Open Letter to the White House on the National AI Framework

From Basil C. Puglisi, MPA
Human-AI Collaboration Strategist | basilpuglisi.com

March 21, 2026

To the Office of Science and Technology Policy, the National Economic Council, and the Members of the 119th Congress Receiving These Recommendations:

The White House Legislative Recommendations for Artificial Intelligence establish seven pillars that identify the right priorities: a single federal standard instead of fifty state regimes, reliance on existing agencies instead of a new regulator, and American competitiveness alongside protections for children, creators, communities, and national security. Executive Order 14179 and Executive Order 14365 set the direction, and this framework advances it.

This letter supports that direction, while raising a concern that matters to whether those goals can be achieved.

The Gap

The framework describes what Congress should protect, but it does not specify the technical infrastructure required to enforce those protections at the point where they matter most: the moment AI systems process American data and generate outputs that shape real decisions. That gap represents not a criticism of the framework’s goals, but a risk to achieving them.

Every pillar in the framework shares an underlying requirement that the recommendations do not address: verifiable evidence that AI platforms enforce policy at the point of inference. Child safety protections require evidence that AI platforms handle minor data according to policy. Intellectual property protections require audit-grade records of what AI systems did with creator content. Censorship prevention requires technical checks against single-provider dominance. National security readiness requires tamper-evident records of AI system behavior. Federal preemption of state laws requires a federal standard that is enforceable in practice, not just declarative in law.

None of these protections can be verified, audited, or enforced without technical infrastructure that carries policy into the point of AI execution; that infrastructure is not specified in current federal law or in these recommendations. The aspirations are correct, but the enforcement layer is missing.

The gap is not abstract; it carries immediate consequences. When a federal agency sends regulated data to an AI platform for processing, that data enters an environment the agency cannot inspect, cannot audit at the moment of inference, and cannot verify against any technical standard. Contractual promises govern what should happen, but no federal standard currently requires a uniform, customer-verifiable mechanism to prove what actually occurred at the moment of processing. This is true for healthcare data under HIPAA, student records under FERPA, financial data under Gramm-Leach-Bliley, and any sensitive government information processed through commercial AI services. The country should not treat this gap as permanent when the technology to close it already exists.

Every pillar of the framework depends on enforcement at this layer. Without it, child safety rules have no verification mechanism at the point where AI processes minor data. IP protections have no audit trail at the point where AI processes creator content. Censorship prevention has no structural check at the point where a single provider’s alignment choices shape outputs. The seven pillars are policy commitments that require infrastructure to become operational realities.

The Concentration and Bias Risk in Single-Provider AI

The enforcement gap is compounded by a structural risk: single-provider AI deployments are poorly positioned to detect systemic bias, and policy language alone cannot fix that without infrastructure.

Published research establishes that AI systems trained predominantly on Western digital content often reflect Western-leaning cultural defaults in their outputs. WEIRD populations (Western, Educated, Industrialized, Rich, Democratic), representing approximately 12% of the global population, produce the vast majority of psychological research and conceptual frameworks used to describe human behavior.^[4] In 2023, researchers at Harvard extended this finding directly into AI alignment, showing that Large Language Model responses correlate inversely with cultural distance from WEIRD populations.^[5] A 2024 study published in PNAS Nexus independently confirmed the pattern across five consecutive GPT releases tested against the World Values Survey across 107 countries.^[6]

The automation bias literature compounds this risk. Systematic review has documented that humans defer to machine recommendations under volume pressure.^[7] The European Data Protection Supervisor formally recognized this dynamic in its 2025 report on human oversight of automated decision-making.^[9] Subsequent research found that AI explanations do not reliably reduce automation bias and in some contexts increase it.^[8]

These are not competing concerns but compounding ones. AI systems carry cultural defaults that no single provider can independently validate against external model diversity. Humans working with those systems defer to the outputs under volume pressure. And no current federal standard requires any mechanism to surface the resulting blind spots before they shape policy, intelligence, or military decisions.

