News

UPDATE: March 20, 2026 Deadline for Comments on GSA’s Proposed AI Clause Extended to April 3, 2026

19 March 2026
Artificial Intelligence (AI),machine learning with data mining technology on virtual dachboard.Double Exposure,Businessman hand working concept. Documents finance graphic chart
Bynder Desktop Image for mobile

On March 6, 2026, the General Services Administration (GSA) proposed GSAR 552.239‑7001, Basic Safeguarding of Artificial Intelligence Systems—a first‑of‑its‑kind contract clause aimed at imposing dedicated, AI‑specific safeguarding requirements through procurement vehicles. The clause is proposed for inclusion in GSA Schedule Contracts through Multiple Award Schedule (MAS) Refresh 32, marking a significant departure from existing federal acquisition practice, as no other agency has implemented a comparable, stand‑alone AI governance clause. Rather than proceeding through traditional notice‑and‑comment rulemaking, GSA issued the clause via the MAS refresh comment process, resulting in a highly compressed timeline for stakeholder feedback. UPDATE*: Comments on the proposed clause were initially due March 20, 2026, but GSA posted via its blog on March 19, 2026, noting that (i) this deadline was being extended to April 3, 2026, and (ii) GSA will not include the clause in the upcoming MAS Refresh 31, and it instead will be considered for implementation in Refresh 32.

If adopted in its current form, the clause would immediately impose contractually binding obligations governing the development, deployment, and management of artificial intelligence (AI) systems used in or supplied under federal contracts.

Substantively, GSAR 552.239-7001 is designed to advance federal objectives by emphasizing AI control, transparency, and accountability. It reflects growing concern within the federal government about data security, supply chain risk, and the opaque nature of many commercial AI systems. Contractors that rely on AI—whether for data analysis, content generation, automation, or decision support—will need to ensure their practices align with these priorities.

The proposed clause imposes far-reaching disclosure requirements, strict limitations on data use, broad Government rights to utilize information, and proactive compliance obligations for contractors delivering “Artificial Intelligence capabilities.” Notably, the term “Artificial Intelligence capabilities” is left undefined in the proposed language, creating ambiguity. We anticipate that industry stakeholders will raise this issue during the comment period, with the expectation that clearer guidance will be provided in the final version of the clause.

These obligations include:

  • Exclusively using “American AI Systems” in contract performance i.e., those developed and produced in the United States (foreign systems are expressly prohibited);
  • Disclosing all AI systems used in performance of a contract throughout the supply chain, even if domestic, within 30 days of award unless requested earlier by the contracting officer;
  • Ensuring mechanisms for Government oversight, intervention, and feedback;
  • Prohibiting the use of Government data to train, fine-tune, or improve AI models or offerings;
  • Providing the Government with ownership rights in AI outputs and developments;
  • Reporting security or performance incidents promptly (within 72 hours) and providing day-to-day updates as needed;
  • Maintaining and providing upon request, documentation relating to (i) compliance with the clause including alignment with the NIST AI Risk Management Framework, (ii) AI System decision-making processes, logic, and operational parameters, (iii) privacy controls effectiveness and PII processing prohibition compliance, and (iv) any known biases; and
  • Ensure data portability and interoperability through the use of open and standard data formats and application programming interfaces (APIs), while avoiding the use of proprietary technologies or formats that require additional licensing or create vendor dependencies.
  • Make efforts to ensure AI systems adhere to unbiased AI principles, i.e., truthful, historically accurate, neutral, and nonpartisan.

Taken together, these requirements reinforce that the contractor is fully accountable for how AI is used in contract performance.

Key provisions of GSAR 552.239-7001

Scope and definitions

The proposed clause would broadly apply to AI use in contract performance and not just to AI systems provided to the Government. For instance, the clause broadly defines key terms such as “AI System,” “American AI System” and “Service Provider,” the latter of which exceeds traditional subcontractors and includes third-party vendors and platforms that support AI functionality. As a result, the clause would regulate a wide range of instruments, including systems developed internally and commercially available AI solutions used in the performance of government contracts.

Disclosure requirements

Contractors must comply with Government-requested disclosures, including information about their AI systems used in connection with contract performance. The obligation extends to AI System processes, operations, and even internal functions. Depending on implementation, this may require contractors to take inventory of and track AI usage across business units and functions, including third-party tools embedded in workflows.

Data use and protection restrictions

The clause also would limit the use of Government data in connection with AI systems. Generally, contractors are prohibited from using Government-furnished or generated data to train, polish, or improve AI models. In addition, the clause requires segregating Government data from other datasets, limiting retention, requiring “eyes off”’ data handling procedures that restrict human review of Government data except as strictly necessary to provide the AI System, and deleting such data upon contract completion, potentially with certification obligations. These requirements may create tension with standard commercial AI development and data practices.

Safeguarding and security requirements

Consistent with its title, the clause creates safeguarding obligations when using AI systems, including the establishment of controls to protect against unauthorized access, maintenance of system integrity, and oversight for misuse or compromise. The requirements appear to align with existing federal cybersecurity frameworks, while introducing an AI-specific focus on protecting models, training data, and outputs.

