On June 2, the White House signed an executive order titled “Promoting Advanced Artificial Intelligence Innovation and Security.” The framing in the title tells you most of what you need to know about the balance it strikes: innovation first, security second, and the security that does appear is built on a foundation of voluntary participation.
The order establishes a voluntary pre-release government cybersecurity review framework for frontier models — the largest, most capable AI systems — and creates an AI cybersecurity clearinghouse for sharing vulnerability information. On its own terms, those are reasonable mechanisms. But the architecture of the order, and especially what it leaves out, deserves a harder look from anyone who cares about privacy and data rights.
What “voluntary” has meant historically
The single most important word in the order is “voluntary.” A voluntary pre-release review means a frontier AI developer may submit its model to government cybersecurity examination before release — and may decline to. No company is obligated to participate, and there is no consequence specified for choosing not to.
We have seen this pattern before. The history of U.S. technology governance is largely a history of voluntary frameworks that the industry embraces precisely because they forestall binding ones. Voluntary privacy principles, voluntary AI safety commitments, voluntary codes of conduct — each has served as a pressure-release valve, allowing companies to demonstrate “responsibility” while retaining full discretion over what they actually do. When a framework is voluntary, the companies most willing to cut corners are exactly the ones who opt out, and the framework cannot reach them.
A voluntary security review will likely attract the well-resourced, reputation-conscious labs that were already investing in security. The actors who pose the greatest risk — those racing to ship, those with the weakest internal controls — face no requirement to show up. The order thus formalizes a review process whose participation is inversely correlated with the need for it.
The silence on training data
For a privacy publication, the more revealing feature of the order is what it does not address. It is framed around cybersecurity — protecting models from being compromised, sharing vulnerability information. It is not framed around the data the models are built from.
This matters because the central privacy problem of frontier AI is not primarily that models can be hacked. It is that they were trained on enormous quantities of personal data scraped without consent — the exact concern that human-rights organizations have called the industry’s foundational legal flaw. An executive order that addresses how to secure frontier models while saying nothing about whether the data used to train them was lawfully obtained is treating the symptom and ignoring the disease.
A genuine AI governance framework concerned with rights would address provenance: what data went in, whether the people it describes consented, whether they can have it removed, and whether sensitive categories — health, biometrics, children’s data — were swept up. The June 2 order does not engage these questions. By scoping “security” narrowly to cybersecurity, it quietly defines the data-rights dimension out of the conversation.
What a clearinghouse can and cannot do
The AI cybersecurity clearinghouse — a mechanism for sharing information about AI vulnerabilities — is the more substantive piece. Information-sharing structures can genuinely help, allowing defenders to learn about emerging attack techniques against AI systems faster than they otherwise would.
But a clearinghouse is an information conduit, not a constraint. It improves the collective ability to respond to problems; it does not impose obligations to prevent them. And like the review process, its value depends on participation. A vulnerability-sharing body that frontier developers can engage with at their discretion will reflect the priorities of those who choose to join.
The bigger picture
The contrast worth holding in mind is the one between this order and the enforcement actions filling the rest of the privacy landscape right now — California fining GM over data minimization, the FTC penalizing deceptive AI marketing, state legislatures passing binding frontier-model bills. Those are mandatory. They carry penalties. They change behavior because non-compliance costs something.
A voluntary federal framework sits at the opposite end of that spectrum. It signals concern without creating obligation. For companies, it offers a way to demonstrate engagement on favorable terms. For the public, it offers the appearance of oversight without the substance of accountability.
The order is not nothing — pre-release security review and vulnerability sharing are real tools. But the framing reveals the priority. “Innovation” leads the title; the security that follows is optional; and the privacy of the people whose data trained these systems does not appear at all. In AI governance, what is left voluntary is what is left unprotected.
