From Incident to Institution: the Presidential Memorandum NSPM-11 and the Permanent Architecture of Sovereign Override
What a contract dispute predicted in March, a presidential memorandum made structural in June.
In March 2026, a single contract dispute exposed a fault line in the relationship between the United States government and the AI laboratories it depends on. Anthropic had declared safety boundaries it would not cross for Pentagon use. The Department of Defense (redesignated by this administration as the Department of War) insisted those boundaries did not apply once the technology entered defense operations. When Anthropic declined to remove them, the company was designated a supply chain risk and the dispute moved into federal court [1][2]. This series treated that episode as structural evidence, not as commentary on either party’s conduct: a private actor declared a boundary, a sovereign actor with operational dependence on that actor contested it, and no multilateral body, professional standard, or industry norm functioned as a binding constraint [3].
Three months later, the constraint that was missing in March has been built. Not as doctrine. As procedure, with named agencies and enforcement deadlines.
On June 2, President Trump signed an executive order titled “Promoting Advanced Artificial Intelligence Innovation and Security,” establishing a voluntary framework under which developers of “covered frontier models” may engage the federal government to determine a model’s security classification and provide early access, up to thirty days, before release to other parties the government designates as trusted [4]. An earlier draft set that window at ninety days; the final text cut it to thirty, the clearest visible trace of an internal negotiation between a national security faction and an anti-regulation faction inside the same administration [5]. The order explicitly disclaims any mandatory licensing or preclearance requirement. It is voluntary in the narrow legal sense and silent on a question that matters more: the criteria by which government selects which partners receive early access. None are specified [6].
Three days later, on June 5, President Trump issued a more consequential document: National Security Presidential Memorandum 11 (NSPM-11), titled “Artificial Intelligence in the National Security Enterprise.” It rescinds the prior administration’s framework for AI in defense and intelligence and replaces it with one organized around four pillars it calls Adoption, Adaptation, Assurance, and Accountability [7]. Read past the pillars, one clause carries the weight of the whole document. Under Assurance, the memorandum directs that no commercial entity, “through contractual clauses or other means,” may retain the capacity to prevent the government’s use of an AI system, disable it, or materially modify it once fielded, without federal knowledge and approval [8]. Under Accountability, agencies are directed, to the maximum extent the law permits, to terminate contracts, for default or for convenience, with companies that have repeatedly limited how the government may use their technology [9]. This is not incidental drafting. The clause answers, on the government’s terms, the exact question the March dispute left open: who controls a fielded system. Reviewing the memorandum days after its signing, Vinh Nguyen, a Council on Foreign Relations (CFR) senior fellow and the NSA’s former chief responsible AI officer, wrote that the no-disablement demand cannot be read apart from the standoff between the Department of Defense and Anthropic, the conflict that began when the firm refused to drop its limits on lethal autonomous use and domestic surveillance [10].
This is the sequence that matters, and it runs in the opposite direction from how it will likely be told. Anthropic did not cause this memorandum. The memorandum formalizes a structural position the government already held and that the Anthropic dispute happened to make visible first. What was, in March, a negotiated boundary defended through litigation has become, in June, a standing contractual right the government holds over every supplier in the national security enterprise, regardless of whether that supplier has ever been in a dispute with anyone. The shift in the relationship is not from one outcome to another. It is from negotiation to architecture. Developer and government no longer meet as two parties with competing claims. The government now specifies, as a condition of participation, what a supplier may not withhold.
This is Sovereign Override at the moment it stops being an event and becomes Governance Architecture, the structure that determines control going forward rather than the record of a single contest over it. What matters more than the override itself is what the memorandum secures first. The memorandum secures the government’s right to compel continued access and prevent withdrawal now, with no waiting period attached to that clause. It defers the construction of standardized verification methodology, the testing and validation framework referenced under Assurance, to a hundred and twenty days out, and even then only where the classification process allows [11]. Independent technical access to evaluate whether a fielded system behaves as represented remains, on the timeline this document sets, undefined. The two conditions this series has identified as prerequisites for enforcement to be real rather than performative, verification capacity and independent access, are not what the state secured first. Control over the supplier was secured first. Control over the system was scheduled for later, in a classified annex whose contents are not public [12].
