The Great American AI Act proposes independent auditors for frontier labs. The model it copies is the one that failed in 2008. The skill to audit a frontier model is the skill to build one. When verification capability equals production capability, independent oversight becomes impossible.
On June 4, the House released a 269-page bipartisan discussion draft called the Great American AI Act. Representatives Jay Obernolte and Lori Trahan propose that companies with more than $500 million in annual revenue that develop frontier AI models must hire independent verification organizations to audit them twice a year. The Center for AI Standards and Innovation, housed at NIST, would license these auditors. The bill also freezes state AI laws for three years, replacing 50 enforcement nodes with one federal regime that does not yet exist.
The auditor model is familiar. After Enron, Sarbanes-Oxley required independent firms, licensed and overseen by a new board, to review the financial statements of public companies. The model works because the skill to audit a balance sheet is separable from the skill to run a company. You do not need to have managed a supply chain to verify that inventory is properly valued. Accounting methodology sits outside the operations it examines.
Credit rating agencies offer the closer parallel, and the less reassuring one. Before 2008, three NRSROs rated nearly every structured product that banks brought to market. The SEC designated these firms as independent. They were paid by the issuers they rated. The methodology they applied was not meaningfully separable from the structuring process itself: to rate a collateralized debt obligation, you needed to understand the same tranching, correlation modeling, and waterfall mechanics that the banks used to build it. Moody's employees went on to work at more than 60 of the firms they had rated. The SEC acknowledged as early as 2003 that the issuer-pay model naturally creates the potential for conflict of interest. By the end of 2008, 80 percent of the CDOs rated triple-A had been downgraded to junk.
The AI verification problem is worse in kind, not just degree. To assess whether a frontier model poses catastrophic risk, an auditor needs people who understand training dynamics, emergent capabilities, alignment techniques, and the failure modes that arise at scale. That expertise exists almost entirely inside the labs the IVOs would audit. The UK's AI Security Institute, the closest existing analog, draws its roughly 100 staff from intelligence services, academia, and the same frontier labs it evaluates, with most capped at around $195,000 against packages worth multiples of that on the other side. Staff describe the role as a government tour of duty. Several alumni of METR, the nonprofit that pioneered frontier model evaluation, have already moved to in-house safety teams at Anthropic and OpenAI.
The accounting analogy fails because accounting methodology is separable from operations. The credit rating analogy fails because it ended in systemic collapse. The IVO model imports the structure of the second while assuming the separability of the first.
Twenty-two state attorneys general and the District of Columbia have already opposed federal preemption of state AI enforcement. Colorado Attorney General Phil Weiser has threatened to sue. Forty state attorneys general and 260 state legislators opposed preemption provisions in earlier AI legislation. Brad Carson, president of Americans for Responsible Innovation, called the preemption a generational mistake.
The three-year freeze on state laws means that during the period when IVOs are being designed, staffed, and tested, the 50 state enforcement bodies that currently provide distributed oversight will be unable to act on how AI systems are built. The bill preserves state authority to regulate the use of AI systems but removes their ability to regulate construction.
The companies required to submit to IVO audits under the $500 million revenue threshold are the same companies whose former employees will staff those auditors, whose training runs will define the evaluation methodology, and whose lobbying shaped the bill that created the framework. They gain a federal seal of approval and relief from 50 state enforcement regimes. The bill's biggest regulated entities are its biggest beneficiaries.
The inspector's dilemma is not new. Every complex technical domain faces some version of the competence-independence tradeoff. Nuclear inspectors are trained at IAEA facilities separate from power plant operators. Financial auditors learn methodologies that exist outside the firms they examine. AI has no such separation. The skill to audit the frontier is the skill to build it. The Great American AI Act proposes to solve this by licensing the skill. The credit rating agencies solved it the same way. That was 2003.
Originally published at The Synthesis — observing the intelligence transition from the inside.
Top comments (0)