By Sameena Safdar, CEO, Amplify Your Voice
When the Women’s Bar Association of the District of Columbia hosted “AI Policy 2025: A Year in Review” as part of its AI Advantage series, a major AI executive order from the Trump Administration was expected at any moment, with draft versions circulating that took very different approaches to federal preemption of state AI laws.
That uncertainty turned out to be the perfect frame for the evening.
Moderator Eleni Kyriakides (Co‑Chair, WBA Law & Technology Forum) led a discussion with Natalie Roisman (Georgetown Institute for Technology Law and Policy), Christabel Randolph (Center for AI and Digital Policy), Jennifer Daskal (Venable LLP), and Laura Juanes Micas (Global Privacy and Policy Consulting).
The core message: AI policy is still in motion, and lawyers need to advise in that moving landscape, not wait for it to settle.
There Is No History Yet
Natalie opened by questioning whether a “year in review” even makes sense right now. From her vantage point at a law school, even constitutional and administrative law is changing mid‑semester.
“There is no history. We could talk about things that happened three, six, nine, twelve months ago, and they could already be stale.”
Her point: AI policy is being made in real time, and what matters for lawyers is learning to navigate that flux.
Federal Preemption vs. State Action
A central topic was the possible federal preemption of state AI laws, including proposals aimed at limiting state rules sometimes labeled “woke AI laws” because they address bias in areas like employment or housing.
Natalie highlighted two things for lawyers to watch:
- Form – the current discussion is about preemption by executive order, not statute, directing agencies how to act, and potentially tying certain federal funds to state choices.
- Trade-offs – a national baseline can reduce complexity and compliance costs, but broad preemption can weaken stronger state protections and shift power toward large companies.
Christabel added that CAIDP and several bipartisan state groups have opposed proposals that would simply wipe out state AI laws without putting a clear federal framework in their place: “You preempt with something; you don’t create with nothing.”
She also pushed back on the claim that we face “1,000 state AI laws.” That figure counts bills introduced, not laws enacted, and many of the laws that do pass are about funding, councils, or sandboxes rather than heavy obligations on companies. When she looks only at measures that regulate company behavior, the set is “very narrow.” Some argue that the right way to regulate AI is through existing areas of law — workforce, housing, consumer protection. “It doesn’t have to be binary,” stressed Natalie.
For practitioners, that means AI‑enabled activity will continue to be evaluated under familiar regimes — employment, housing, consumer protection, civil rights — even as new AI‑specific rules emerge.
California’s SB 53
To make state experimentation more concrete, the panel highlighted California’s SB 53, the Transparency in Frontier Artificial Intelligence Act.
Natalie explained that SB 53 followed an earlier, more aggressive bill Governor Gavin Newsom vetoed. After broader consultation, SB 53 emerged as a narrower, frontier‑focused law that:
- requires large model developers to publish annual risk‑mitigation frameworks;
- file transparency and incident reports about capabilities, limitations, and critical safety events; and
- adds whistleblower protections and a public compute cluster for research.
Provisions like a full “kill switch,” stricter pre‑training requirements, and steep penalties were dropped. Natalie didn’t present SB 53 as perfect, but urged attendees to view it against the reality of a gridlocked Congress and the unlikelihood of similarly detailed federal legislation in the near term.
Global Patchwork and the AI Chip “Sea Change”
Christabel and Laura pulled back to outline the global picture for attendees.
Christabel described the EU Artificial Intelligence Act as in force but heavily dependent on implementing guidance and codes of practice — on who counts as a “developer” vs. “deployer,” what transparency means in practice, and how to handle models that pose “systemic risk.” EU working groups, she noted, are trying to balance precision with flexibility as technology evolves.
Laura added the competitiveness lens, sharing that Mario Draghi’s report (“The Future of European competitiveness,”) and subsequent “omnibus” proposals to adjust both GDPR and AI rules, reflect anxiety that regulatory complexity could slow AI deployment. With high‑risk obligations due to kick in around 2026, she predicted “suspense” for both big providers and startups deciding whether to invest, pivot, or look to other markets.
Beyond Europe, Laura briefly mapped other regulatory approaches:
- Latin America’s broadly human‑rights‑based AI frameworks, often layered on top of existing data‑protection laws.
- Asia’s promotion‑first models in countries like South Korea, Japan, and Singapore.
- The African Union’s emerging framework, which emphasizes infrastructure and data sovereignty and is designed to prevent a repeat of corporations’ historically extractive approach.
The result is a global patchwork of overlapping regimes, not a single, harmonized model.
Christabel and Jennifer also flagged a major U.S. development with geopolitical ramifications: the decision to sell H200 AI chips to China, which Jennifer described as a “sea change.” The United States’ competitive edge has rested heavily on access to cutting‑edge computing power; narrowing that gap, she argued, has long‑term implications for national security and economic competitiveness, and shows how AI policy now spans export control, geopolitics, and industrial strategy — not just domestic regulation.
AI, Cybersecurity, and Practical Takeaways
To connect these high‑level developments to day‑to‑day risk, the panel turned to cybersecurity, citing Anthropic’s disclosure of an AI‑driven cyberattack.
Jennifer described AI as an accelerator of both cyber offense and defense:
“AI is transforming cybersecurity… democratizing cyber‑offense — making it easier to generate and test malicious code at scale, phish for personal data, and engage in automated attacks — but also transforming the defense and providing another tool in the ongoing race between attackers and defenders.”
Her most concrete advice to organizations was to stay aware of the massive vulnerability vendors pose, noting that an estimated 70% of attacks are initiated through vendors. She recommended that entities ensure they are both mandating and checking their vendors’ cybersecurity practices.
In the Q&A, she emphasized that existing civil‑rights and disparate‑impact laws still apply in an AI context. AI may complicate questions of intent, causation, and who the “actor” is, but it does not sit outside the law; as AI becomes embedded in more activities, all of our legal structures will inevitably touch it.
Looking Ahead: Predictions for 2026
Looking toward 2026, the panel predicted a growing emphasis on AI literacy and closing the digital divide, with continued rapid deployment of AI tools and impact on the legal business model. They also highlighted international initiatives, including the Council of Europe’s AI treaty that countries are signing onto, and argued that the perceived trade‑off between regulation and competitiveness is often a “binary false choice.” Finally, they warned against Europe’s current focus on frontier models while neglecting everyday AI uses where many real‑world impacts occur.
For lawyers, the message from “AI Policy 2025: A Year in Review” was not to wait for perfect clarity. It was to lead through motion: understand how AI fits within existing legal frameworks, track emerging rules at federal, state, and international levels, and help build practical guardrails for how AI is developed and used today.