Audience: Frontier AI developers subject to GAAIA audit requirements, compliance teams preparing for IVO engagements, organizations considering becoming licensed IVOs, and legal teams assessing state preemption implications.
Discussion draft released June 4, 2026. Not yet law. Bipartisan bill by Representatives Jay Obernolte (R-CA) and Lori Trahan (D-MA). 269 pages. This guide maps current draft provisions to SWT3 infrastructure. Requirements may change before formal introduction and passage. SWT3 is not an IVO. SWT3 is the evidence infrastructure that IVOs would use to perform audits.
1. What the GAAIA Requires
The Great American AI Act creates a federal framework for frontier AI oversight centered on three pillars:
CAISI (Center for AI Safety and Innovation)
A new center within the Department of Commerce responsible for developing best practices and standards for AI security, evaluating AI systems, and monitoring AI progress. CAISI licenses and oversees Independent Verification Organizations (IVOs) that perform mandatory audits of frontier AI developers.
Independent Verification Organizations (IVOs)
Private firms licensed by CAISI to conduct semi-annual compliance audits of frontier AI model developers. IVOs verify that developers' risk-mitigation practices meet standards for cybersecurity, biosecurity, CBRN uplift, and loss-of-control scenarios. IVOs submit findings directly to CAISI and can refer violations to the Attorney General.
Frontier AI Developer Obligations
- Maintain a documented "frontier AI framework" covering governance policies, risk monitoring, and mitigation
- Retain a licensed IVO for semi-annual audits and assessments
- Grant IVOs access to "unredacted materials, records, personnel, systems, and all other information reasonably necessary"
- Disclose model information to CAISI
- Protect whistleblowers who report violations
- Comply with ad hoc assessment requests from the CAISI Director
2. IVO Audit Requirements
Sections 111 and 112 of the GAAIA define what IVOs must assess. The audits are semi-annual (every six months) with ad hoc assessments at the CAISI Director's request.
| Assessment Area | GAAIA Section | What the IVO Must Verify |
|---|---|---|
| Frontier AI Framework | Sec 111 | Adequacy of governance policies, risk monitoring practices, and mitigation of detected risks for achieving acceptable levels of catastrophic risk mitigation |
| Cybersecurity | Sec 112 | Security controls protecting model weights, training data, and inference infrastructure from unauthorized access, exfiltration, or manipulation |
| Biosecurity / CBRN | Sec 112 | Evaluation of whether the model provides meaningful uplift for creating chemical, biological, radiological, or nuclear threats |
| Loss of Control | Sec 112 | Assessment of whether the model could act autonomously in ways that circumvent human oversight or resist correction |
| Post-Audit Reports | Sec 111 | IVOs provide the CAISI Director with post-audit reports documenting findings, evidence reviewed, and recommended actions |
| Whistleblower Protection | Sec 113 | Developers must not retaliate against employees who report potential violations to CAISI, IVOs, or law enforcement |
3. Evidence Mapping to SWT3
SWT3 is not an IVO. It is the evidence infrastructure that IVOs would use to conduct audits. The following table maps GAAIA audit requirements to the SWT3 evidence that satisfies each requirement.
| GAAIA Requirement | SWT3 Evidence | Procedures |
|---|---|---|
| Semi-annual audits | Read-only auditor portal with finding register, peer review panel, assessment reports, and CSV/JSON export. Every finding carries an SWT3 anchor. Audit trail logs every assessor action. | Auditor Portal |
| Risk monitoring | Continuous guardrail evaluation with per-inference verdicts. Policy violation recording with forensic context. Drift detection across model versions. | AI-GRD.1, AI-GRD.2, AI-GRD.3, AI-DRIFT.1 |
| Cybersecurity assessment | Infrastructure control scanning (225 controls), STIG benchmark validation, CVE/POA&M tracking, Merkle-sealed daily rollups for tamper evidence. | AI-SEC.1, AI-CYBER.1, Merkle Rollups |
| CBRN / biosecurity eval | Safety guardrail attestation with configurable severity thresholds. Clearing levels strip sensitive content before evidence crosses boundaries. Gatekeeper mode blocks inferences that fail policy checks. | AI-SAFE.1, AI-GRD.2, Clearing Levels |
| Loss of control | Human-in-the-loop attestation for autonomous decisions. Agent identity binding (every agent has a verifiable ID). Tool permission verification before execution. Chain witnessing reconstructs full decision lineage. | AI-HITL.1, AI-HITL.2, AI-ID.1, AI-TOOL.2, AI-CHAIN.1 |
| IVO access to materials | Auditor portal provides full ledger visibility with zero write permissions. Separate auth, separate session. IVOs re-derive every anchor independently. No vendor access required for verification. | Auditor Portal, axiom verify |
| Post-audit reports | Assessment report generator produces conformity reports, compliance certificates, and corrective action plans. Every report is anchored with its own SWT3 witness anchor. | Assessment Reports |
| Whistleblower protection | Append-only cryptographic ledger. Once a verdict is witnessed, it cannot be retroactively altered or deleted. Evidence of governance failures is immutable. | Witness Ledger, Merkle Rollups |
The GAAIA requires IVOs to verify "the adequacy of the developer's frontier AI framework." SWT3 does not evaluate adequacy. It provides the cryptographic evidence that an IVO uses to make that determination. The IVO brings professional judgment. SWT3 brings verifiable evidence. The combination satisfies the audit requirement.