An architecture like this rarely stays domestic once it exists. It becomes a reference model, the template other governments reach for once they face the same dependency on capability they did not build, in alliance procurement and future security cooperation arrangements. Only at that point does the question extend beyond the United States itself.
None of this is visible from outside the compute core, and that absence is itself consistent with a pattern this series has traced in a different register before [13]. A jurisdiction that imports AI capability rather than building it has no equivalent instrument: no contractual right to compel continued access, no standing to terminate a vendor relationship for default, no seat in the design of what counts as a trusted partner. The June 2 order’s silence on selection criteria is not a policy omission waiting to be corrected in the next revision. It is the structural condition non-producing jurisdictions will operate inside if the trusted partner framework extends, as it plausibly will, beyond the United States’ own borders. The question for those jurisdictions is not whether they support or oppose this architecture. It is whether they will ever hold a basis to be considered a partner inside it, or remain permanently governed by an architecture they neither designed nor participated in shaping.
Signals to Watch
- Whether the contract termination and non-disablement clauses in NSPM-11 are invoked against a supplier with no prior public dispute, demonstrating the mechanism functions independently of the Anthropic case that preceded it.
- Whether comparable contractual control provisions appear in the AI procurement frameworks of Five Eyes partners or NATO members over the following twelve months, indicating the architecture is replicating rather than remaining a unilateral US instrument.
- Whether public disputes between frontier developers and the US government over use restrictions become rarer in the period following NSPM-11’s implementation, not because the underlying tension has resolved, but because it is now settled contractually before deployment rather than litigated after it.
Sources & Notes
[1] Reuters. “Anthropic sues to block Pentagon blacklisting over AI use restrictions.” March 9, 2026. reuters.com
[2] Reuters. “Trump administration defends Anthropic blacklisting in US court.” March 18, 2026. reuters.com
[3] Khodjaev, O. “The Sovereignty Question.” Beyond Control: Theory of Limits of AI Governance, Essay 9. April 2026. okhodjaev.com
[4] The White House. “Promoting Advanced Artificial Intelligence Innovation and Security.” Executive Order, June 2, 2026. whitehouse.gov
[5] Morrison Foerster. “Trump Issues Executive Order Seeking to Promote Collaboration with AI Developers to Combat Emerging Cyber Threats.” June 2026. mofo.com
[6] A&O Shearman. “Trump Administration Issues Executive Order on AI and Cybersecurity.” June 2026. aoshearman.com
[7] The White House. “National Security Presidential Memorandum/NSPM-11.” June 5, 2026. whitehouse.gov
[8] The White House. “Fact Sheet: President Donald J. Trump Signs Historic Directive on AI in the National Security Enterprise.” June 5, 2026. whitehouse.gov
[9] Benton Institute for Broadband & Society. “President Trump Signs Directive Reshaping How the Military and Intelligence Community Use AI.” June 2026. benton.org
[10] Nguyen, V. and Horowitz, M. “What Trump’s National Security AI Memo Gets Right, and Leaves Unresolved.” Council on Foreign Relations, June 9, 2026. cfr.org
[11] Government Contracts Legal Forum (Crowell & Moring). “National Security Memorandum Aims to Accelerate Deployment of AI and Streamline Procurement.” June 2026. governmentcontractslegalforum.com
[12] Benton Institute for Broadband & Society, ibid.
[13] Khodjaev, O. “The Pattern Closes.” Beyond Control: Theory of Limits of AI Governance, Essay 6. March 2026. okhodjaev.com
Oybek Khodjaev — over 35 years of experience in banking, finance, public administration, and business in Uzbekistan and the CIS. Author of the essay series “Beyond Control: Theory of Limits of AI Governance.” okhodjaev.com
The author advises public institutions and financial organisations on AI governance, verification frameworks, and institutional readiness.