ARTICLE
22 April 2025

White House Unveils Updated AI Guidelines For Federal Agencies

PC
Perkins Coie LLP

Contributor

Perkins Coie LLP logo

Perkins Coie is a premier international law firm with over a century of experience, dedicated to addressing the legal and business challenges of tomorrow. Renowned for its deep industry knowledge and client-centric approach, the firm has consistently partnered with trailblazing organizations, from aviation pioneers to artificial intelligence innovators. With 21 offices across the United States, Asia, and Europe, and a global network of partner firms, Perkins Coie provides seamless support to clients wherever they operate.

The firm's vision is to be the trusted advisor to the world’s most innovative companies, delivering strategic, high-value solutions critical to their success. Guided by a one-firm culture, Perkins Coie emphasizes excellence, collaboration, inclusion, innovation, and creativity. The firm is committed to building diverse teams, promoting equal access to justice, and upholding the rule of law, reflecting its core values and enduring dedication to clients, communities, and colleagues.

Explore Firm Details
The White House's Office of Management and Budget (OMB) has issued two new memorandums, which establish new federal policies for the use and acquisition...
United States Technology
Marc S. Martin,Dania Assas, and Sydney Veatch

Key Takeaways

  • The White House's Office of Management and Budget (OMB) has issued two new memorandums, which establish new federal policies for the use and acquisition of artificial intelligence (AI) by the federal government.
  • M-25-21 requires federal agencies to foster AI innovation, advance AI governance, and promote responsible AI use.
  • M-25-22 updates guidance for federal procurement of AI systems.
  • For companies developing or deploying AI systems for federal customers, the downstream effects will likely be felt through procurement processes and performance oversight.

The OMB has issued two new memorandums—M-25-21 and M-25-22—establishing new federal policies for how federal agencies use and acquire AI. The memorandums, both released on April 3, 2025, are issued as directed by Executive Order 14179, Removing Barriers to American Leadership in Artificial Intelligence, and formally replace two prior Biden-era OMB directives on AI guardrails (which we discussed in a previous Update) and the acquisition of AI systems (which we also discussed in a previous Update). While described as "guidance," the OMB memorandums are binding on the federal agencies within the executive branch. As such, the guidance may have a ripple effect on private contractors providing goods and services to federal agencies because agencies typically revise their expectations of contractors to align with OMB's guidance.

The guidance reflects the current administration's goal of accelerating AI adoption while minimizing regulatory burdens. The memos introduce more flexible risk-based classifications and safeguards, detailed procurement standards, and tighter implementation timelines than the Biden-era OMB memos they replace. While retaining several structures from previous guidance, such as agency AI inventories and governance boards, the memos place a stronger emphasis on direct executive oversight and interagency alignment.

M-25-21: Federal Use of AI—Innovation, Governance, and Public Trust

OMB Memorandum M-25-21, Accelerating Federal Use of AI through Innovation, Governance, and Public Trust, applies to all executive departments and agencies, including independent regulatory agencies. It introduces a three-part directive framework that requires agencies to:

  • Foster AI innovation by identifying and removing operational barriers to adoption, maximizing the reuse of federal AI code and models, and encouraging open-source development.
  • Advance AI governance by formally designating a chief AI officer (CAIO) at each agency, establishing internal AI governance boards, and participating in an interagency CAIO council coordinated by OMB.
  • Promote responsible AI use and protect the public trust by requiring enhanced oversight and risk management for "high-impact AI," defined as AI systems whose outputs materially affect rights, services, safety, or sensitive federal resources.

Departing from the Biden administration's bifurcated approach, which separately categorized "rights-impacting" and "safety-impacting" systems, M-25-21 introduces a single unified risk category: "high-impact" systems. This high-impact classification simplifies internal assessments while narrowing the focus to systems with demonstrable, significant consequences. Agencies deploying such systems must implement minimum risk practices, including pre-deployment testing, ongoing monitoring, human oversight, and public accountability, and they must document compliance within 365 days of the memos' issuance. Agencies are also required to track, report to OMB, and publicly disclose any waivers granted for noncompliant high-impact AI systems.

