The Great American AI Act: 269 Pages, $300 Million, and Not One Word About the AI Already Denying Your Job Application

Within hours of the bill's release, Public Citizen compiled a list of eight categories of documented, ongoing AI harms that the legislation does not touch: algorithmic discrimination in employment, housing discrimination, consumer fraud, youth mental health harms, AI companions targeting minors, deepfake exploitation, lending and insurance bias, and growing market concentration. Eight categories of harm that real Americans are experiencing right now, and the Great American AI Act, all 269 pages of it, addresses none of them.

On Thursday, Representatives Jay Obernolte (R-Calif.) and Lori Trahan (D-Mass.) released the discussion draft of what they are calling the first bipartisan, comprehensive federal AI framework, a sweeping proposal that creates an independent verification system for frontier models, funds a $300 million Center for AI Standards and Innovation at NIST, enhances criminal penalties for AI-enabled fraud, adds whistleblower protections, and requires employers to disclose AI-driven layoffs under an expanded WARN Act. The Information Technology Industry Council praised it immediately, which should tell you something about who the bill was designed to comfort.

What the Bill Actually Covers

The bill's four titles read like a carefully constructed perimeter around frontier AI development, and only frontier AI development. Title I establishes transparency requirements for companies with more than $500 million in annual AI revenue, mandates pre-deployment safety evaluations for models posing "catastrophic risk" (defined as cybersecurity, biosecurity, CBRN, and loss-of-control scenarios), and creates the CAISI office with $100 million per year for three years to conduct independent audits. Title II addresses workforce data collection, AI literacy programs, and WARN Act disclosures. Title III reauthorizes cybersecurity cooperation. Title IV funds international AI standards coalitions.

Competent work, all of it, and the catastrophic risk provisions borrow directly from California's SB-53, which the bill federalizes alongside New York's RAISE Act and Illinois' SB315. The whistleblower protections are genuine. The WARN Act expansion, which requires 60-day notice when AI displaces more than 50 workers at a single site, represents the most concrete worker protection in any federal AI proposal to date, a provision that would have mattered enormously to the 8,000 Meta employees laid off last month with no AI-specific disclosure requirement in place.

Read what is not there, though, and the architecture reveals itself.

The Gap Between What AI Might Do and What AI Is Doing

I cross-referenced the bill's 269 pages against the categories of AI harm that federal agencies have actually pursued enforcement actions on in the past two years, and the mismatch is staggering. The FTC's AI enforcement docket since 2024 is dominated by cases about deceptive practices, data misuse, and discriminatory algorithms in consumer-facing products: Rite Aid's facial recognition misidentifying shoppers by race, Rytr generating fake product reviews, resume screening tools that systematically filtered out women and older applicants before a human ever saw their names. The EEOC has issued guidance on AI hiring discrimination under Title VII. State attorneys general have opened investigations into biometric surveillance, including Texas versus Meta over AI glasses and a Kenya class-action over intimate smart glasses footage shared with contractors without consent.

Nearly all of these enforcement actions target deployment-side harms, which is to say the damage done by AI systems after they leave the lab and enter the lives of people who never consented to being sorted, scored, or surveilled by an algorithm. The bill governs the development side. The chasm between those two categories is the defining feature of this legislation.

The result is a federal AI framework that governs what frontier models might do someday while leaving the AI systems currently operating on 200 million Americans to a patchwork of state laws, common-law torts, and existing civil rights statutes that were written decades before algorithmic decision-making existed. A job applicant screened out by an AI hiring tool, a tenant denied housing by an algorithmic scoring system, a teenager targeted by an AI companion chatbot that learned exactly which emotional vulnerabilities to exploit: none of them gain a single new federal protection under this bill.

The bill's sponsors know this. The section-by-section summary explicitly states that Title I "preserves state authority over AI deployment and use." But preservation is not the same as protection, and here the bill performs its most consequential maneuver.

The Preemption Asymmetry

Section 108 preempts "any State or local law or regulation that targets artificial intelligence model development" for three years, and the official FAQ names specific casualties. California's AB 2013, which required training data transparency so the public could know what a model was trained on? Preempted. California's SB 942, which mandated AI content watermarking so people could tell what was real and what was generated? Partially preempted and replaced with voluntary NIST standards, the regulatory equivalent of asking the fox to design the henhouse lock.

The structural problem runs deeper than individual casualties. The line between "model development" and "model deployment" is not bright. It is a gradient, and the bill sits squarely on the blurry middle while claiming to have drawn a clean boundary that everyone can follow.

Training data transparency is a development decision, but the disclosure happens at deployment, so it is preempted. Watermarking is built during development but enforced at deployment, so it is partially preempted. Impact assessments like those required by Colorado's SB 205, effective June 30, trace back to development choices but trigger at the deployment stage, and the bill says those are preserved, though the boundary practically invites litigation from companies with enough lawyers to argue that any deployment obligation constitutes a de facto development regulation.

The scale of what is at stake makes the ambiguity dangerous. Brookings counts 260 AI-related bills introduced in state legislatures in the first half of 2025 alone, with 22 enacted into law, and according to Baker Botts' comprehensive legal analysis, penalties range from Colorado's $20,000 per violation to California's $1 million per violation under SB-53. The Great American AI Act strips state authority to regulate model development, creates no federal equivalent for deployment-side consumer harms, and then tells states they can keep regulating deployment while removing the development-stage tools (training data audits, pre-release testing mandates, watermarking requirements) that make deployment regulation enforceable. That is not a regulatory framework so much as a one-way valve: pressure relief for the companies building the models, continued exposure for the people living under them.

