HWG Client Advisory

By: Austin Bonner and Muji Ali

Federal agencies will soon update their artificial intelligence governance and acquisition strategies in ways that will impact both their suppliers and end users. On April 3, 2025, the Office of Management and Budget (OMB) released two guidance memoranda to agencies: M-25-21, Accelerating Federal Use of AI through Innovation, Governance, and Public Trust, and M-25-22, Driving Efficient Acquisition of Artificial Intelligence in Government.1 Taken together, these memos set out the Trump Administration’s vision for AI use across the Federal enterprise, which reflects a rebalancing of priorities around mitigating risk and speeding adoption.2

Governance

M-25-21 formally replaces the Biden Administration’s policy on agency AI use, while retaining many of the governance systems already in place. For example, agencies will continue to designate senior-level Chief AI Officers (CAIOs), maintain public inventories of their AI use cases, and complete compliance plans.

This guidance represents a shift in risk management emphasis, generally deemphasizing environmental, discrimination, and civil rights concerns. While the previous Administration mandated two sets of agency practices for safety- and rights-impacting AI uses, the Federal enterprise will now adopt risk mitigations for “high-impact” AI uses. As a practical matter, many AI systems previously targeted for risk management will continue to be scrutinized; OMB defines AI as “high-impact when its output serves as a principal basis for decisions or actions that have a legal, material, binding, or significant effect on rights or safety.”3 But OMB’s non-exhaustive list of high-impact use cases provides notably fewer examples than the previous guidance, creating more ambiguity about how systems will be treated and the potential for inconsistency across agencies.

Acquisition

The second memorandum, M-25-22, implements the Trump Administration’s policy on AI-related procurement. The revised acquisition guidance maintains much of the prior Administration’s approach, including the same focus on cross-functional collaboration, harnessing innovation and competition in the AI-marketplace, and avoiding vendor lock-in. And, as with the changes in AI governance discussed above, many of the procurement requirements previously applicable to safety- and rights-impacting AI uses will now apply to high-impact use cases.

While the two documents are similar in many respects, there are several noteworthy changes. First, consistent with the new Administration’s focus on domestic production, the new policy expressly calls for agencies to “[m]aximize” the use of “American-Made AI.”4 Second, the prior policy directed agencies to identify and address risks of unlawful bias and discrimination as part of the procurement process. The new policy contains no similar directive. Third, the previous Administration directed agencies to ensure that contractual requirements address the unique risks of AI in biometrics and identification and established minimum requirements for biometric system properties. The new guidance contains only a general reference to compliance with privacy law and policy. While the revised policy states that OMB will develop “playbooks” to highlight the “nuances inherent in…specialized areas” like biometrics, it does not include any details or timeline for attaining that goal.5 Relatedly, while both memoranda require compliance with existing privacy law and policy, the new memorandum lacks the specific incident reporting requirements included in the previous policy.6

Next Steps

In response to this guidance, stakeholders—particularly AI vendors working with the agencies—should:

  • Continue to build relationships with CAIOs and agency staff. The Trump Administration policy directs agencies to drive risk acceptance and management to the lowest appropriate level, and stakeholders may need to identify new relevant decisionmakers below the CAIO level.
  • Engage with agencies on high-impact determinations. Whether a particular use is categorized as high impact will significantly influence the level of required risk mitigation. Stakeholders should make sure agencies have a clear understanding of all the relevant facts, as well as access to appropriate documentation and monitoring options.
  • Track the development of Agency AI Strategies. The real-world impact of the new Administration’s policies will hinge on decentralized decisions across dozens of agencies and offices. Within 180 days, each covered agency must “develop an AI Strategy for identifying and removing barriers to their responsible use of AI and for achieving enterprise-wide improvements in the maturity of their applications.”7 Stakeholders should seek out opportunities to engage key agency partners on their strategies, particularly where there may be an opportunity to expand the use of existing tools—an efficiency strategy OMB encourages.
  • Review solicitations and contracts. The acquisition memorandum applies to all solicitations issued 180 days after the memorandum was published—on or after September 30, 2025. It also applies to any option to renew or extend a contract that is exercised on or after the same date. Stakeholders should review current contracts to determine which, if any, may be impacted by these changes and engage with relevant agency contacts ahead of any renewal or option period, particularly if contracts involve high-impact use cases.

HWG LLP’s cross-disciplinary Artificial Intelligence and Emerging Technologies practice advises clients on federal and state legislative and regulatory proceedings, company compliance, and related litigation matters. Please contact Austin Bonner for more information. This advisory is not intended to convey legal advice. It is circulated publicly as a convenience and does not reflect or create an attorney-client relationship.

1        These documents fulfill a mandate from a January Executive Order, Removing Barriers to American Leadership in Artificial Intelligence, which directed OMB to revise its published guidance on AI to align with the new Administration’s priorities.

2        Note that many of these policies apply differently or not at all in the national security context. Stakeholders in the defense and intelligence space should refer to guidance specific to those agencies and to National Security Systems.

3       Off. of Mgmt. & Budget, Exec. Off. of the President, M-25-21, Accelerating Federal Use of AI through Innovation, Governance, and Public Trust at 14 (Apr. 3, 2025), https://www.whitehouse.gov/wp-content/uploads/2025/02/M-25-21-Accelerating-Federal-Use-of-AI-through-Innovation-Governance-and-Public-Trust.pdf (emphasis added) (“M-25-21”).

4       Off. of Mgmt. & Budget, Exec. Off. of the President, M-25-22, Driving Efficient Acquisition of Artificial Intelligence in Government at 4 (Apr. 3, 2025), https://www.whitehouse.gov/wp-content/uploads/2025/02/M-25-22-Driving-Efficient-Acquisition-of-Artificial-Intelligence-in-Government.pdf (emphasis omitted) (“M-25-22”).

     M-25-22 at 7.

6       Stakeholders should note that while the guidance memorandum may affect federal agency priorities related to preferred contract terms, it does not alter any private party’s obligations, including incident reporting obligations, under applicable laws or regulations.

7       M-25-21 at 5.