On April 3, the White House Office of Management and Budget (“OMB”) released two memoranda with AI guidance and requirements for federal agencies, Memorandum M-25-21 on Accelerating Federal Use of AI through Innovation, Governance, and Public Trust (“OMB AI Use Memo“) and Memorandum M-25-22 on Driving Efficient Acquisition of Artificial Intelligence in Government (“OMB AI Procurement Memo”).  According to the White House’s fact sheet, the OMB AI Use and AI Procurement Memos (collectively, the “new OMB AI Memos”), which rescind and replace OMB memos on AI use and procurement issued under President Biden’s Executive Order 14110 (“Biden OMB AI Memos”), shift U.S. AI policy to a “forward-leaning, pro-innovation, and pro-competition mindset” that will make agencies “more agile, cost-effective, and efficient.”  The new OMB AI Memos implement President Trump’s January 23 Executive Order 14179 on “Removing Barriers to American Leadership in Artificial Intelligence” (the “AI EO”), which directs the OMB to revise the Biden OMB AI Memos to make them consistent with the AI EO’s policy of “sustain[ing] and enhance[ing] America’s global AI dominance.” 

Overall, the new OMB AI Memos build on the frameworks established under President Trump’s 2020 Executive Order 13960 on “Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government” and the Biden OMB AI Memos.  This is consistent with the AI EO, which noted that the Administration would “revise” the Biden AI Memos “as necessary.”  At the same time, the new OMB AI Memos include some significant differences from the Biden OMB’s approach in the areas discussed below (as well as other areas).

  • Scope & Definitions.  The OMB AI Use Memo applies to “new and existing AI that is developed, used, or acquired by or on behalf of covered agencies,” with certain exclusions for the Intelligence Community and the Department of Defense.  The memo defines “AI” by reference to Section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019.  Like the Biden OMB AI Memos, the OMB AI Use Memo states that “no system should be considered too simple to qualify as covered AI due to a lack of technical complexity.”

    The OMB AI Procurement Memo applies to “AI systems or services that are acquired by or on behalf of covered agencies,” excluding the Intelligence Community, and includes “data systems, software, applications, tools, or utilities” that are “established primarily” for researching, developing, or implementing AI or where an “AI capability” is integrated into another process, operational activity, or technology system.  The memo excludes AI that is “embedded” in “common commercial products” that are widely available for commercial use and have “substantial non-AI purposes or functionalities,” along with AI “used incidentally by a contractor” during contract performance.  In other words, the policies are targeted at software that is primarily used for its AI capabilities, rather than on software that happens to incorporate AI.
  • Exemption for National Security Systems.  Like the Biden OMB AI Memos, the new OMB AI Memos exclude AI used, or acquired for use, “as a component of a National Security System,” as defined in 44 U.S.C. § 3552(b)(6).  However, the Biden Administration issued a AI National Security Memorandum (“AI NSM”) in 2024 to address the use of AI in national security systems, as required by the now-revoked Executive Order 14110 on the “Safe, Secure, and Trustworthy Development and Use of AI.”  By contrast, the new OMB AI Memos state that the use and acquisition of AI in national security systems will be governed by guidance issued by the Department of Defense.  While the Biden AI NSM itself has yet to be revoked, the Trump Administration is likely to revoke or significantly revise the AI NSM to align it with President Trump’s AI EO, as the AI NSM contains some of the same types of provisions that were altered in the OMB AI Memos.
  • Governance & Transparency Requirements.  The OMB AI Use Memo requires covered agencies, through their Chief AI Officers, to develop and publish “compliance plans” for achieving consistency with the memo; update internal IT, data, cybersecurity, and privacy policies; develop Generative AI policies with acceptable uses, safeguards, and oversight mechanisms; and update AI use case inventories on an annual basis.  The OMB AI Use Memo also establishes heightened “minimum risk management practices” for “high-impact AI use cases,” i.e., AI “with an output that serves as a principal basis for decisions or actions with legal, material, binding, or significant effect” on civil rights, civil liberties, privacy, access to critical life opportunities or government services, human health and safety, critical infrastructure or public safety, or strategic assets or resources.  Under the OMB AI Use Memo, covered agencies that deploy high-impact AI must (1) conduct pre-deployment testing and prepare risk mitigation plans, (2) complete pre-deployment AI impact assessments, (3) conduct ongoing monitoring, (4) ensure adequate training and oversight, (5) offer timely human review and opportunities to appeal for AI-enabled decisions, and (6) collect and incorporate feedback from end users and the public.

