
| International Leadership | Global standards, ally coordination | 13 requirements across 10 agencies |
What Did the EO Actually Require From AI Companies? #
The reporting requirements under Section 4.2(a) applied to companies developing "dual-use foundation models" meeting specific computational thresholds—those trained using more than 10^26 integer or floating-point operations. This threshold captured models like GPT-4 class systems and larger, though researchers noted GPT-4 itself was estimated to be just under this threshold at the time of the EO's release.
Companies subject to these requirements had to provide ongoing reports to the federal government on:
- Training activities: Any ongoing or planned activities related to training dual-use foundation models, including physical and cybersecurity protections for the training process
- Model weights ownership: The ownership and possession of model weights, plus physical and cybersecurity measures protecting them
- Red-team testing results: Results from AI red-team testing based on NIST guidance, including descriptions of safety measures and mitigations
Additionally, entities acquiring or possessing large-scale computing clusters (with theoretical maximum capacity of 10^20 operations per second for training AI) had to report the existence, location, and total computing power of these clusters.
The reporting was structured as follows:
| Report Type | Due Date | Lead Agency | Information Required |
|---|---|---|---|
| Initial training reports | 90 days (Jan 28, 2024) | Commerce | Model training plans, security measures |
| Compute cluster reports | 90 days (Jan 28, 2024) | Commerce | Location, capacity, ownership |
| Ongoing updates | Continuous | Commerce | Changes to training, new models, testing results |
| Technical conditions definition | 90 days (Jan 28, 2024) | Commerce | Threshold adjustments |
How Did NIST's AI Risk Management Framework Connect to the EO? #
The EO explicitly required NIST to develop companion resources to the existing AI Risk Management Framework (AI RMF 1.0) specifically for generative AI and dual-use foundation models within 270 days (by July 26, 2024). This wasn't a new framework—it was an extension of existing NIST guidance that had been in development since January 2023.
The NIST deliverables included:
- Generative AI companion resource to AI RMF 1.0, addressing risks unique to generative systems
- Secure Software Development Framework companion incorporating secure development practices for generative AI
- Guidance and benchmarks for evaluating and auditing AI capabilities, with focus on harm-causing capabilities in cybersecurity and biosecurity
- AI red-teaming guidelines enabling developers to conduct structured testing for safety and security vulnerabilities
These NIST resources became the technical foundation for how companies were expected to evaluate their models. The red-teaming guidelines, in particular, established standardized approaches for identifying harmful capabilities including:
- Lowered barriers for non-experts to design, synthesize, or use CBRN (chemical, biological, radiological, nuclear) weapons
- Automated vulnerability discovery and exploitation for cyber attacks
- Evasion of human control through deception or obfuscation
The AI RMF 1.0 generative AI companion, released in July 2024, provided a structured approach to managing risks unique to generative systems. It covered:
| Risk Category | Key Mitigations | Application |
|---|---|---|
| Harmful content generation | Fine-tuning, reinforcement learning from human feedback (RLHF), output filtering | Chatbots, content generators |
| Data privacy leakage | Training data sanitization, differential privacy, access controls | All generative systems |
| Intellectual property concerns | Training on licensed data, similarity detection, attribution systems | Image, music, code generators |
| Information integrity | Provenance tracking, watermarking, detection tools | Media synthesis systems |
The Secure Software Development Framework (SSDF) companion addressed the software supply chain risks specific to AI systems—ensuring that training pipelines, model distribution, and deployment infrastructure followed secure development practices.
What About the US AI Safety Institute and Industry Partnerships? #
The US AI Safety Institute (USAISI) was formally established within NIST in February 2024 as a direct result of the EO's mandate, with the mission of developing technical standards and evaluation methodologies for frontier AI systems. By August 2024, the Institute had secured voluntary Memorandums of Understanding (MoUs) with OpenAI and Anthropic—the first formal safety partnerships between the federal government and frontier labs.
These MoUs established frameworks for:
- Pre-deployment safety testing and evaluation
- Information sharing on emerging risks and vulnerabilities
- Collaboration on technical standards development
- Joint research on AI safety methodologies
The DHS AI Safety and Security Board was also established as an advisory committee, bringing together AI experts from the private sector, academia, and government to provide recommendations on security, resilience, and incident response for AI usage in critical infrastructure.
