Desiree Sainthrope is a distinguished legal expert specializing in the intersection of international trade, global compliance, and emerging technologies. With a career spent navigating the complexities of high-stakes legal frameworks, she has become a leading voice on how intellectual property and artificial intelligence are reshaped by legislative action. Her deep understanding of regulatory drafting allows her to dissect the strategic maneuvers of tech giants as they interface with government entities. In this discussion, we explore the shifting landscape of AI policy, the tactical use of state-level legislation to bypass federal gridlock, and the balancing act between corporate interests and public safety.
The conversation covers the strategic “co-opting” of state legislative processes by major tech firms, the emphasis on transparency over liability in current bills, and the technical implications of mandatory third-party audits. We also delve into the role of state governors as economic gatekeepers and how political divides between red and blue states influence the specific focus of AI regulations.
Large tech firms are increasingly focused on shaping state-level AI regulations rather than waiting for federal action. How does mirroring laws across New York, California, and Illinois create a de facto national standard, and what are the tactical advantages of this bottom-up approach to policy?
The strategy here is a masterclass in what we call “reverse federalism,” where the goal is to preempt a messy patchwork of 50 different rules by establishing a dominant template in the most influential markets. By securing nearly identical legislation in heavyweights like California, New York, and now potentially Illinois, companies like OpenAI effectively force a national standard because most developers won’t build different models for different states. Tactically, it is much easier to influence a state capital where lobbyists can have more direct access to legislative staff than in the gridlocked halls of Washington. This approach allows industry leaders to lock in a stable legal framework that they helped design, ensuring the rules of the road are predictable and manageable. It’s a proactive move that turns a potential regulatory threat into a protective moat around their existing business models.
Current AI frameworks often prioritize transparency and reporting over strict legal liability or massive financial penalties. Why is this specific balance preferred for emerging technologies, and how do you ensure these requirements provide genuine safety rather than just administrative hurdles?
The preference for transparency over liability is a deliberate choice to foster innovation while acknowledging the inherent unpredictability of advanced AI models. Industry leaders argue that imposing massive financial penalties for “catastrophic harms” early on could bankrupt startups and stifle the very research needed to solve safety issues. From a corporate perspective, reporting requirements are a “soft” form of regulation that satisfies the public’s need for oversight without the existential threat of a courtroom battle over every glitch. To ensure these aren’t just administrative hurdles, the reports must be substantive and verifiable, moving beyond mere checkboxes to actual disclosures of training data and risk assessments. If the transparency doesn’t lead to actionable data for regulators, it risks becoming a “paper shield” that protects companies from accountability while offering the illusion of safety.
The introduction of mandatory third-party audits in some states represents a shift from purely reactive reporting. What technical challenges do these audits present for developers, and how do they change the relationship between the private sector and state regulators?
Mandatory third-party audits, like those being discussed in the Illinois legislation, add a layer of technical complexity that many firms are still struggling to navigate. The primary challenge lies in the proprietary nature of these models; developers are often hesitant to hand over “the keys to the kingdom” to external auditors who might inadvertently leak trade secrets or intellectual property. Furthermore, there is currently no universal standard for what constitutes a “safe” AI audit, meaning developers and auditors are often building the plane while flying it. This shifts the relationship with state regulators from a distant, arms-length oversight to a more integrated, continuous dialogue where the state has a window into the inner workings of the technology. It moves the industry away from a “trust me” model toward a “show me” model, which is a significant cultural shift for Silicon Valley.
State governors often act as a final filter for AI legislation to protect local economic interests. How do these executive priorities reconcile the need for public safety with the fear of stifling innovation, and what specific compromises usually emerge from these high-stakes negotiations?
Governors like Gavin Newsom and Kathy Hochul are in an incredibly tight spot because they want to lead on safety while ensuring their states remain the global hubs of the AI economy. We saw this play out clearly in California, where a more restrictive bill was vetoed in favor of a framework that felt more “common sense” to the tech industry. The compromise that usually emerges is a watering down of enforcement mechanisms; for instance, removing the ability for individuals to sue or reducing the scale of financial penalties. These executives are sensitive to the “flight of capital,” fearing that if a law is too draconian, the next billion-dollar AI startup will simply set up shop in a more permissive jurisdiction. Consequently, the final versions of these bills often look more like collaborative guidelines than strict prohibitions, reflecting a “pro-innovation” stance that prioritizes economic growth.
Legislative priorities regarding AI safety appear to differ significantly between blue and red states. How might a focus on children’s online safety and upcoming executive orders from the White House redefine the regulatory landscape in conservative-led regions compared to the transparency-heavy laws in liberal states?
While blue states are leaning heavily into transparency and corporate reporting, red states are finding a different entry point through the lens of family values and child protection. You see this with figures like Senator Marsha Blackburn, who are bridging the gap between social media harms and AI risks by focusing on how these technologies impact children’s mental health. There is a strong possibility that conservative-led regions will skip the broad transparency rules and go straight to specific prohibitions or protections for minors. Additionally, many red states are waiting for a clear signal from the White House, perhaps in the form of a Trump administration executive order focusing on cybersecurity threats. If the federal government moves toward strict controls on model releases to prevent cyberattacks, red states will likely use that as a catalyst to pass their own security-focused legislation, creating a bifurcated regulatory map.
Using state-level success to pressure Congress is a strategy previously seen in data privacy debates. What are the specific milestones needed for this “reverse federalism” to succeed in Washington, and how do you prevent these laws from becoming industry-favored templates that lack enforcement power?
For this strategy to succeed in Washington, you need a “critical mass” of states—usually California, New York, and a major Midwestern or Southern state—to pass identical language, making the “patchwork” argument so loud that Congress feels forced to step in to create uniformity. The milestone is reached when the industry itself starts begging for a federal law because they want the “ceiling” of state laws to become the “floor” of a federal one. The danger, of course, is that these templates often lack “teeth,” such as the $1.7 million spent by various PACs to influence state races and ensure favorable language. To prevent these from becoming empty shells, advocates must push for independent enforcement agencies and clear definitions of liability that can’t be lobbied away. Without robust enforcement power, these laws are just expensive brochures for corporate responsibility.
What is your forecast for AI regulation?
I anticipate that over the next 24 months, we will see the “Illinois Model”—combining transparency with third-party audits—become the gold standard for blue states, while red states will pivot toward a “Safety and Security” model centered on child protection and national defense. We are entering an era of “enforcement by audit,” where the technical capacity of the auditors will matter more than the text of the laws themselves. However, the true test will come when the first major “catastrophic” incident occurs; if the current state-level framework fails to provide a mechanism for holding companies accountable, the public backlash will be swift and severe. Ultimately, the industry’s attempt to co-opt the regulatory process will either buy them the public trust they desperately need or it will be remembered as the moment they successfully delayed necessary oversight until it was too late.