4. State Preemption Impact
Title I of the GAAIA preempts state laws "specifically regulating the development of" any AI model for three years (unless reauthorized). "Development" is broadly defined as "acts performed or directed by a developer prior to its deployment."
What This Means for Compliance Teams
- Consolidation: Instead of tracking Colorado SB 26-189, Illinois SB 315, Texas TRAIGA, NYC LL 144, and Connecticut SB 2 separately, frontier AI developers would face one federal standard.
- Single evidence standard: One set of IVO audit evidence satisfies the federal requirement. State-specific evidence packages become unnecessary for covered activities.
- Deployment not preempted: State laws regulating AI deployment (as opposed to development) remain in effect. Organizations still need deployment-side compliance evidence.
- Three-year sunset: Preemption expires unless reauthorized. Organizations should maintain state-level compliance capability as a contingency.
SWT3's framework crosswalk engine maps procedures to 26 regulatory frameworks simultaneously. If preemption lapses, the same evidence base satisfies both federal and state requirements without rebuilding.
5. SWT3 as IVO Infrastructure
How IVOs Would Use SWT3
An IVO licensed by CAISI needs three things to conduct a semi-annual audit:
- Access to evidence: SWT3's auditor portal provides read-only access to the full witness ledger, including every inference, every tool call, every guardrail evaluation, and every policy violation.
- Ability to verify independently: Every SWT3 witness anchor can be verified using only the anchor string. SHA-256 runs locally. No API keys, no vendor access, no trust assumptions.
- Structured reporting: The assessment report generator produces conformity reports, finding registers, corrective action plans, and compliance certificates -- all anchored with their own SWT3 witness anchors for integrity.
The IVO visits the clearing house, validates the evidence, logs findings, generates the report, and submits to CAISI. The developer's obligation is to run the SDK and maintain the witness infrastructure. The IVO's obligation is to evaluate the evidence and render professional judgment.
What SWT3 Provides vs. What the IVO Provides
| SWT3 (Evidence Infrastructure) | IVO (Professional Judgment) |
|---|---|
| Cryptographic witness anchors for every inference | Determination of whether risk mitigation is "adequate" |
| Tamper-evident audit trail (Merkle-sealed) | Assessment of cybersecurity posture against CAISI standards |
| Multi-agent chain reconstruction | Evaluation of loss-of-control scenarios |
| Guardrail violation forensics | CBRN uplift risk assessment |
| Framework crosswalk (26 regulatory frameworks) | Post-audit report with findings and recommendations |
| Independent verification (SHA-256, no vendor trust) | CAISI-licensed authority to certify compliance |
6. Penalty Exposure
$1,000,000 per day for developers that fail to comply with audit requirements (Sections 111, 112) or make material misrepresentations to IVOs or CAISI. Violations can be referred to the Attorney General or, under certain circumstances, by state Attorneys General.
Mandatory referral for imminent catastrophic risk. IVOs must refer to law enforcement any findings involving imminent risk of catastrophic harm.
The penalty structure creates a strong incentive for verifiable compliance evidence. A developer who can demonstrate continuous governance through cryptographic witness anchors has a materially different risk profile than one who relies on periodic manual documentation.
The GAAIA does not specify how developers must demonstrate compliance. It specifies what IVOs must assess. A developer that runs SWT3 continuously generates a real-time evidence stream that an IVO can audit at any point. A developer that produces quarterly compliance documents generates a snapshot that may not reflect current practice. The evidence-based approach is stronger for both the developer (continuous proof) and the IVO (auditable at any time).
7. Implementation Path
For frontier AI developers preparing for GAAIA compliance:
- Install the SDK and begin witnessing inferences, tool calls, and guardrail evaluations. Every interaction generates a witness anchor automatically.
- Configure guardrail policies in
.swt3.yamlto match your internal risk management framework. Policy violations are recorded with full forensic context. - Enable chain witnessing for multi-agent systems. Every agent handoff, tool call, and sub-agent delegation is linked by
cycle_id. - Generate an auditor portal token and provide it to your IVO when the audit engagement begins. The IVO gets read-only access to your full evidence stream.
When GAAIA passes and CAISI begins licensing IVOs, organizations running SWT3 will already have a continuous evidence stream ready for audit. The first semi-annual IVO assessment becomes an evidence review, not an evidence-gathering exercise.
References
- Unpacking the Great American AI Act (TechPolicy.Press)
- Great American AI Act Analysis (DLA Piper)
- GAAIA vs. State Laws Comparison (Future of Privacy Forum)
- GAAIA Federal Governance Framework (FedScoop)
- SWT3 Protocol Specification
- UCT Registry (full procedure catalog)
- Framework Crosswalks (machine-readable)