The significance of these partnerships cannot be overstated—they represented the first formalized channels for pre-deployment government review of frontier AI systems. Prior to the EO, labs conducted safety testing internally with optional external red-teaming, but there was no systematic federal oversight. The MoUs created structured processes for:
- Sharing safety test results before public model releases
- Coordinating on emerging risk research including biological and cyber capabilities
- Developing shared evaluation methodologies that could become industry standards
- Establishing incident response protocols for when safety issues are discovered post-deployment
| Partnership | Announced | Scope | Status (Jan 2025) |
|---|---|---|---|
| OpenAI + USAISI | August 2024 | Pre-deployment testing, standards | Active |
| Anthropic + USAISI | August 2024 | Safety evaluation, research | Active |
| DHS AI Safety Board | 2024 | Critical infrastructure guidance | Active |
Critics of these arrangements noted their voluntary nature—they depended entirely on the labs' willingness to cooperate, with no enforcement mechanism for compliance. Supporters countered that formalizing any government oversight of private AI development was a significant step, and that the MoUs created norms that could be codified into regulation later. As of January 17, 2025, both partnerships were still active, though their future under the incoming administration remains uncertain.
How Did the EO Address Synthetic Content and Deepfakes? #
Section 4.5 of the EO directed the Commerce Department to identify and develop standards for authenticating content, detecting synthetic media, and watermarking AI-generated outputs within 240 days (by June 26, 2024). This was one of the most visible consumer-facing provisions, responding to growing concerns about AI-generated disinformation and non-consensual imagery.
The specific deliverables included:
- Standards and tools for content authentication and provenance tracking
- Techniques for labeling synthetic content using watermarking
- Capabilities for detecting AI-generated content
- Preventing generative AI from producing child sexual abuse material or non-consensual intimate imagery
- Testing software for the above capabilities
- Audit and maintenance procedures for synthetic content detection
Following the initial report, Commerce was required to develop guidance for adopting these tools within 180 days (by December 23, 2024), with OMB issuing guidance for federal agency labeling and authentication by June 2025.
This framework intersected with the C2PA (Coalition for Content Provenance and Authenticity) standards that had been gaining industry traction—Content Credentials that track the origin and editing history of media files.
By late 2024, major platforms had begun implementing content provenance features:
- Adobe integrated Content Credentials into Creative Cloud and Firefly, displaying provenance information on images created or edited with their tools
- Microsoft added Content Credentials to Bing Image Creator and Designer
- OpenAI began including C2PA metadata in images generated by DALL-E 3
- Truepic and other verification startups built commercial tools on C2PA infrastructure
The EO's synthetic content provisions accelerated this industry coordination by establishing federal procurement requirements—agencies would eventually need to source tools meeting these standards, creating market demand for compliant solutions.
The specific malicious use cases targeted by Section 4.5 reflected high-profile harms that had already occurred:
| Harm Type | EO Response | Industry Parallel |
|---|---|---|
| Non-consensual intimate imagery | Detection and prevention requirements | Platform content policies |
| CSAM generation | Explicit prohibition in training data | Safety filtering, hash matching |
| Political deepfakes | Authentication standards | Platform labeling, fact-checking |
| Fraud/scams | Synthetic content detection | Financial sector verification |
What Implementation Actually Occurred Before January 2025? #
By January 17, 2025, approximately 80% of the EO's deliverables with specific deadlines had been completed or were substantially underway, according to Congressional Research Service tracking. The major unimplemented components were primarily long-term research initiatives and multi-year pilot programs. The 15-month implementation period saw substantial federal agency coordination, though some deadlines were extended or delayed due to complexity.
The implementation was tracked by the White House AI Council, which included heads of 28 federal departments and agencies. Monthly coordination meetings were held through 2024 to monitor progress and resolve cross-agency dependencies. This level of interagency coordination for a technology policy initiative was unprecedented in scale, even if the ultimate effectiveness remains debated.