The Strongest Case For the Bill

The sponsors have a legitimate argument, and it deserves its full weight rather than the strawman treatment that policy criticism usually gets. A frontier model trained in San Francisco operates in all 50 states the moment it goes live, which means that fragmented state-by-state regulation of model development could genuinely create compliance burdens that slow innovation without improving safety: a developer would need to navigate potentially 50 different development standards, none of which carry the technical sophistication of NIST's evaluation capabilities, and the result would be regulatory arbitrage rather than regulatory protection. The three-year preemption sunset shows Congress is buying time to build federal capacity rather than permanently stripping state authority, and the cooperative federalism structure, under which state attorneys general retain enforcement power over the federal standard, means this is standardization with distributed enforcement rather than pure deregulation.

That argument is coherent and may even be correct on the narrow question of frontier model safety testing. It does not answer the core objection. The bill eliminates state development-stage authority and offers nothing federal in exchange for the harms it ignores. The preemption is immediate; the protection is theoretical; and the gap between the two is where 200 million Americans currently live.

The Math Nobody Ran

I attempted to quantify the coverage gap by comparing what the bill reaches against what it leaves untouched. The $300 million CAISI budget over three years will fund safety evaluations for frontier models meeting the $500 million revenue threshold, which currently means roughly five to eight companies worldwide: $100 million per year to audit perhaps a dozen models. The FTC's total annual enforcement budget, by contrast, is approximately $450 million, spread across every consumer protection issue in the country from AI discrimination to auto dealer fraud, and the agency has brought fewer than 20 AI-specific enforcement actions since 2020.

Now compare the scope of the deployment-side problem that the bill leaves to existing law. HireVue alone has processed over 45 million video interviews through its AI screening system as of 2024. The Consumer Financial Protection Bureau received more than 14,000 complaints about algorithmic lending decisions in 2025, and the National Fair Housing Alliance documented AI-powered tenant screening tools operating in at least 30 states. These systems are not frontier models; they are narrow, purpose-built algorithms, often running on commodity hardware, deployed by companies well below the $500 million revenue threshold, and they are completely invisible to this bill.

The practical result is federal AI governance that scrutinizes maybe 0.1% of the AI systems affecting American consumers while constraining the state-level activity trying to reach the other 99.9%. That ratio is the novel finding of this analysis. The exact percentages depend on how you count "AI systems," a definitional problem the bill punts to NIST, but the order of magnitude is robust across any reasonable estimate of the denominator.

What This Analysis Does Not Prove

This article does not establish bad faith on the sponsors' part, and it would be dishonest to imply otherwise. Obernolte and Trahan have both publicly stated the discussion draft is intended to gather feedback before formal introduction, and the legislative process may well add deployment-side protections before a final vote. The preemption clause's three-year sunset could prove meaningful if Congress uses the window to build complementary consumer protection legislation rather than letting the sunset expire into permanent preemption by legislative inertia, a pattern that has happened with every temporary tax provision in the last two decades but has not yet been tested on technology regulation.

The 0.1% coverage estimate is directional rather than precise, comparing the number of companies meeting the $500 million frontier developer threshold against the total number of companies deploying AI decision-making systems that affect consumers. The denominator is poorly defined because "AI system" has no consensus legal definition, and any reasonable estimate ranges from tens of thousands to hundreds of thousands of deployments, but the order of magnitude holds across that entire range even if the specific ratio shifts.

The bill's workforce provisions, including the WARN Act expansion, AI literacy programs, and labor market data collection, are genuine incremental improvements that this analysis should not be read as dismissing. They are good policy. They are simply not a substitute for the consumer protection framework the bill conspicuously omits.

The Bottom Line

If you are a state legislator drafting an AI bill, model Colorado's SB 205 approach: require impact assessments at the point of deployment rather than at the point of model development, and you stay outside the preemption zone. But draft with surgical care, because the development-deployment line is going to be litigated aggressively, and the companies that praised this bill within hours of its release employ legal teams whose job is to argue that every deployment obligation constitutes a de facto development regulation.

If you are a job applicant, tenant, or borrower who suspects algorithmic discrimination, your existing rights under Title VII, the Fair Housing Act, and the Equal Credit Opportunity Act still apply, and they are the enforcement mechanism this bill leaves standing. File complaints with the EEOC, HUD, and CFPB: these agencies are slow and underfunded, but they remain the only federal recourse for the harms this legislation chose not to address.

If you are a technologist working on AI safety, the CAISI funding is real and the independent verification organization structure could meaningfully improve frontier model oversight if staffed with genuine technical expertise rather than industry-captured auditors chosen by the companies they are supposed to scrutinize. The official FAQ says stakeholder feedback will shape the final text. Make them hear from people who are not selling the thing being regulated.

Related Stories

• The Government Pays Companies to Replace You. Then It Cuts the Program That Would Retrain You.
• AI Crossed From 'Helper' to 'Replacement' Last Quarter. Nobody Announced It.
• CAISI Signed Pre-Release Testing Agreements With Five AI Labs. Only One Has Open-Source Models.