    By contrast, the Biden OMB AI Use Memo established minimum risk management practices for “rights-impacting” and “safety-impacting” AI and imposed additional minimum risk management practices for rights-impacting AI that are absent from the OMB AI Use Memo, including identifying and assessing “AI’s impact on equity and fairness,” mitigating algorithmic discrimination, and providing notice to negatively affected individuals, and providing mechanisms for opting out of AI-enabled decisions.  
  • “American-Made AI” Provisions.  Acknowledging that the AI EO “recognizes the importance of American AI development to promote human flourishing, economic competitiveness, and national security,” the OMB AI Procurement Memo states that “it is the policy of the United States to buy American and to maximize the use of AI products and services that are developed and produced in the United States.”  Similarly, the OMB AI Use Memo encourages covered agencies to “invest in the American AI marketplace” when pursuing AI acquisitions.  These concepts were not emphasized as strongly in the Biden OMB AI Memos, although domestic preferencing in federal procurement has received bipartisan support.
  • IP Rights & Use of Government Data.  Like the Biden OMB AI Memos, the new OMB AI  Memos place a strong emphasis on protections for IP rights and government data when procuring AI systems or services, including through required contractual terms.  However, the OMB AI Procurement Memo specifically requires covered agencies to review and update “agency processes” for the treatment of data ownership and IP rights in AI procurements, which should include (1) appropriately scoped licensing and IP rights, based on the intended use of AI, to avoid vendor lock-in (discussed below), (2) terms ensuring that “components necessary to operate and monitor the AI system or service” are available for the acquiring agency as long as necessary, (3) guidance to ensure that vendors collect and retain government data only when reasonably necessary under the contract, and (4) terms that permanently prohibit the use of non-public agency data in AI inputs, and resulting outputs, for training publicly or commercially available AI algorithms without agency consent.  The memo also calls on covered agencies to prioritize obtaining documentation from vendors that “facilitates transparency and explainability, and that ensures an adequate means of tracking performance and effectiveness for procured AI.”
  • Vendor Lock-In Provisions.  Like their predecessors, the new OMB AI Memos also require covered agencies to promote competition and prevent vendor lock-in when procuring AI.  The OMB AI Use Memo advises covered agencies to “adopt procurement practices that encourage competition to sustain a robust Federal AI marketplace,” including by “preferencing interoperable AI products and services.”  The OMB AI Procurement Memo requires covered agencies to consider vendor lock-in at various points across the “AI acquisition lifecycle.”  Specifically, covered agencies are encouraged to (1) consider vendor lock-in when assessing long-term cost-effectiveness during initial product demonstrations, (2) include provisions that reduce vendor lock-in risks, such as knowledge transfer, data and model portability, and licensing and pricing transparency requirements, in solicitations, (3) include terms to prevent vendor lock-in, such as the requirements above and terms that provide agencies with “rights to code and models produced in performance of a contract,” when selecting and awarding proposals, and (4) implementing terms relating to ongoing rights and access to data at the closeout of a contract to ensure that data can still be used by subsequent vendors.
  • Performance-Based Contracting, Market Research, and Commerciality.  The OMB AI Procurement Memo strongly encourages covered agencies to use performance-based techniques to identify requirements and contract terms.  The memo notes that using performance-based techniques will allow agencies to “understand and assess vendor claims about their proposed use of AI systems or services prior to the contract award, acquire AI capabilities that address their needs, and perform post-award monitoring.”  These performance-based techniques include encouraging: (1) statements of objectives and performance work statements, (2) quality assurance surveillance plans, and (3) contract incentives.  The memo purports that these techniques will help agencies ensure its needs are being met by defining metrics, with the goal of providing agencies with more flexibility to acquire AI systems or services, helping agencies overcome challenges in defining relevant performance metrics, and improving the performance and interoperability of AI systems and services.  Consistent with these principles, the OMB AI Procurement Memo also emphasizes the need for market research.  These provisions, coupled with the memo’s emphasis on “innovative” and “efficient” acquisition and enhancing the competitive U.S. AI marketplace, suggest that the memo contemplates the use of commercial item contracting processes for the acquisition of AI systems and services to the maximum extent consistent with applicable laws and regulations. 