Certain requirements under M-25-21 apply exclusively to the 24 major federal departments and agencies covered by the Chief Financial Officers Act of 1990 (CFO agencies), which are subject to heightened oversight and reporting obligations. For these agencies, M-25-21 mandates the publication of a public AI strategy within 180 days of issuance. These strategies must identify institutional barriers to AI adoption and outline plans to scale responsible AI use across the enterprise.

M-25-22: AI Acquisition Standards for Federal Agencies

OMB Memorandum M-25-22, Driving Efficient Acquisition of Artificial Intelligence in Government, delivers updated guidance for federal procurement of AI systems. Effective for solicitations issued after October 1, 2025, the memo supersedes the Biden administration's M-24-18 and applies to all executive agencies, with the exception of national security-related acquisitions.

While many procurement objectives remain consistent, including competitive marketplace development, risk-informed decision-making, and cross-functional coordination, M-25-22 introduces new specificity in several areas. Agencies are now expected to determine at the outset whether a procurement involves high-impact AI and, if so, to apply appropriate testing, oversight, and disclosure requirements throughout the acquisition lifecycle.

The memo directs agencies to update internal acquisition policies within 270 days of its issuance and to ensure that solicitations and resulting contracts include terms addressing:

  • Performance validation and pre-award testing
  • Interoperability and protections to avoid vendor lock-in
  • Rights to government data, outputs, and derived models
  • Restrictions on using non-public government data to train commercial AI systems

The memo also urges agencies to adopt performance-focused contracts that are based on a statement of objectives rather than a potentially "over-limiting" statement of work. The General Services Administration is tasked with issuing procurement templates and establishing a centralized repository of best practices and tools within 100 to 200 days.

Comparison to Prior Guidance

The new memorandums reflect an expected shift in tone and emphasis and align with AI EO 14179's goal to "sustain and enhance America's global AI dominance to promote human flourishing, economic competitiveness, and national security." The focus on "high-impact" systems may ease implementation for some agencies, but it could also reduce visibility into adjacent or emerging use cases that, while not meeting the high-impact threshold, still carry legal or operational risk.

The procurement memo introduces clearer expectations for contractor obligations, particularly around intellectual property, data portability, and long-term system access. By explicitly barring the use of nonpublic government data to train external AI systems without agency consent, M-25-22 adds new weight to prior data stewardship policies, which were previously less formalized in contracting terms. And although M-25-21 and M-25-22 formally rescind the Biden-era memos, they preserve much of the foundational architecture of the earlier framework. Chief AI officers, governance boards, public inventories, and minimum risk practices all remain part of the federal AI compliance landscape. Ultimately, changes to the Federal Acquisition Regulation (FAR) and agency FAR supplements will be necessary to give any AI-specific directives binding effect on companies that contract with the federal government. As with the prior OMB memo it rescinds, the new guidance will need to be reconciled with existing statutory and regulatory frameworks for the acquisition of commercial products and services defined in FAR Part 12. That part of the FAR implements a statutory preference for commercial products and services with streamlined compliance obligations compared to noncommercial deliverables.

What To Expect

The OMB memorandums have carried out AI EO 14179 with enhanced clarity and specificity regarding how federal agencies should use AI technology and what they should expect from AI systems they procure. For companies developing or deploying AI systems for federal customers, particularly those touching high-impact domains or sensitive data, the downstream effects will likely be felt through procurement processes and performance oversight. Although the memorandums stop short of imposing direct requirements on contractors, they will indirectly affect how contractors comply with agency expectations and may ultimately lead to rule changes to the FAR. Companies should anticipate scrutiny of how their systems align with the OMB's guidance and prepare to transition to performance-based contracts.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Marc S. Martin
Marc S. Martin
Photo of Dania Assas
Dania Assas
Photo of Sydney Veatch
Sydney Veatch
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More