AI Policy Weekly — Issue #2: Congress tightens chip-equipment controls, EU pushes back AI Act deadlines, and FTC enforcement of deepfake law begins

This week

Congress moved the MATCH Act through committee — targeting the tools to make chips, not the chips themselves. The EU bought 16 extra months on high-risk AI compliance while adding two new prohibitions. The FTC flipped its Take It Down Act enforcement switch on May 19. And the federal vs. state AI legislation standoff added a new front as Connecticut passed one of the most detailed AI safety laws in the country.

Export controls: Congress tightens the equipment layer

The Multilateral Alignment of Technology Controls on Hardware (MATCH) Act cleared the House Foreign Affairs Committee on April 22 and is now advancing to a full House vote 1. The bill's approach differs from the chip-level controls already in place: it targets the equipment used to manufacture advanced semiconductors, on the theory that lithography machines are harder to reroute than finished chips.

The bill designates SMIC, Huawei, Hua Hong, CXMT, and YMTC as "covered facilities" and would prohibit exports to them of the deep-ultraviolet (DUV) immersion lithography equipment that ASML still legally sells to China. A service ban provision would also prevent allied companies from maintaining already-installed machines — meaning existing Chinese fab capacity would degrade over time rather than receive performance upkeep.

The most diplomatically charged element is a 150-day alignment window for Japan and the Netherlands. Both countries must expand their own export rules to match Washington's, or face unilateral US enforcement via an expanded Foreign Direct Product Rule applied to any company using American technology in its supply chain. Japan imposed controls on 23 equipment categories in 2023; the Netherlands has restricted ASML's EUV and some DUV exports since 2024. Neither has gone as far as the MATCH Act would require 2.

The bill is bipartisan and, per reporting, faces no serious internal opposition — making it one of the more tractable China-policy bills on the Hill 1. Beijing hit back on May 14, the morning Trump arrived in Beijing for his summit with Xi Jinping, with the foreign ministry calling it "malicious blocking and suppression." The timing was deliberate: China used the summit eve to put the cost of passage on record before negotiations began.

The financial stakes are already visible. ASML has guided that China revenue will fall to roughly 20% of its total in 2026, from 33% in the prior year. Applied Materials has projected up to $710 million in lost China revenue this fiscal year; Lam Research expects China to fall below 30% of revenue, down from 43% in Q1 1.

What changed: MATCH Act cleared committee; China issued a formal government-level objection timed to the summit.

Why it matters: The bill would close the gap that lets China buy and service DUV lithography tools even as finished-chip exports are restricted. If enacted, it would degrade Chinese fab capacity indirectly, without requiring new restrictions on chip sales themselves.

What to watch: Whether the White House signals support or opposition. The MATCH Act diverges from the executive branch's January decision to relax H200 and AMD MI325X review standards. Congressional pressure and White House chip-sales loosening are now pointing in opposite directions.

Export controls: What Trump-Xi did — and did not — do on chips

The Trump-Xi Beijing summit (May 14–15) did not produce any chip export control agreements. USTR Jamieson Greer said explicitly after the meeting that chip export controls were not discussed in the bilateral 3.

Nvidia CEO Jensen Huang joined Trump's delegation (added after initially being excluded), but the H200 situation heading into the summit illustrates how little was resolved. The White House approved H200 export licenses for roughly 10 Chinese firms, yet as of summit week no deliveries had been made — China declined to purchase, preferring domestic development over dependence on US technology 3. The licenses exist; the demand does not.

The net result: the summit left the underlying tension unchanged. The executive branch controls on finished chips remain at their January relaxed posture. The legislative track via the MATCH Act continues on its own timetable regardless of what was said in Beijing.

EU: AI Act high-risk deadline extended 16 months, new prohibitions added

On May 7, the European Parliament and the Council of the EU reached a provisional agreement on the Digital Omnibus — a package of targeted amendments to the EU AI Act 4.

The timeline changes

Obligation	Original deadline	New deadline
Stand-alone high-risk AI (Annex III)	August 2, 2026	December 2, 2027
Product-safety-component high-risk AI	August 2, 2026	August 2, 2028
AI-generated content watermarking	August 2, 2026	December 2, 2026
GPAI and transparency rules	August 2, 2026	August 2, 2026 (unchanged)

The reasoning given for the high-risk delays is that technical standards and conformity assessment tools have not been finalized, making compliance structurally impossible on the original schedule 4.

The new prohibitions

Two new outright bans were added:

AI systems that generate child sexual abuse material (CSAM)
AI systems that generate non-consensual intimate imagery (nudification) of identifiable persons — covering images, video, and audio

Both carry a compliance deadline of December 2, 2026. They join the AI Act's existing list of eight unconditional prohibitions, for which no compliance pathway exists; violations can trigger fines of €35 million or 7% of worldwide annual revenue 5.

Simplifications

The agreement also resolves overlap between the AI Act and sector-specific legislation. Products covered by EU medical device, toy, elevator, or machinery regulations now follow those sector rules rather than being subject to parallel AI Act obligations. The definition of "safety component" was narrowed to exclude AI that only assists users or optimizes performance where failure causes no health or safety risk 4.

