In late 2025, the White House moved to pull U.S. AI policy back to the federal level, just as a wave of state AI laws took effect on January 1, 2026. For anyone building or buying AIoT systems in critical infrastructure, telecoms, or smart cities, that shift is more than politics—it reshapes where compliance risk lives and who actually writes the rules. ?
A national AI policy with teeth
On December 11, 2025, President Trump signed the “Ensuring a National Policy Framework for Artificial Intelligence” Executive Order, aiming to establish a “minimally burdensome” national standard for AI. The order directs the Department of Commerce to evaluate state AI laws and flag those that “obstruct, hinder, or otherwise contravene” federal AI policy, explicitly including laws that require AI models to alter truthful outputs or compel certain disclosures in ways the administration views as unconstitutional. It also instructs the Department of Justice to form an AI Litigation Task Force to challenge “onerous” state AI laws and advance federal preemption through the courts.
The EO backs this with funding leverage. Commerce must condition certain broadband and technology grants—particularly remaining BEAD funds—on states avoiding AI laws deemed inconsistent with national policy, and agencies are told to consider conditioning discretionary grants on states refraining from enforcing conflicting AI rules. The Federal Trade Commission is further tasked with issuing a policy statement clarifying when state laws that force deceptive changes to AI outputs are preempted by federal law under unfair and deceptive practices authority. Together, those moves signal a push to centralize AI policy and limit a patchwork of state regulations just as AIoT deployments scale across U.S. networks and infrastructure. ?
A collision with new state AI laws
This federal move lands in the middle of a surge of state-level AI regulation taking effect in 2026. California’s Transparency in Frontier Artificial Intelligence Act, its Generative AI Training Data Transparency Act, and the AI Content Transparency Act all became effective January 1, 2026, imposing disclosure, watermarking, and safety requirements on large AI developers and platforms. Texas’s Responsible Artificial Intelligence Governance Act and other state laws covering hiring, healthcare, and online services similarly regulate AI deployment, often emphasizing transparency, safety protocols, and protections for minors and workers. National coverage has highlighted that AI joins privacy, repair, and content moderation as a major focus of new state tech laws in 2026.
Legal and policy analyses point out that the new executive order is designed to collide with these state laws. The EO’s evaluation process is required to identify “burdensome” state laws and refer them to the AI Litigation Task Force, while the funding conditions and potential FCC AI reporting standard are intended to discourage states from enforcing rules that conflict with federal policy. Commentators note that this creates a period of heightened uncertainty in 2026, where companies must comply with state laws now in force but also prepare for possible preemption challenges and evolving federal standards.
What this means for AIoT and critical infrastructure
For AIoT, the stakes are particularly high because many deployments sit at the intersection of connectivity, infrastructure, and high-risk AI. The EO explicitly connects AI policy to broadband and network deployments by warning that a fragmented landscape of state AI rules could undermine BEAD’s mission of universal high-speed connectivity and the growth of AI applications relying on those networks. That linkage suggests that connected infrastructure projects—smart grids, smart city systems, industrial networks—will be an early focus of federal efforts to align AI regulation with national connectivity and competitiveness goals. ?
At the same time, enterprises operating in the U.S. face layered obligations. Global compliance guides emphasize that from 2026 onward, the EU AI Act’s core requirements for high-risk AI—governance, documentation, risk management, and human oversight—become fully enforceable, with penalties potentially reaching up to 7 percent of global revenue. Companies deploying AIoT systems in Europe must inventory and classify AI systems, implement governance structures, and maintain detailed technical and organizational safeguards. U.S. regulatory summaries similarly urge businesses to conduct AI use assessments, document models and data flows, and build continuous monitoring and oversight, anticipating both state rules and evolving federal standards.
Practical guidance for AIoT vendors and integrators
Against this backdrop, AIoT vendors and integrators selling into federal, state, and critical-infrastructure markets need to treat regulatory design as part of system architecture, not just as a legal afterthought. Regulatory updates for 2026 recommend that enterprises inventory all AI systems, classify them by risk, and map each to applicable frameworks such as the EU AI Act, state AI laws, and emerging national standards. For AIoT platforms, that means identifying which models and agents influence physical operations, safety, or rights, and ensuring those components come with robust documentation, human-in-the-loop controls, and audit trails.
Strategically, the new U.S. EO creates both risk and opportunity. Legal analyses stress that the near term will be defined by a fluid interplay between state enforcement and federal preemption efforts, requiring adaptive compliance programs and close monitoring of litigation. Vendors that can demonstrate “compliance-by-design”—for example, by aligning their AIoT offerings with EU-style governance, documenting decision logic, and providing tooling for logging, overrides, and human oversight—will be better positioned regardless of how the federal-state fight plays out. In effect, the safest path for AIoT players is to engineer for the strictest plausible regime and then take advantage of any regulatory easing, rather than betting on minimalism in a year when AI regulation is finally acquiring real enforcement power.
Edited by
Erik Linask