    The memo notes that OMB will develop additional playbooks focused on the procurement of certain types of AI, including generative AI and AI-based biometrics.  Additionally, the memo directs the General Services Administration (“GSA”) to release AI procurement guides for the federal acquisition workforce that will address “acquisition authorities, approaches, and vehicles,” and to establish an online repository for agencies to share AI acquisition information and best practices, including language for standard AI contract clauses and negotiated costs.
  • The Role of NIST AI Standards.  In another sharp contrast to the Biden OMB AI Memos, the new OMB AI Memos lack any mention of the National Institute of Standards and Technology (“NIST”) or its recent and ongoing initiatives to develop AI performance and risk management standards.  For example, while both OMB AI Use Memos view the minimum risk management practices as an “initial baseline” for agencies, the Biden OMB AI Use Memo encouraged agencies to supplement the minimum requirements with best practices from NIST’s 2023 AI Risk Management Framework.  By contrast, the new OMB AI Use Memo encourages covered agencies to “continue developing their own agency-specific practices” that build upon the minimum practices.  Similarly, while the Biden OMB AI Procurement Memo called on agencies to adapt NIST’s AI Risk Management Framework and Secure Software Development Framework when procuring AI, the new OMB AI Procurement Memo only instructs covered agencies to ensure that contracts comply with minimum risk management practices established in the OMB AI Use Memo.

    The omission of NIST from the OMB AI Memos could suggest a less active role for NIST and the Department of Commerce in U.S. AI policy under the Trump Administration, or at least that agencies may have greater flexibility when considering whether to incorporate NIST standards.  At the same time, NIST has continued its work on AI standards in recent weeks, including the development of a Cyber AI Profile, while its U.S. AI Safety Institute has continued to garner support from industry stakeholders.
Photo of Nooree Lee Nooree Lee

Nooree Lee represents government contractors in a wide variety of transactional, litigation, and compliance matters. His primary areas of practice include corporate transactions involving contractors, international contracting and domestic sourcing matters, and grants and cooperative agreements.

Mr. Lee also advises clients in a…

Nooree Lee represents government contractors in a wide variety of transactional, litigation, and compliance matters. His primary areas of practice include corporate transactions involving contractors, international contracting and domestic sourcing matters, and grants and cooperative agreements.

Mr. Lee also advises clients in a wide range of industries on how to best safeguard and leverage their intellectual property. Relatedly, he represents companies seeking to protect their confidential data from disclosure under the federal Freedom of Information Act and state law equivalents.

Read more about Nooree LeeNooree's Linkedin Profile
Show more Show less
Matthew Shapanka

Matthew Shapanka draws on more than 15 years of experience – including on Capitol Hill, at Covington, and in state government – to advise and counsel clients across a range of industries on significant legislative, regulatory, and enforcement matters. He develops and executes…

Matthew Shapanka draws on more than 15 years of experience – including on Capitol Hill, at Covington, and in state government – to advise and counsel clients across a range of industries on significant legislative, regulatory, and enforcement matters. He develops and executes complex, multifaceted public policy initiatives for clients seeking actions by Congress, state legislatures, and federal and state government agencies, many with significant legal and political opportunities and risks.

Matt rejoined Covington after serving as Chief Counsel for the U.S. Senate Committee on Rules and Administration, where he advised Chairwoman Amy Klobuchar (D-MN) on all legal, policy, and oversight matters within the Committee’s jurisdiction, including federal election law and campaign finance, and oversight of the Federal Election Commission, legislative branch agencies, security and maintenance of the U.S. Capitol Complex, and Senate rules and regulations.