Single-provider AI workflows lack an independent cross-provider comparison mechanism for detecting these biases, especially when platforms are trained on overlapping data sources and shaped by similar institutional defaults. Those biases can become harder to see when similar systems reproduce them in the same direction. Without multi-provider infrastructure, the diagnostic signal that would reveal divergence never appears. The bias remains invisible not because it is subtle, but because every system in the workflow shares it.

This risk has a competitive dimension. Major powers including China operate from different institutional and cultural priors, which may shape AI systems in ways that expose different blind spots in American deployments. If American AI governance relies on single-provider workflows that carry WEIRD-correlated defaults without detection, policy and intelligence outputs risk developing vulnerabilities that adversaries operating from different cultural foundations could identify and exploit. The country should not accept that risk when the alternative is buildable.

The framework’s own priorities make this case. Pillar IV seeks to prevent censorship and protect free speech. A single-provider deployment where one company’s alignment choices shape all outputs is the structural condition most likely to produce the censorship the framework opposes. Pillar V seeks American AI dominance. Dominance built on infrastructure that carries undetected cultural blind spots is dominance with a structural vulnerability at its core. Pillar VII seeks federal preemption to replace fragmented state approaches. A federal standard without enforcement infrastructure is a preemption that displaces state action without replacing it with anything verifiable.

The gap is the risk. The concentration of cognitive infrastructure in a small number of providers, combined with undetectable bias and no enforcement layer, is the condition the framework should be designed to prevent.

A Starting Point: Evidence That Better Is Achievable

The question is not whether enforcement infrastructure should exist, but whether it can be built. Published specifications and early governance practice suggest the approach is workable enough to evaluate. The AI Provider Plurality Congressional Package, submitted to members of the 119th Congress in February 2026 and published openly on GitHub and SSRN, outlines three infrastructure components as a starting point for federal development. These are offered for evaluation, not as the final word.

AI Provider Plurality proposes mandatory API accessibility for AI companies operating in the United States, federal investment in small AI platforms through existing SBIR and STTR mechanisms, and anti-concentration protections extending existing antitrust principles to AI infrastructure. Provider Plurality is not a requirement that every agency use every platform; it is a requirement that no single platform can lock the federal government out of multi-provider governance.

GOPEL (Governance Orchestrator Policy Enforcement Layer) is a published proof of concept for a non-cognitive governance agent that performs seven deterministic operations: dispatch, collect, route, log, pause, hash, and report. It sends identical prompts to multiple AI platforms, collects all responses without modification, delivers them to a human decision maker, and produces a cryptographic audit trail. By design, its non-cognitive architecture removes the semantic judgment layer that adversarial persuasion typically targets. GOPEL is not a regulator; it is infrastructure that existing agencies configure and existing policy governs. Phase 0 deployment at zero new appropriation can generate the baseline data that federal evaluation requires.

VAISA (Verified AI Inference Standards Act) is the only component that introduces a binding federal standard, focused narrowly on data protection at inference rather than AI development or deployment. When AI platforms process regulated sensitive data from external sources, VAISA requires customer-verifiable evidence that the data remained secure during processing. It proposes a four-profile classification system, directs NIST and HHS to publish a Verified Confidential Inference Standard, provides a safe harbor for compliant entities, and establishes a federal floor designed to leave decision-making authority with existing agencies rather than creating a new federal gatekeeper.

Together, Provider Plurality addresses market structure, GOPEL addresses governance process, and VAISA addresses confidential inference. These three layers cover the enforcement spectrum the framework requires to move from aspiration to operation.

What This Letter Asks

This letter does not present a finished solution. It presents evidence that better is achievable, and a starting point for building it.

First, recognize that the seven pillars require enforcement infrastructure and that the recommendations as written do not specify any. The gap between policy goals and enforcement capability is the risk.

Second, direct NIST and GSA to evaluate whether enforcement infrastructure of this kind is feasible and desirable. The published specifications at github.com/basilpuglisi/HAIA and on SSRN are offered as a starting point, not as the final word. If federal agencies can improve on these designs, the country benefits.

Third, demand more from the legislative process than policy without enforcement architecture. The framework identifies what America needs to protect. The missing question is how to make those protections verifiable at the point of AI execution, and the country should not settle for less.