What changed: Political agreement reached; August 2026 compliance deadline for high-risk AI effectively moved 16 months forward for most organizations. GPAI and transparency obligations are unaffected.

Why it matters: Organizations that have structured AI governance programs around the August 2, 2026 deadline now have more runway on high-risk compliance — but watermarking still hits December 2026, and GPAI obligations remain unchanged. Compliance teams that have been tracking only the high-risk track may have overlooked the fact that the August date still applies to GPAI.

What to watch: Formal adoption by Parliament and Council, expected before August 2, 2026. Without formal adoption, the provisional agreement's timeline changes have no legal force.

Platform security: FTC begins enforcing Take It Down Act

The FTC activated enforcement of the Take It Down Act's core provisions on May 19, 2026 — one year after President Trump signed the law 6.

The law requires covered platforms — websites, apps, social media, video and audio sharing services, and gaming platforms — to remove non-consensual intimate imagery (real or AI-generated) within 48 hours of a victim report. Platforms must maintain an accessible reporting channel that does not require an account to use.

The maximum civil penalty is $53,088 per violation. Stored copies of the same prohibited content each count as separate violations, meaning a single piece of content left on a large platform can generate compounding fines quickly 6.

The structural question around enforcement is whether the FTC has the operational capacity to police content moderation at scale. The agency sent compliance letters to more than a dozen tech companies before the enforcement date, but experts have raised concerns about the gap between the law's ambitions and the FTC's prior experience with content-level enforcement. Civil liberties advocates have also flagged an over-removal risk: the $53,088-per-violation penalty structure creates incentives for platforms to auto-remove essentially anything reported, which bad-faith actors could use to suppress legitimate content.

What changed: Enforcement is now active as of May 19, 2026.

Why it matters: The Take It Down Act is the first federal law requiring platforms to act on deepfake NCII within a specified timeframe. The first enforcement actions will establish the agency's interpretation of what counts as a covered service and whether the 48-hour clock begins at report submission or at internal escalation.

What to watch: The first FTC action under the statute, which will set the deterrence baseline. The agency's resource allocation choices — whether it targets large platforms first or responds to individual victim complaints — will shape how the law actually functions.

Federal AI legislation: still no deal, but Connecticut moves

The Obernolte-Trahan House bill remains stalled on the same fault line reported last week: whether federal AI developer vetting should be mandatory or voluntary 7. New details from Politico indicate the bill would specifically target preemption of state AI safety laws — California's and New York's in particular — that require frontier AI developers to disclose safety and security risk assessments before model release. State laws regulating uses of AI rather than development are not expected to be preempted.

The 2-year sunset clause, under which states could resume AI regulation after two years, remains on the table 7. Massachusetts legislators have formally warned Trahan not to participate in preemption talks; a coalition petition campaign launched this week. Trahan has not withdrawn.

While the federal track continues to move slowly, state legislatures have not waited. Connecticut passed SB 5 on May 1 — one of the most structurally complete AI safety frameworks at the state level to date 8. Governor Lamont is expected to sign. The law covers four categories:

Frontier developers (training runs above 10^26 FLOPs): required to implement employee whistleblower protections and reporting channels for public health and safety risks
AI companion operators: required to implement suicide/self-harm detection protocols, prohibit the AI from claiming to be human, and apply stricter protections for users under 18
Synthetic content developers: separate obligations around AI-generated digital content
Automated employment decision tech: must give employees written notice when AI is used in hiring or employment decisions; human review rights

Elsewhere, Colorado's bipartisan AI bill — requiring consumer notice and human review access for consequential decisions — is heading to the governor's desk 9. Georgia Governor Kemp signed both an AI chatbot safety bill and an AI medical approval bill this week. Hawaii sent AI disclosure and deepfake bills to its governor 10. Illinois Senate Democrats introduced chatbot safety and data-privacy AI bills.

What changed: Connecticut passed the most detailed AI companion safety framework in the country. Preemption talks in Washington produced no agreement but continue.

Why it matters: Connecticut's law establishes concrete obligations for AI companion platforms that the Obernolte-Trahan federal bill has not reached. If Lamont signs it, Connecticut joins California and New York as states whose laws are explicitly in scope for federal preemption under the current draft.

What to watch: Whether the Obernolte-Trahan bill resolves the mandatory/voluntary question before the House recess. Each new state law enacted strengthens the industry's preemption argument and complicates the AI safety community's opposition.

Watch list

Carry-over items from Issue #1 with updated status:

White House AI EO (model vetting): Under deliberation. The same voluntary-vs.-mandatory divide that splits Obernolte and Trahan is reported inside the administration. No EO issued as of May 18.
Obernolte-Trahan bill: Mandatory/voluntary impasse continues; no floor timeline announced.
Supermicro Liaw prosecution: No new filings this week.
FTC Take It Down Act: Enforcement began May 19; first action has not been announced.
BIS FY2027 budget ($450M / 1,077 positions): Appropriations process ongoing; no committee markup scheduled.