The United States government has secured voluntary agreements with three major technology firms—Google, Microsoft, and xAI—to subject their artificial intelligence models to pre-release security evaluations. The initiative, run by the US Department of Commerce through the Center for AI Standards and Innovation (CAISI), aims to identify risks related to cybersecurity, biosecurity, and chemical weapons before these systems reach the public.
CAISI Director Chris Fall stated that “independent, rigorous measurement science is essential to understanding frontier AI and its national security implications.” He added that the expanded industry collaborations help scale the center’s work “in the public interest at a critical moment.”
Scope and Implications for European Tech Policy
While the agreements are US-centric, they carry significant implications for Europe, where regulators are crafting the EU AI Act—the world’s first comprehensive legal framework for artificial intelligence. European policymakers in Brussels, Berlin, and Paris are watching closely as the US approach evolves, particularly given the continent’s reliance on American cloud infrastructure and AI models. Germany and the UK already lead Europe in data centre count, fueling AI growth, as noted in a recent European Pulse report.
The CAISI evaluations will cover “testing, collaborative research and best practice development related to commercial AI systems,” according to the agency’s statement. Microsoft confirmed that the assessments will help it stay ahead of risks such as AI-powered cyber attacks for its Copilot model.
This development marks a notable departure for President Donald Trump, who has long argued that excessive regulation could stifle innovation and hand an advantage to China. In March, Trump released his AI National Policy Framework, which explicitly stated that Congress would not create “any few federal rulemaking bodies to regulate AI,” instead relying on existing agencies and domain experts. The CAISI agreements appear to be a pragmatic compromise, allowing the administration to address security concerns without broad legislative action.
Renegotiated Agreements and European Parallels
CAISI has already conducted 40 evaluations of other models, including some “state-of-the-art models that remain unreleased,” though it did not specify which ones. Notably, OpenAI and Anthropic signed similar agreements in 2024 under former President Joe Biden. CAISI said those existing agreements had been “renegotiated,” but declined to elaborate on the changes.
Chris Lehane, chief global affairs officer at OpenAI, announced on LinkedIn that the company had provided the government with ChatGPT-5.5 ahead of its public release this week to support national security testing. He also mentioned a specialised version, GPT-5.5-Cyber, designed to strengthen cyber defence capabilities and available only to a limited group of first users.
For European readers, the contrast with the EU’s approach is instructive. While the US relies on voluntary industry cooperation, the EU AI Act imposes mandatory requirements on high-risk systems, including transparency obligations and human oversight. Some European tech leaders have warned that overly prescriptive rules could hamper innovation, while others see the US model as too lenient. The French government, for instance, recently moved its health data hub from Microsoft Azure to domestic cloud provider Scaleway, reflecting broader concerns about data sovereignty and reliance on US tech giants.
The agreements also come amid ongoing debates in Europe about the ethical use of AI in military contexts. Google employees previously protested the company’s Pentagon AI deal, citing “inhumane” military use, as covered by European Pulse. The CAISI evaluations, while focused on defensive security, may reignite similar discussions on the continent.
As the US and EU chart different regulatory paths, the CAISI programme represents a test case for how governments can engage with industry to manage frontier AI risks without stifling progress. European officials in the European Commission and national capitals will be assessing whether voluntary testing can complement or compete with their own legislative efforts.