Basil C. Puglisi, MPA
Human-AI Collaboration Strategist
basilpuglisi.com | github.com/basilpuglisi/HAIA

Written and prepared using the HAIA ecosystem and frameworks for Multi-AI Governance.

Notes

[1] AI Provider Plurality Congressional Package (Documents 1 through 5), February/March 2026. GitHub | SSRN Abstract ID 6195238.

[2] GOPEL Canonical Public v1.5 and Methods Addendum (Document 4), March 2026. basilpuglisi.com and GitHub.

[3] Verified AI Inference Standards Act (VAISA), March 2026. Document 5 of the Congressional Package.

[4] Henrich, J., Heine, S. J., & Norenzayan, A. (2010). The weirdest people in the world? Behavioral and Brain Sciences, 33(2-3), 61-83. PubMed.

[5] Atari, M., et al. (2023). Which humans? Research on AI-human value alignment across cultures. Harvard Faculty Working Paper, PsyArXiv preprint.

[6] Tao, Y., et al. (2024). Testing AI value alignment across cultures. PNAS Nexus.

[7] Goddard, K., Roudsari, A., & Wyatt, J. C. (2011). Automation bias: A systematic review. Journal of the American Medical Informatics Association. PMC.

[8] Banovic, N., et al. (2023). Effects of AI explanations on automation bias. Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (ACM).

[9] European Data Protection Supervisor (2025). TechDispatch #2/2025: Human Oversight of Automated Decision-Making. EDPS.

[10] Executive Order 14179: Removing Barriers to American Leadership in Artificial Intelligence. January 23, 2025.

[11] Executive Order 14365: Ensuring a National Policy Framework for Artificial Intelligence. December 11, 2025.

[12] White House Legislative Recommendations: A National Policy Framework for Artificial Intelligence, March 2026.

[13] Puglisi, B. C. (2025). Governing AI: When Capability Exceeds Control. ISBN 9798349677687.

Frequently Asked Questions

What enforcement gap exists in the White House National AI Framework?

The framework identifies seven policy pillars but specifies no technical infrastructure to enforce them at the point of AI inference. No federal standard currently requires a uniform, customer-verifiable mechanism to prove what AI platforms did with sensitive data during processing. Every pillar depends on verification mechanisms that do not yet exist in federal law.

What is WEIRD bias and why does it matter for AI governance?

WEIRD populations (Western, Educated, Industrialized, Rich, Democratic) represent 12% of humanity but produce the majority of AI training data and behavioral research frameworks. AI systems trained on this data often reflect Western-leaning defaults that single-provider deployments cannot independently detect because every platform trained on similar data shares the same blind spots.

What is GOPEL and how does it relate to the White House AI framework?

GOPEL (Governance Orchestrator Policy Enforcement Layer) is a published proof of concept for non-cognitive governance infrastructure that performs seven deterministic operations without evaluating content, producing a cryptographic audit trail for every operation. GOPEL is not a regulator; it is infrastructure that existing agencies configure and existing policy governs, consistent with the framework’s directive against creating new regulatory bodies.

What is VAISA and what does it regulate?

VAISA (Verified AI Inference Standards Act) introduces a narrow binding federal standard for data protection at inference only. It does not regulate AI development, training, or model architecture. When AI platforms process regulated sensitive data, VAISA requires customer-verifiable evidence that the data remained secure during processing, establishing a federal floor with state authority preserved above it.

What does AI Provider Plurality propose?

AI Provider Plurality proposes mandatory API accessibility, federal investment in small AI platforms through SBIR and STTR mechanisms, and anti-concentration protections for AI infrastructure. Provider Plurality is not a requirement that every agency use every platform; it prevents any single platform from locking the federal government out of multi-provider governance.

How does this open letter align with the Trump Administration’s AI priorities?

The letter supports the framework’s stated priorities: a single federal standard over fifty state regimes, reliance on existing agencies rather than new regulators, and American AI competitiveness. It frames enforcement infrastructure as the missing layer that makes those priorities achievable and positions all three components within existing agencies (NIST, GSA, HHS) rather than proposing new regulatory bodies.