Congress Delays Federal AI Agent Regulation Amid Competing Bills
Serge Bulaev
Congress is still debating how to regulate AI agents, and two main draft bills offer different ideas but have not moved forward yet. There is no agreement on which agency should enforce the rules or how much power the federal government should take from the states, making progress slow. In the meantime, states like Colorado, California, and New York have made their own rules, and companies may need to follow both state and voluntary federal guidance. Experts suggest that the lack of clear federal rules might cause many AI projects to be canceled by 2027. It is not clear when or if any federal law will be passed, so businesses must manage a mix of state laws and voluntary standards for now.

Congressional delay on federal AI agent regulation leaves the U.S. without a unified legal framework. With two competing bills stalled, businesses must navigate a complex and fragmented landscape of state-level rules, creating significant compliance challenges and operational risks.
Two Draft Bills Define the Federal Debate
Two primary discussion drafts are shaping the debate. The Senate's AI AGENT Act focuses on creating a registry for trusted agents, while the House's Great American AI Act proposes third-party audits and a temporary preemption on state laws, though neither has advanced to a formal vote.
The Senate's AI AGENT Act proposes an FTC-managed registry for "trusted, secure AI agents," guarantees nondiscriminatory platform access, and directs NIST to develop open technical standards. This Warner discussion draft is still in a public comment period with no committee action scheduled. Meanwhile, the House's Great American AI Act calls for third-party audits of frontier models and proposes preemption on state AI development laws. Industry reports suggest this preemption would not cover post-deployment conduct, leaving a significant area open to state enforcement.
Why Drafts Are Stalled
Progress on federal legislation is stalled by three key disagreements. First, lawmakers have not reached a consensus on which agency, the FTC or another body, should have primary enforcement authority over autonomous agents. Second, intense lobbying continues over federal preemption; industry groups advocate for a single national standard, while civil society organizations fear it would weaken state-level consumer protections. Finally, Congress is still determining how new AI statutes would align with existing sector-specific laws and evolving White House policy frameworks.
Fragmented Rules Leave Enterprises in a Patchwork
In the absence of federal action, binding AI regulations are emerging from the states. Colorado's AI Act mandates public disclosures for high-risk, customer-facing AI systems. Similarly, California and New York have imposed new requirements for incident reporting and whistleblower protections on frontier model developers. NIST launched the AI Agent Standards Initiative on February 17, 2026. However, enforceable controls already exist via OMB Memoranda M-25-21 and M-25-22 (April 2025) which apply to many agentic AI deployments under the 'High-Impact AI' classification. This regulatory uncertainty has tangible consequences; industry reports suggest that due to governance gaps and unclear ROI, a significant portion of agentic AI projects are at risk of cancellation.
Key Provisions Under Consideration
Several major proposals from the draft bills are being debated:
- An FTC registry for "trusted" agents, enforcing transparency and privacy standards.
- A mandate requiring dominant online platforms to grant nondiscriminatory access to AI agents.
- Third-party audits for developers of frontier models, conducted by Independent Verification Organizations.
- Federal preemption on state laws governing AI development, but not its use.
- A directive for NIST to publish open protocols for agent identity and secure tool access.
Whether these provisions become law depends on congressional calendars and the ability of stakeholders to find common ground. Until a single federal rulebook is established, companies and their compliance teams must continue to navigate a complex regulatory map defined by a mix of state laws and voluntary federal standards.
What is the current status of federal AI agent regulation in Congress?
As of mid-2026, no comprehensive federal law specifically regulating AI agents has been enacted. Congress is currently weighing two competing frameworks that remain in early stages:
- The AI AGENT Act (Senator Mark Warner's discussion draft) - not formally introduced, seeking stakeholder feedback
- The Great American AI Act (bipartisan discussion draft) - also not yet formally introduced
This legislative limbo means binding obligations for private AI work currently sit primarily in state law rather than federal statute, creating a fragmented compliance landscape for organizations deploying autonomous systems.
Why are existing regulatory frameworks struggling to address AI agents?
The core challenge is a fundamental framework mismatch: most regulations were designed for static, decision-assisting AI, not for autonomous agents that execute multi-step actions independently.
Key gaps include:
| Challenge | Impact |
|---|---|
| Liability ambiguity | Unclear whether developers, deployers, or end users are responsible when agents cause harm |
| Jurisdictional gray zones | Agents can operate across borders instantaneously, potentially violating regulations where actions take effect |
| No centralized control | Organizations often deploy agents across teams without unified monitoring |
| Traceability gaps | Many large enterprises lack full visibility into AI agent identities, and a significant portion doubt they could detect or contain a compromised agent |
Industry surveys reveal these identity and authorization gaps are operationally acute, with conventional cybersecurity approaches failing to translate cleanly to autonomous deployments.
What specific provisions would the AI AGENT Act establish?
Senator Warner's discussion draft proposes creating a secure marketplace for consumer AI agents through several mechanisms:
- FTC registry of "trusted, secure AI agents"
- Guaranteed secure access to large online platforms without discrimination
- Privacy protection, transparency requirements, and clear authorization signaling to third-party sites
- NIST-directed technical standards for open protocols enabling AI agent accessibility
However, with no formal introduction or committee markup scheduled, these provisions remain prospective rather than imminent.
How are industry and civil society responding to the regulatory uncertainty?
Rather than responding to a single federal proposal, stakeholders are navigating a decentralized system of voluntary standards and binding state laws:
Industry Response:
- Participating in NIST's "technical convenings" to shape emerging standards
- Implementing impact assessments and public disclosures to comply with emerging state laws
- Supporting federal preemption to reduce multi-state compliance burdens
Civil Society Response:
- Advocating for mandatory adoption of voluntary frameworks to close security vulnerabilities
- Opposing preemption of state consumer protection laws
- Pushing for enforceable mandates rather than guidance-based approaches
The dominant industry sentiment characterizes the landscape as "messier" - with executive orders, state legislatures, and lack of uniform federal framework pulling in different directions.
What risks do organizations face while awaiting federal standards?
The governance gap creates substantial operational exposure:
- Industry reports suggest a significant portion of agentic AI projects may be cancelled due to poor governance, ethical failures, or inability to prove ROI
- Organizations face heavy fines and operational shutdowns under existing regulations like the EU AI Act, which was negotiated before the agentic AI explosion
Until federal standards emerge, enterprises must navigate state-by-state compliance while managing risks that existing frameworks were not designed to address - including action hallucination, where agents execute steps that seem logical but prove ineffective or catastrophic.