Most significantly, Matt led the Rules Committee staff work on the Electoral Count Reform and Presidential Transition Improvement Act – landmark bipartisan legislation to update the antiquated process of certifying and counting electoral votes in presidential elections that President Biden signed into law in 2022.

As Chief Counsel, Matt was a lead attorney on the joint bipartisan investigation (with the Homeland Security and Governmental Affairs Committee) into the security planning and response to the January 6, 2021 attack on the Capitol. In that role, he oversaw the collection review of documents, led interviews and depositions of key government officials, advised the Chairwoman and Committee members on two high-profile joint hearings, and drafted substantial portions of the Committees’ staff report on the attack. He also led oversight of the Capitol Police, Architect of the Capitol, Senate Sergeant at Arms, and executive branch agencies involved in implementing the Committees’ recommendations, including additional legislation and hearings.

Both in Congress and at the firm, Matt has prepared many corporate and nonprofit executives, academics, government officials, and presidential nominees for testimony at legislative, oversight, or nomination hearings before congressional committees, as well as witnesses appearing at congressional depositions and transcribed interviews. He is also an experienced legislative drafter who has composed dozens of bills introduced in Congress and state legislatures, including several that have been enacted into law across multiple policy areas.

In addition to his policy work, Matt advises and represents clients on the full range of political law compliance and enforcement matters involving federal election, campaign finance, lobbying, and government ethics laws, the Securities and Exchange Commission’s “Pay-to-Play” rule, as well as the election and political laws of states and municipalities across the country.

Before law school, Matt worked as a research analyst in the Massachusetts Recovery & Reinvestment Office, where he worked on all aspects of state-level policy, communications, and compliance for federal stimulus funding awarded to Massachusetts under the American Recovery & Reinvestment Act of 2009. He has also worked for federal, state, and local political candidates in Massachusetts and New Hampshire.

Read more about Matthew Shapanka
Show more Show less
Photo of Ryan Burnette Ryan Burnette

Ryan Burnette advises clients on a range of issues related to government contracting. Mr. Burnette has particular experience with helping companies navigate mergers and acquisitions, FAR and DFARS compliance issues, public policy matters, government investigations, and issues involving government cost accounting and the…

Ryan Burnette advises clients on a range of issues related to government contracting. Mr. Burnette has particular experience with helping companies navigate mergers and acquisitions, FAR and DFARS compliance issues, public policy matters, government investigations, and issues involving government cost accounting and the Cost Accounting Standards.  Prior to joining Covington, Mr. Burnette served in the Office of Federal Procurement Policy in the Executive Office of the President, where he worked on government-wide contracting regulations and administrative actions affecting more than $400 billion dollars’ worth of goods and services each year.

Read more about Ryan Burnette
Show more Show less
August Gweon

August Gweon counsels national and multinational companies on data privacy, cybersecurity, antitrust, and technology policy issues, including issues related to artificial intelligence and other emerging technologies. August leverages his experiences in AI and technology policy to help clients understand complex technology developments, risks…

August Gweon counsels national and multinational companies on data privacy, cybersecurity, antitrust, and technology policy issues, including issues related to artificial intelligence and other emerging technologies. August leverages his experiences in AI and technology policy to help clients understand complex technology developments, risks, and policy trends.

August regularly provides advice to clients for complying with federal, state, and global privacy and competition frameworks and AI regulations. He also assists clients in investigating compliance issues, preparing for federal and state privacy regulations like the California Privacy Rights Act, responding to government inquiries and investigations, and engaging in public policy discussions and rulemaking processes.

Read more about August Gweon
Show more Show less
Bolatito Adetula

Tito Adetula is an associate in the firm’s Washington, DC office. She is a member of the Data Privacy and Cybersecurity Practice Group and the Government Contracts Practice Group.

Tito also maintains an active pro bono practice focused on data privacy and cybersecurity matters.