Content Fans

White House unveils 90-day AI model review ahead of release

Serge Bulaev

Serge Bulaev

The White House may soon require AI companies to share their advanced models with government agencies up to 90 days before public release, according to reports. This review process seems to focus on proving model safety, reporting limitations, and protecting intellectual property. Companies might need to submit detailed reports about their models, including how they were tested for safety and what protections are in place. There appears to be ongoing concern about sharing proprietary information, and companies could use technical controls to protect secrets. The government may also request changes during the 90-day review, which suggests teams should be ready to quickly fix and retest their models before release.

White House unveils 90-day AI model review ahead of release

The White House has unveiled a 90-day AI model review process, requiring companies to share their most advanced models with the government prior to public release. This new compliance framework, detailed in a Reuters report, shifts pre-release safety checks from concept to a concrete plan for AI developers. The review builds on the voluntary National Policy Framework for Artificial Intelligence, as analyzed by Holland & Knight, establishing a new federal disclosure standard.

This directive creates a significant compliance workload, forcing AI companies to prove model safety, document limitations, and protect intellectual property under the emerging federal standard.

Key Statistics

What the federal briefings actually require

The White House's 90-day AI model review requires developers to submit detailed reports on their model's technical specifications and safety testing before public release. This pre-release disclosure aims to verify safety claims, document limitations, and ensure robust guardrails are in place under a national standard.

As described by Reuters, the draft process mandates a "model review information report" covering a model's technical and safety features. The AI Framework advocates for a unified national standard managed by existing regulators, not a new AI agency. Companies should therefore prepare for sector-specific submissions while monitoring for final guidance from bodies like the FCC or FTC. Key submission components are expected to include:

  • Model Card: A detailed document outlining the model's purpose, architecture, and training data size.
  • Red-Team Synopsis: A summary of adversarial testing results, including failure counts against established risk thresholds.
  • Guardrail Disclosure: An explanation of built-in safety measures and refusal training logic.
  • Post-Release Plan: A clear strategy for post-launch monitoring and defined triggers for model rollback.

Building a submission ready file set

Industry best practices, such as guidance from Evidently AI and the European Code of Practice, frame safety testing as a continuous, life-cycle exercise. To comply, AI firms should compile a submission-ready file set that includes comprehensive evaluations. A practical set of artifacts for the U.S. review would likely contain:

  1. Threat Model & Risk Inventory: A complete assessment of potential harms and vulnerabilities.
  2. Red-Team Test Results: A matrix of adversarial tests with clear pass/fail data.
  3. Mitigation & Retesting Log: Evidence of identified risks, the steps taken to mitigate them, and re-testing verification.
  4. Data Provenance Register: A log detailing the origin of all training data (public, licensed, and proprietary).
  5. Incident Response Plan: A runbook that connects monitoring alerts to specific rollback procedures.

To address confidentiality concerns, experts recommend packaging these artifacts into a single, encrypted bundle.

Managing confidentiality and IP tension

A central challenge of the review is the tension between transparency for safety and confidentiality for intellectual property. While the framework takes what Holland & Knight calls an incremental copyright approach, the proposed Foundation Model Transparency Act could expose trade secrets. To mitigate this risk during pre-release reviews, companies can implement several controls:

  • Partial Data Disclosure: Use hash-based fingerprints to demonstrate data provenance instead of sharing raw datasets.
  • Information Segregation: Separate detailed internal red-team notes from the high-level summary provided to regulators.
  • Secure Compute Enclaves: Utilize secure cloud environments for on-site audits, ensuring model weights and source data never leave company control.

Post-review remediation window

The government can request model updates during the 90-day review period, making a rapid remediation cycle essential. According to Reuters, teams must be prepared for a "fix and retest" cadence, integrating engineering sprints and automated testing directly into the review window. This emphasis suggests that operational readiness, not just documentation, is key to ensuring an on-time launch.

What exactly is the White House planning to review 90 days before an AI model is released?

The plan requires AI developers to share advanced models with federal agencies via a "model review information report" up to 90 days before public launch. As reported by Reuters, this report must detail both technical and safety features. The process is currently semi-voluntary, based on the non-binding National Policy Framework for Artificial Intelligence, pending final rules.

Which documents and tests should be completed before submitting a model for review?

To prepare for submission, current industry playbooks recommend compiling several key assets. A comprehensive and auditable package can significantly reduce post-review remediation time. Essential documentation includes:
- Model Card: Detailing intended use, limitations, and known failure modes.
- Red-Team Plan: Outlining adversarial testing scenarios and rollback triggers.
- Safety Threshold Report: Comparing observed failures against pre-defined risk limits.
- Data Traceability File: Documenting training data provenance and versioning.
- Human-in-the-Loop (HITL) Protocol: Defining procedures for high-risk system actions.

How can IP or sensitive training data be protected during a government review?

Protecting intellectual property during a safety review is a primary concern, as transparency can conflict with confidentiality. Two primary strategies are emerging to manage this risk:
1. Statutory Protections: The proposed AI Foundation Model Transparency Act includes provisions for marking submissions as trade secrets, limiting their disclosure.
2. Secure Enclaves: Using third-party secure environments allows government reviewers to audit models without accessing or downloading proprietary data or weights.

Furthermore, the framework favors litigation over mandatory licensing for IP disputes, underscoring the need for meticulous documentation of data and model ownership.

What happens after the 90-day window closes?

After the 90-day window, a model can launch unless the reviewing agency flags a "material safety concern." If concerns are raised, the company enters a remediation track, typically lasting 30-45 days. Having pre-tested rollback scripts can dramatically shorten this remediation period. While no formal "stop-launch" orders have been issued under the voluntary framework, these reviews are already impacting insurance and enterprise contracts.

How can smaller model builders turn compliance into a competitive edge?

Since the review process is voluntary, smaller builders can gain a competitive advantage through proactive compliance. Startups with pre-certified safety packages have demonstrated faster funding rounds and more enterprise interest. Open-source templates and checklists enable smaller teams to produce enterprise-grade documentation at a fraction of the cost, leveling the playing field.