States sue OpenAI as federal AI oversight remains fragmented

Federal AI policy leaves enforcement to states

The United States lacks coherent AI oversight, forcing individual states to pursue their own enforcement actions against major AI companies. Florida recently became the first state to file suit against OpenAI, while New York has issued sweeping subpoenas demanding information about the company's practices — actions that underscore fundamental gaps in federal policy.

The divergence stems from limitations in the Trump administration's approach to AI regulation. A June 2 executive order encouraged voluntary preflight testing of AI systems, focusing primarily on cybersecurity risks. While the voluntary testing framework represents progress, it leaves companies free to ignore guidelines and fails to address broader categories of potential harm.

What Florida alleges

Florida's lawsuit, filed by a Republican attorney general, details specific concerns the federal order doesn't touch. The complaint alleges OpenAI released systems capable of generating harmful content, failed to adequately warn users about risks, and made misleading claims about safety measures. The suit also raises false advertising concerns about how the company represented its technology's capabilities and limitations.

These allegations point to foreseeable risks that existing federal guidance doesn't require companies to mitigate before deployment. The executive order's narrow focus on cybersecurity means AI firms can release products with other documented risks without federal intervention.

New York's broad investigation

New York, coordinating with multiple other states, has subpoenaed OpenAI for extensive information covering advertising practices, user engagement and retention, consumer and health data handling, activities involving minors and seniors, deep learning models, and company policies. The investigation's scope reflects state-level concern about issues federal policy hasn't systematically addressed.

Commerce Department creates industry uncertainty

A separate Commerce Department order on export controls has compounded policy confusion. The directive effectively shut down AI products Fable and Mythos, reportedly after Amazon demonstrated jailbreaking vulnerabilities. The move drew criticism across the political spectrum for appearing arbitrary and reactive rather than part of a comprehensive strategy.

The Commerce action targeted a jailbreaking issue common to essentially all large language model systems, not unique to the affected products. The abrupt enforcement created uncertainty about which AI capabilities might face sudden restrictions, potentially chilling innovation without clear risk-reduction benefits.

Why it matters

The fragmented regulatory landscape creates unpredictable conditions for AI development while leaving significant risks unaddressed. Voluntary federal guidelines prove insufficient when companies can opt out, yet reactive enforcement actions lack the consistency industry needs for planning. States filling the vacuum through lawsuits can only act after harms occur, not prevent them. Business leaders face conflicting requirements across jurisdictions without clear federal standards, while genuine safety concerns remain unmitigated by either approach.

What comprehensive oversight requires

Effective AI governance needs bipartisan support, technical expertise, and proactive rather than reactive measures. Policy must consider the full range of documented risks before systems reach mass deployment, not just cybersecurity threats. The current approach — combining weak voluntary federal guidance with state-by-state enforcement and sudden Commerce restrictions — satisfies none of these requirements.

These details were first reported by Gary Marcus on his Substack, Marcus on AI.