Completed major deliverables include:
- ✅ NIST AI RMF generative AI companion resources (July 2024)
- ✅ Initial company reporting on dual-use foundation models (ongoing since January 2024)
- ✅ US AI Safety Institute establishment and industry MoUs (February–August 2024)
- ✅ OMB Memorandum M-24-10 on agency AI governance (March 2024)
- ✅ OMB Memorandum M-24-18 on AI acquisition (October 2024)
- ✅ Synthetic content detection framework development (June–December 2024)
- ✅ DHS AI Safety and Security Board establishment (2024)
- ✅ National AI Research Resource (NAIRR) pilot launch (January 2024)
- ✅ Visa processing simplification for AI talent (ongoing since January 2024)
Major pending deliverables as of January 2025:
- ⏳ National Security Memorandum on AI governance (originally due July 2024, extended)
- ⏳ Federal synthetic content labeling guidance (due June 2025)
- ⏳ NIST red-teaming standards finalization (ongoing)
- ⏳ Long-term AI research initiatives (multi-year programs)
What Did the EO Require for Immigration and AI Talent? #
Section 5.1 of the EO launched a comprehensive effort to attract and retain AI talent through faster visa processing, domestic renewal programs, and expanded immigration pathways—requirements that took effect between 90 and 180 days from October 2023.
The specific actions required included:
| Requirement | Lead Agency | Deadline | Status |
|---|---|---|---|
| Simplify visa processing for AI experts | State & DHS | 90 days (Jan 2024) | Implemented |
| Consider domestic visa renewal programs | State | 120 days (Feb 2024) | Partially implemented |
| Expand visa renewal to STEM students | State | 180 days (Apr 2024) | In progress |
| Modernize pathways for O-1A, EB-1, EB-2 | DHS | 180 days (Apr 2024) | In progress |
| Identify Schedule A occupations for AI | Labor | 45 days (Dec 2023) | Completed |
These immigration provisions represented one of the more bipartisan-friendly aspects of the EO, focused on maintaining US competitiveness rather than regulating industry. The State Department had implemented faster processing for AI-related visa categories by early 2024, and the domestic visa renewal pilot was expanded to include more categories throughout 2024.
How Did Cloud Infrastructure Reporting Work in Practice? #
Section 4.2(c) and (d) required Commerce to propose regulations for Infrastructure-as-a-Service (IaaS) providers to report when foreign persons used US cloud infrastructure to train large AI models—essentially a "know your customer" regime for compute providers. This was an extension of authorities from Executive Order 13984 addressing malicious cyber activities.
The proposed regulations, due within 90 days and 180 days respectively, would have required:
- US IaaS providers to report foreign person transactions for AI model training runs
- Foreign resellers of US cloud products to verify customer identity and report concerning transactions
- Minimum documentation standards for identity verification
- Record-keeping requirements including payment sources, IP addresses, and access logs
As of January 2025, these regulations were still in development. The complexity of defining "large AI model" training runs that could enable malicious cyber activity, combined with industry concerns about implementation burden, had slowed the regulatory process.
The cloud reporting requirements faced significant practical challenges:
- Attribution difficulty: Determining whether a foreign person is behind a particular training run when accounts might be corporate entities, shell companies, or academic partnerships
- Definitional ambiguity: What constitutes "training a large AI model" versus fine-tuning, inference, or research computing? The compute thresholds needed constant adjustment as hardware improved
- Competitive concerns: Cloud providers worried that intrusive reporting requirements would push foreign customers to non-US providers (Alibaba Cloud, Tencent Cloud, European alternatives), undermining the goal of maintaining visibility into AI development
- Enforcement questions: How would Commerce verify compliance? Would there be penalties for non-reporting, and how would they be applied?
These challenges made the IaaS reporting provisions among the most contentious of the EO's implementation—and also among the most likely to be modified or abandoned by a new administration focused on reducing regulatory burden on American technology companies.
What Happens to All of This on January 20, 2025? #
The transition to a Trump administration creates immediate uncertainty for EO 14110's continued viability. Throughout his campaign, Trump signaled opposition to Biden's regulatory approach to AI, characterizing it as government overreach that stifles innovation.
Key transition considerations:
| EO Provision | Likely Trump Administration Action | Timeline |
|---|---|---|
| Industry reporting requirements | Suspend or significantly reduce | Immediate |
| US AI Safety Institute partnerships | Reevaluate; possible termination | 30-90 days |
| NIST AI safety standards | Deprioritize; redirect focus | Ongoing |
| Immigration/talent provisions | Likely retained | Immediate |
| Synthetic content framework | Unknown; may repurpose | Uncertain |
| Federal agency AI use guidance | Revise significantly | 60 days |
The most vulnerable provisions are the mandatory industry reporting requirements under Section 4.2(a), which rely on Defense Production Act authorities that a new administration can immediately redirect. The voluntary partnerships with OpenAI and Anthropic may also face reevaluation, particularly if the incoming administration views them as creating regulatory capture.
