OMG Releases Memoranda on AI Use and Acquisition

Editor’s note: The policy body involved is the Office of Management and Budget, or OMB. If the headline says “OMG,” that is likely a typobut honestly, for anyone who works in federal procurement, “OMG” may also describe the reaction when a new memorandum lands on the desk.

Artificial intelligence has officially moved from “interesting pilot project” to “government operating system upgrade.” With the release of two major memoranda on AI use and acquisition, the Office of Management and Budget has given federal agencies a clearer playbook for adopting AI faster, buying it smarter, and managing its risks without turning every project into a paperwork parade.

The memorandaM-25-21, Accelerating Federal Use of AI through Innovation, Governance, and Public Trust, and M-25-22, Driving Efficient Acquisition of Artificial Intelligence in Governmentrepresent a major shift in how federal agencies are expected to use and procure AI systems. The message is simple: AI should help agencies serve the public better, but it must be governed, monitored, and bought with eyes wide open.

For government contractors, technology vendors, compliance teams, acquisition officers, and policy watchers, these memos are not casual reading. They are the kind of documents that quietly reshape contracts, proposal strategies, vendor disclosures, data rights, testing requirements, and the future of public-sector AI adoption.

What the OMB AI Memoranda Actually Do

The two memoranda work together like a pair of traffic lights at a busy intersection. M-25-21 focuses on how agencies should use AI. M-25-22 focuses on how agencies should acquire AI systems and services. One tells agencies how to drive. The other tells them what kind of car to buy, how to inspect it, and why the wheels should not fall off halfway through the contract.

M-25-21: Accelerating Federal AI Use

M-25-21 directs agencies to adopt a more forward-leaning approach to AI. It encourages federal departments to remove unnecessary barriers, identify useful AI applications, develop AI strategies, empower Chief AI Officers, and continue protecting privacy, civil rights, civil liberties, and public trust.

One of the most important ideas in the memo is the category of “high-impact AI.” This includes AI uses that may significantly affect people’s rights, access to benefits, safety, privacy, critical infrastructure, or important government resources. In plain English: if an AI system helps decide something that matters deeply to a person’s life, the agency cannot simply plug it in and hope for the best.

Agencies are expected to apply minimum risk management practices to high-impact AI. That may include impact assessments, performance monitoring, human oversight, clear documentation, and discontinuing use if an AI tool cannot meet required safeguards. The memo does not say, “Move fast and break the public.” It says, “Move faster, but keep both hands on the wheel.”

M-25-22: Driving Efficient AI Acquisition

M-25-22 tackles the buying side of the AI boom. Federal agencies do not just need permission to use AI; they need practical methods for buying it without wasting taxpayer money, locking themselves into one vendor forever, or exposing sensitive government data to preventable risks.

The acquisition memo pushes agencies to use performance-based acquisition techniques, evaluate AI systems before award where practicable, address intellectual property and data rights clearly, prevent vendor lock-in, require ongoing testing and monitoring, and consider whether the AI use may qualify as high-impact. It also encourages agencies to support a competitive American AI marketplace.

That last point matters. AI procurement is not like buying office chairs. With chairs, the worst-case scenario is that someone complains in a meeting. With AI, poor procurement can create hidden costs, unreliable outputs, privacy issues, opaque decision-making, or long-term dependency on a vendor whose system becomes difficult to replace.

Why These Memoranda Matter

The federal government is one of the largest technology buyers in the world. When OMB changes expectations for AI use and acquisition, the ripple effect extends far beyond Washington, D.C. Contractors, cloud providers, software vendors, data analytics firms, cybersecurity teams, civil rights advocates, and agency program managers all need to understand the new rules of the road.

The memos matter for three big reasons: they accelerate AI adoption, they make governance part of agency operations, and they change how vendors must think about selling AI to the government.

1. AI Adoption Is No Longer Optional Window Dressing

For years, many agencies experimented with AI through pilots, research projects, chatbots, analytics tools, fraud detection systems, and administrative automation. Some projects worked well. Others became the digital equivalent of a treadmill bought in January and ignored by March.

The new OMB guidance pushes agencies to move beyond isolated experiments. Agencies are expected to identify meaningful use cases, build AI-ready infrastructure, improve data governance, reuse code and models where appropriate, and develop public AI strategies. This turns AI from a side project into an enterprise planning issue.

