Within 48 hours this week, the US and EU each made a landmark move on frontier AI oversight.
On June 1, the EU activated a 60-member Scientific Panel to help assess systemic risks posed by General-Purpose AI (GPAI) models under the EU AI Act.
One day later, the US signed a new AI Executive Order that treats frontier AI models as a national security concern and introduces pre-release security reviews for advanced AI systems.
The timing is not coincidental.
Both initiatives reflect the same reality: frontier AI models have reached a point where they can no longer be assessed solely by the organizations that build them.
Independent technical evaluation is becoming a requirement for oversight. This shift reflects a broader move toward evidence-based AI governance, where governance requirements are mapped to measurable technical assessments.
This is where the US and EU agree. Everything else differs.
The two frameworks take fundamentally different approaches to who conducts evaluations, which risks matter most, how much transparency is required, and how results are used.
For organizations building, deploying, or regulating AI systems, these differences matter. They provide an early indication of how frontier AI governance is evolving, and what forms of evidence may soon become expected.
The EU: Building the Infrastructure for Systemic-Risk Assessments
The EU’s Scientific Panel brings together 60 independent experts tasked with advising the AI Office on GPAI model classification, systemic-risk assessments, and evaluation methodologies.
The panel can formally alert the AI Office to risks posed by specific models, request information from providers, and support cross-border market surveillance activities.
The approach is proactive. The EU AI Act established the governance structures for frontier AI models before a major incident forced action.
At its core, the EU model is designed to answer a governance question: How should systemic risks from the most capable AI systems be identified, measured, and managed?
The US: Treating Frontier AI as a National Security Issue
The new AI Executive Order approaches the same challenge through a different lens: national security.
Under the voluntary framework, developers can provide frontier AI models to the US government for security reviews before public release.
The rationale is explicit. Advanced AI capabilities may create risks significant enough to require government oversight and specialized evaluation infrastructure.
While the Executive Order does not identify specific models, its framing reflects concerns already emerging in practice. Frontier AI models have demonstrated capabilities that raise cybersecurity and offensive-use concerns, prompting developers to delay or restrict releases while additional safeguards are evaluated.
In many ways, the Executive Order is Washington’s response to a capability threshold that has already been crossed.
Where the US and EU Align
Despite their differences, both frameworks share one foundational assumption:
The most capable frontier AI models cannot be assessed solely by the organizations that build them.
That may sound obvious today. It was not a consensus position even a few months ago.
For much of the past decade, AI governance relied heavily on transparency commitments, policies, documentation, and provider-led assurances. Both the EU AI Act and the new AI Executive Order point toward a different future: one where independent technical evaluation becomes a central mechanism for understanding and managing AI risk.
The debate is how those evaluations should be conducted, by whom, and for what purpose.
Where the US and EU Diverge
Beyond that shared conclusion, the differences are substantial.
The EU arrived at this point proactively through the GPAI provisions of the EU AI Act and its systemic-risk framework.
The US arrived at a similar conclusion reactively, through growing concerns about the national security implications of frontier AI capabilities.
These differences are not merely procedural.
They shape what evidence gets generated, who can access it, and ultimately how trust in frontier AI systems is established.
Comparing the Two Approaches
The Emerging Consensus: AI Governance Needs Technical Evidence
The most important takeaway from both developments is not the differences between them. It is the convergence.
Both the EU and the US are moving toward a model of AI governance that depends on technical evidence rather than documentation alone.
Whether the objective is systemic-risk oversight under the EU AI Act or national-security reviews under the AI Executive Order, the direction is becoming increasingly clear: governance must be supported by evidence. This is the core principle behind technical AI governance: translating governance requirements into measurable controls and assessments.
What This Means for Enterprise AI Teams
Both frameworks focus on frontier AI models.
Most enterprises, however, face a more immediate challenge: they are already deploying AI copilots, agentic systems, customer-facing assistants, and decision-support applications into production environments today.
The risks associated with these systems (such as: security vulnerabilities, reliability failures, compliance issues, and performance degradation) already exist. Yet many organizations continue to rely primarily on policies, documentation, and vendor assurances when assessing those risks.
The developments in the US and EU make it evident that this approach is not sufficient for much longer. As regulatory expectations mature, organizations will increasingly need evidence that their AI systems are performing as intended and that risks are being actively measured and controlled.
The organizations best positioned for the next phase of AI governance will not be those with the most documentation. They will be those with the strongest evidence.