Conversely, the immigration provisions in Section 5.1 are likely to survive in some form, as they align with broader "compete with China" narratives that have bipartisan support.
What Should AI Companies Do Right Now? #
For companies that have been complying with EO 14110's reporting requirements, the prudent approach is to maintain compliance documentation while preparing for potential regulatory changes. Three days before inauguration is too soon to abandon established processes, but it's the right time to scenario-plan for different outcomes.
Immediate actions I recommend:
Document everything you've reported under Section 4.2(a) requirements—training activities, model weights security measures, red-team testing results. This information may be useful regardless of regulatory changes. Enterprise customers, insurance providers, and potential acquirers will increasingly ask for this documentation as part of due diligence.
Audit your red-teaming and safety testing procedures against NIST guidelines. Even if the federal reporting requirement disappears, robust safety testing is becoming table stakes for enterprise customers and insurance providers. The practices the EO encouraged—evaluating models for dangerous capabilities, documenting mitigations, maintaining security controls—are simply good engineering hygiene that reduces liability.
Review your synthetic content detection and watermarking capabilities. The regulatory driver may change, but market demand for content provenance is growing—enterprise buyers increasingly expect C2PA-style content credentials. Platforms like YouTube, Meta, and X have all announced synthetic content labeling policies that align with the EO's goals, creating commercial pressure independent of federal mandates.
Monitor the first executive orders closely. If Trump rescinds EO 14110 immediately, watch what replaces it. The administration has signaled support for an alternative framework focused on "AI dominance" rather than "AI safety." The transition period—likely the first 100 days—will set the tone for the next four years of AI policy.
Engage with industry associations. Groups like the Partnership on AI, the AI Alliance, and sector-specific associations are already coordinating responses to the transition. Collective industry input often shapes how broadly or narrowly new regulations are applied.
Frequently Asked Questions #
Q: What exactly is a "dual-use foundation model" under EO 14110? #
A: A dual-use foundation model is defined as an AI model trained on broad data with at least tens of billions of parameters that exhibits, or could be easily modified to exhibit, high performance at tasks posing serious risks to security, economic security, public health, or safety. The specific threshold triggering reporting was training using more than 10^26 integer or floating-point operations—a threshold that captured frontier models like GPT-4 class systems and larger.
Q: Did every AI company have to report to the government under this EO? #
A: No. Only companies developing or intending to develop dual-use foundation models meeting the computational thresholds, and entities acquiring large-scale computing clusters, were subject to mandatory reporting. Most AI companies using APIs or building applications on top of existing models were not directly covered by the reporting requirements, though they may have been affected by guidance for critical infrastructure or federal procurement.
Q: What is the National AI Research Resource (NAIRR) pilot launched by the EO? #
A: The NAIRR pilot, launched in January 2024 by the National Science Foundation, provides researchers and students with access to computational resources, datasets, and educational tools for AI research. It's designed to democratize access to the expensive compute required for frontier AI research, extending opportunities beyond well-funded industry labs to academic researchers and smaller institutions.
Q: How did the EO address AI bias and civil rights concerns? #
A: Section 7 required agencies to address AI systems that could perpetuate discrimination in hiring, housing, healthcare, and criminal justice. The EO directed agencies to enforce existing civil rights laws against AI-driven discrimination and to develop additional technical guidance. It specifically called out the risks of AI in the justice system and federal benefits administration, requiring assessments of algorithmic impact on protected groups.
Q: What synthetic content standards did the EO require? #
A: The EO directed Commerce to develop standards for content authentication, synthetic content detection, and watermarking of AI-generated outputs within 240 days. This included preventing generative AI from producing child sexual abuse material and non-consensual intimate imagery. The standards development aligned with industry efforts like C2PA (Coalition for Content Provenance and Authenticity) Content Credentials.
Q: Will Trump's inauguration immediately end all EO 14110 requirements? #
A: Not necessarily immediately. Executive orders can be rescinded by subsequent executive orders, which Trump could sign on day one, but implementation takes time. Some provisions, like the faster visa processing in Section 5.1, may survive because they align with the incoming administration's priorities. Others, like mandatory industry reporting, are likely to be suspended quickly. The US AI Safety Institute's existence and its industry partnerships face particular uncertainty.