2. Chief AI Officers Become More Important

The memoranda give Chief AI Officers a central role in agency AI adoption. CAIOs are not just ceremonial tech mascots with impressive titles and suspiciously full calendars. They are expected to help agencies identify opportunities, coordinate governance, advise on AI investments, manage risks, and support responsible deployment.

For vendors, this means AI sales strategies may need to reach beyond traditional contracting officers. Legal teams, privacy officials, CIOs, data officers, program leaders, and CAIOs may all influence whether an AI tool is considered useful, compliant, secure, and worth buying.

3. Procurement Must Address Performance, Data, and Lock-In

M-25-22 makes clear that agencies should not buy AI based only on glossy demos or heroic vendor claims. A chatbot that performs beautifully in a conference room may behave differently when connected to real agency data, real users, legacy systems, accessibility requirements, and security controls that were apparently designed by a committee of very cautious dragons.

Agencies are encouraged to test systems in realistic environments, define performance expectations, use quality assurance surveillance plans, and include contract terms that allow continued monitoring. Contracts should also address data ownership, intellectual property rights, model portability, documentation, licensing terms, and pricing transparency.

The anti-lock-in emphasis is especially important. If an agency cannot move its data, understand its system, access documentation, or transition to another provider without paying a digital ransom, the procurement has failed the future.

Key Changes for Federal Agencies

The OMB AI memoranda create several practical responsibilities for agencies. These are not abstract policy poems. They point toward real operational work.

Develop Public AI Strategies

Agencies are expected to develop AI strategies that explain how they will identify opportunities, remove barriers, improve maturity, and use AI to support mission outcomes. These strategies should be understandable to the public, not written in a dialect known only to procurement lawyers and enterprise architects.

Update Internal Acquisition Procedures

Agencies must revisit internal acquisition procedures so AI purchases align with the new requirements. This includes involving relevant officials early, considering risks before solicitation, and ensuring acquired AI can comply with agency use requirements.

Protect Government Data

The acquisition memo places strong attention on government data. Agencies should ensure contracts clearly describe how data may be used, retained, protected, and prevented from being used to train public or commercial AI systems without explicit agency consent.

Use Testing and Monitoring

AI performance can drift over time. A system that works well today may degrade when data changes, user behavior shifts, or the model encounters new conditions. The memo therefore emphasizes ongoing monitoring, evaluation, and the ability to test systems using agency-defined validation data.

Plan for Sunsetting

One of the smartest ideas in the acquisition guidance is the concept of sunset criteria. Agencies should consider when to stop using an AI system, whether because costs rise, mission needs change, performance weakens, or risks outweigh benefits. In other words, every AI contract should know where the exit door is.

What Government Contractors Should Do Now

For contractors, the OMB memoranda are a wake-up call wrapped in policy language. Vendors that sell AI systems or AI-enabled services to federal agencies should expect more questions about transparency, performance, data rights, documentation, privacy, security, and high-impact use cases.

Prepare Clear AI Disclosures

Contractors should be ready to explain when and how AI is used in contract performance. Even if an agency is not buying an “AI product,” a contractor may use AI behind the scenes for analysis, drafting, support, automation, coding, image review, or workflow management. Agencies may increasingly ask vendors to disclose those uses.

Build Documentation Before the Proposal Deadline

Vendors should maintain documentation on model purpose, data inputs, performance testing, limitations, human oversight, cybersecurity controls, privacy safeguards, and monitoring plans. Waiting until a solicitation drops to assemble this information is like starting your homework after the teacher says, “Pencils down.”

Design for Portability and Interoperability

Contractors that offer open APIs, clean data export options, modular architecture, clear licensing, and transparent pricing may be better positioned. Agencies are being told to avoid vendor lock-in, so vendors that make transition planning easier can turn compliance into a competitive advantage.

Think Carefully About Government Data

Any vendor handling non-public agency data should be prepared to show how that data is isolated, protected, and excluded from unauthorized training. “Trust us” is not a data governance strategy. It is a sentence that makes privacy officers reach for coffee.

Examples of How the Guidance Could Apply

Consider an agency buying an AI tool to summarize public comments. If the tool is used only to cluster themes and support staff review, the risk may be manageable with ordinary controls. The agency would still care about accuracy, privacy, documentation, and data retention, but the use may not directly determine someone’s benefits, rights, or safety.

Now consider an AI system used to help decide eligibility for housing assistance, disability benefits, loan approvals, immigration processing, or law enforcement prioritization. That is a different universe. The output could materially affect an individual’s life. The agency would need stronger risk management, human oversight, impact assessment, documentation, and procedures for addressing errors.