Government rights and oversight

The clause provides that the Government retains full ownership of all Government data and any Custom Developments (any AI system designs, modifications, customizations, configurations, enhancements, workflows, or related deliverables—including model training or fine‑tuning—created specifically for the Government under the contract, but excludes pre‑existing or independently developed intellectual property that does not use the Government’s confidential information or specifications), while contractors and service providers are granted only a limited, revocable, non exclusive license to use such data during the contract term solely for contract performance, required support, or other uses expressly authorized by the Contracting Officer. Any intellectual property rights that a contractor or service provider may acquire in Government Data—including improvements, enhancements, or derivative works—are automatically assigned to the Government upon creation, notwithstanding that contractors and service providers retain ownership of their underlying AI systems and base models.

The clause also grants the Government a license use AI systems and outputs for “any lawful Government purpose” for the duration of the contract, including allowing authorized Government personnel and contractors to use a contractor’s AI system, and integrating that AI system with Government systems. The broad rights resemble unlimited rights in the defense context (see DFARS 252.227-7014) despite the AI systems presumably being created at private expense. It also contemplates a form of Government oversight on AI use, including the ability for the Government to evaluate the AI system’s performance, risks, and effectiveness.

As a result, contractors’ ability to impose contractual or technical restrictions on system use and raise considerations regarding intellectual property and licensing structures may be hindered.

Flowdown and supply chain obligations

The clause requires contractors to flow down its requirements to subcontractors and other service providers involved in AI system development or operation. The clause includes a broad definition of “Service Provider,” such that contractors could be responsible for ensuring compliance across a complex ecosystem of vendors, including cloud providers and AI platform providers. This expands compliance obligations well beyond the prime contractor and into the broader AI supply chain.

Anticipated next steps and implications

Although the proposed clause may evolve after GSA has the opportunity to consider contractor feedback, it still signals a meaningful shift in how the federal government intends to govern AI.

Near-term considerations

In the near-term, contractors should expect the clause to be refined by GSA throughout the MAS refresh process. Given the short period of time for comments (until April 3, 2026), the industry feedback is likely to focus on the feasibility of disclosure requirements, the scope of data restrictions, and the practical challenges of complying with flowdown obligations. Contractors that rely heavily on commercial AI tools or complex vendor ecosystems may face particular challenges in aligning existing practices with the proposed requirements.

Operational and compliance impact

If adopted, contractors should anticipate taking the following actions, if they have not already:

  • Establishing an internal AI governance framework;
  • Developing internal inventories of AI systems used in contract performance and preparing such information for disclosure;
  • Researching current systems and ensuring that all AI Systems being used qualify as American AI Systems;
  • Implementing policies and technical controls to segregate, manage, and protect Government data;
  • Revisiting agreements with third-party vendors to ensure compliance with flowdown requirements;
  • Establishing feedback mechanisms to allow the Government to request modifications, enhancements, and reporting;
  • Enhancing coordination between legal, compliance, and technical teams to ensure comprehensive compliance infrastructure is in place;
  • Updating internal policies and procedures pertaining to AI use;
  • Training personnel on proper AI use; and
  • Preparing for incident reporting and audit readiness.

Broader regulatory implications

More broadly, GSAR 552.239-7001 may serve as a model for future AI-related procurement requirements across the federal government. By embedding AI governance obligations directly into contract clauses, agencies can impose binding requirements more quickly than through traditional rulemaking processes. As a result, contractors should anticipate the potential for similar clauses to appear in other acquisition vehicles or to be incorporated into the FAR or agency FAR supplements over time.

The clause also reflects policy emphasis on domestic AI development and supply chain control, which may influence how contractors select and structure their technology solutions going forward.

Conclusion

This clause likely signals a new direction for federal procurement policy as it relates to AI. Contractors who proactively assess and implement these new requirements will be in a stronger position to stay compliant and competitive. Hogan Lovells stands ready to help you with our market-leading lawyers who are proactively tracking these and other developments in AI federal procurement rules and regulations.

 

 

Authored by Mike Mason, Stacy Hadeka, Taylor Hillman, and Brittney Ajaj.

Contacts

bio-image

Michael F. Mason

Partner

location Washington, D.C.

bio-image

Stacy Hadeka

Partner

location Washington, D.C.

bio-image

Taylor Hillman

Senior Associate

location Washington, D.C.

bio-image

Brittney Carrolline Ajaj

Associate

location Denver

View more

Related topics

Related countries

Load more

Related keywords

Load more

Articles you may be interested in

image_1
News

New executive order imposes mandatory DEI prohibition clause and False Claims Act exposure on federal contractors

30 March 2026
image_1
News

New U.S. State Department foreign assistance rules advance domestic policy priorities

18 March 2026
image_1
Insights and Analysis

Life Sciences & Health Care Horizons 2026

11 March 2026
image_1
News

DOJ brings individual criminal charges for FedRAMP fraud: What government contractors need to know

19 February 2026
image_1
News

NIH bans research with human fetal tissue from elective abortions

18 February 2026
image_1
News

Doing Business in the United States 2026

10 February 2026
image_1
Insights and Analysis

False Claims Act Guide 2026

10 February 2026
image_1
News

The Personal Responsibility and Work Opportunity Reconciliation Act in 2026: Implications for Entities Administering “Federal Public Benefits”

22 January 2026
image_1
Insights and Analysis

JPM 2026: How to expand internationally while ensuring regulatory compliance

20 January 2026
left_arrow
right_arrow

View more insights and analysis

arrow
arrow

Register now to receive personalized content and more!

 

Register
close
See benefits
Register