Q: What is the difference between the US AI Safety Institute and the DHS AI Safety Board? #
A: The US AI Safety Institute (USAISI) is housed within NIST at Commerce and focuses on developing technical standards and conducting safety evaluations of frontier AI systems. The DHS AI Safety and Security Board is an advisory committee providing guidance on AI usage in critical infrastructure sectors. USAISI does hands-on technical work with labs; the DHS Board provides strategic recommendations for infrastructure protection.
Q: Did the EO create new criminal penalties for AI misuse? #
A: No. The EO did not create new criminal penalties—it used existing authorities to impose reporting requirements and direct agency actions. It directed the Attorney General to consider how to apply existing laws to AI-enabled harm, but it did not itself establish new criminal statutes. New criminal penalties would require congressional legislation.
Q: How did the EO's red-teaming requirements work in practice? #
A: Companies subject to reporting had to describe their red-team testing results to Commerce, including tests related to biological weapons capability, automated cyber vulnerability discovery, self-replication potential, and influence operations. NIST was tasked with developing standardized red-teaming guidelines, but until those were finalized, companies reported based on their own methodologies. The goal was establishing baseline safety evaluations before deployment.
Q: What should startups know about EO 14110 compliance? #
A: Most startups were not directly covered by EO 14110's mandatory reporting requirements unless they were training frontier-scale foundation models or operating large compute clusters. However, startups building on AI APIs should pay attention to: (1) customer expectations around safety testing and documentation, (2) emerging standards for synthetic content disclosure, and (3) potential future procurement requirements if selling to federal agencies. The EO's indirect effects through market expectations often mattered more than direct compliance obligations for early-stage companies.
Closing: The Policy Landscape on the Eve of Transition #
Three days before inauguration, the AI policy framework established by Executive Order 14110 stands at an inflection point. For 15 months, it has provided structure—imperfect, incomplete, but present—for how frontier AI development intersects with federal oversight. That structure is about to be tested, and likely transformed.
What I'll be watching closely:
- The first executive orders on AI from the Trump administration—what gets rescinded, what gets replaced, and what's entirely new
- The fate of the US AI Safety Institute—whether it survives, gets reorganized, or is eliminated
- Industry response—how OpenAI, Anthropic, and other frontier labs adjust their safety testing and reporting postures
- Congressional action—whether the policy vacuum left by a rescinded EO creates momentum for legislation
For builders, the fundamental calculus remains: AI capabilities are advancing faster than any regulatory framework can adapt. The specific compliance requirements may change on Monday, but the underlying challenges—safety testing, content provenance, talent acquisition, responsible deployment—remain.
If you're navigating AI compliance and automation strategy during this transition, book an AI automation strategy call to discuss how n8n, MCP, and Claude can power your operations with built-in transparency and safety infrastructure that stays valuable regardless of regulatory shifts.
If you need a flagship website or immersive digital experience that integrates these AI capabilities with proper governance and documentation, start a custom website project. The intersection of AI agents and premium web experiences is where the most interesting compliance-forward work is happening right now.
Related reading:
- US Election 2024: Trump Wins — The AI Policy Whiplash Begins
- 2024: The Year of Multimodal + Agents + Reasoning + Open-Weights Catch-Up
- Anthropic and OpenAI Strike Safety MoUs with US AI Safety Institute
William Spurlock is an AI automation engineer and custom web designer building production AI systems and custom digital experiences for founders and enterprises. This post was written on January 17, 2025, three days before the Trump inauguration, based on research from the White House Archives and Congressional Research Service reports.
Related Posts
Anthropic Constitutional Classifiers Paper: Safety Research Continues
Anthropic's January 2025 Constitutional Classifiers paper introduces a new defense mechanism against universal jailbreaks, with thousands of hours of red teaming validation.
Trump EO 14179: Removing Barriers to American Leadership in AI — Biden's 2023 AI EO Rescinded
President Trump signed Executive Order 14179 today, rescinding Biden's 2023 AI EO and establishing a new policy focused on sustaining America's global AI dominance. Here's what builders need to know.
US Election 2024: Trump Wins — The AI Policy Whiplash Begins
Donald Trump wins the 2024 US presidential election. What happens to Biden's AI Executive Order, the US AI Safety Institute, and the future of AI regulation?