Or imagine a contractor using generative AI to draft technical reports for an agency. Even if the final deliverable is reviewed by humans, the agency may want disclosure, quality controls, data protections, and assurances that non-public government information is not being fed into a public model. AI does not become harmless just because it hides in the workflow.

Balancing Innovation and Public Trust

The central challenge in the OMB memoranda is balance. Federal agencies are under pressure to modernize, reduce costs, improve services, and use powerful new tools. At the same time, government decisions can affect people’s benefits, safety, privacy, and legal rights. That makes public trust essential.

AI can help agencies detect fraud, route service requests, analyze large datasets, improve cybersecurity, support medical research, identify infrastructure risks, and reduce administrative burden. But AI can also produce errors, amplify bias, expose sensitive data, hallucinate facts, and create accountability gaps if deployed carelessly.

The best interpretation of the memoranda is not “AI everywhere immediately.” It is “AI where it improves mission outcomes, with governance strong enough to keep the public protected.” That is a less flashy slogan, but a better operating model.

Practical Experience: Lessons from Working Around AI Use and Acquisition

In real-world technology projects, the hardest AI questions usually do not appear in the first demo. They appear later, when people ask: Who owns the data? What happens when the model is wrong? Can we audit the output? Can we switch vendors? Can the system explain enough for a human to make a responsible decision? Will this still work when the pilot becomes a production system with thousands of users?

One common experience is that organizations often underestimate the importance of clean, usable data. AI tools are hungry, but they are not magical. If the data is scattered, outdated, poorly labeled, inaccessible, or full of contradictions, the AI system will not politely fix the organization’s data governance problems. It will simply reveal them faster and with more confidence than anyone wanted.

Another lesson is that procurement language matters. A contract that fails to address data rights, model access, documentation, monitoring, portability, and exit rights can create problems years later. The agency may discover that moving to a better system is expensive because the original contract did not require practical data export, knowledge transfer, or clear rights to derived work. That is how a shiny innovation project becomes a very expensive digital roommate who refuses to move out.

Testing is also more complicated than many teams expect. A vendor’s benchmark may look impressive, but agencies need testing that reflects their mission, users, data, and operational environment. For example, an AI assistant used by a benefits agency must be evaluated differently from an AI tool used for internal document search. Accuracy is not a single number. It depends on context, consequences, and the cost of being wrong.

Human oversight is another area where details matter. Saying “a human is in the loop” is easy. Designing a meaningful review process is harder. The reviewer must understand the AI output, have time to question it, know when to override it, and have authority to stop the process if something looks wrong. Otherwise, human oversight becomes a decorative sticker on an automated decision.

The OMB memoranda also highlight a cultural issue: agencies and vendors need to speak the same language. Program managers care about mission outcomes. Contracting officers care about acquisition rules. Privacy teams care about data protection. Security teams care about risk. Technical teams care about architecture and performance. Legal teams care about liability and compliance. Successful AI acquisition requires all of them to talk early, not after the contract is already shaped like a pretzel.

The best experience-based advice is simple: treat AI procurement as a lifecycle, not a purchase order. Start with the mission need. Define the intended use. Identify whether the system could be high-impact. Test before award where possible. Write contract terms that protect data and avoid lock-in. Monitor performance after deployment. Create an exit plan. And never assume that a system is safe, fair, or useful just because the demo had smooth animations and the word “transformational” appeared eleven times.

Conclusion

The OMB memoranda on AI use and acquisition mark a significant moment in federal technology policy. They signal that AI adoption is becoming a core government priority, not a futuristic hobby. Agencies are being encouraged to move faster, but also to govern better, buy smarter, protect data, monitor performance, and maintain public trust.

For contractors, the opportunity is largebut so is the responsibility. Vendors that can demonstrate transparent performance, strong data protections, interoperability, clear documentation, and realistic monitoring will be better prepared for the next generation of federal AI solicitations. Vendors relying only on buzzwords may discover that “AI-powered” is not a substitute for “mission-ready.”

Ultimately, the federal government’s AI future will depend on execution. The memoranda provide direction. Agencies and contractors must now turn that direction into systems that are useful, secure, fair, cost-effective, and worthy of public confidence. That is a big assignmentbut unlike a bad chatbot answer, it cannot be regenerated with one click.