Full Report
A GAO review has found that selected agencies were not systematically collecting lessons learned from AI acquisitions — a necessary first step to share knowledge about AI acquisitions in accordance with OMB guidance. OMB has stated that agencies should share knowledge about AI acquisitions through a web-based repository developed by the General Services Administration (GSA).…
Analysis Summary
# Regulation/Compliance: OMB Guidance on AI Acquisition (Knowledge Sharing)
## Overview
This compliance requirement stems from Office of Management and Budget (OMB) guidance directing federal agencies to systematically collect and share "lessons learned" from Artificial Intelligence (AI) acquisitions. The goal is to create a centralized federal knowledge base to optimize contract terms, data rights, and testing protocols while avoiding repetitive procurement mistakes in the emerging AI landscape.
## Key Details
- **Issuing Authority:** Office of Management and Budget (OMB) / GAO Oversight
- **Effective Date:** In effect (referenced as current requirements in April 2026 report)
- **Jurisdiction:** U.S. Federal Executive Agencies
- **Status:** In Effect (Mandated, with GAO currently reporting on non-compliance)
## Requirements
### Mandatory Requirements
1. **Systematic Collection:** Agencies must establish internal policies to systematically document lessons learned from AI procurement activities.
2. **Knowledge Sharing:** Agencies are required to share these insights across the federal government through the GSA-managed repository.
3. **Internal Policy Integration:** Agency-specific procurement policies must be updated to mandate the collection of AI acquisition data (a current gap identified by GAO).
### Recommended Practices
1. **Repository Utilization:** Use the GSA's web-based repository to research previous AI acquisitions before drafting new RFPs.
2. **Specific Focus Areas:** Document and share successful contract language regarding data rights, transparency, and AI-specific testing requirements.
3. **Cross-Agency Collaboration:** Use shared data to avoid common pitfalls in AI model performance and vendor lock-in.
## Affected Organizations
- **Industries:** Government Contracting, Defense, Healthcare, and Homeland Security.
- **Organization Size:** All federal agencies (with specific focus on DOD, DHS, VA, and GSA).
- **Geographic Scope:** United States Federal Government.
## Compliance Timeline
- **Pre-2026:** OMB issued guidance on AI acquisition knowledge sharing.
- **April 2026:** GAO Review (GAO-26-107859) identifies widespread failure to collect lessons learned.
- **Immediate:** Agencies are expected to remediate policy gaps identified in the GAO report.
## Implementation Guidance
### Assessment Phase
- Inventory current AI acquisition projects.
- Review existing agency procurement policies to determine if "lessons learned" collection is formally mandated.
- Evaluate participation levels in the GSA web-based repository.
### Implementation Phase
- Draft and implement formal agency-wide memos requiring the documentation of AI procurement outcomes.
- Define a structured format for lessons learned (e.g., data ownership challenges, testing failures, vendor performance).
- Assign a Chief AI Officer or Senior Procurement Executive to oversee the reporting pipeline to GSA.
### Validation Phase
- Audit recent AI contracts to ensure "lessons learned" documentation exists in the contract file.
- Confirm successful upload of data to the GSA repository.
- Monitor GAO follow-up reports for agency-specific remediation status.
## Technical Requirements
- **GSA Repository Access:** Ensure procurement teams have credentials and training for the GSA’s web-based AI knowledge platform.
- **Data Standardization:** Align internal data collection with the technical schemas required by the GSA portal for interoperability.
## Penalties & Enforcement
- **Fines:** No direct financial fines for agencies; however, there are significant budgetary implications.
- **Other Consequences:** Potential loss of funding for AI projects, increased GAO oversight, and procurement delays.
- **Enforcement:** Congressional oversight and OMB budgetary "hold-backs" for non-compliant programs.
## Related Standards
- **NIST AI Risk Management Framework (AI RMF):** Provides technical context for what "lessons" should be learned (e.g., bias, safety).
- **Executive Order 14110:** Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.
## Resources
- **Official Documentation:** gao[.]gov/products/gao-26-107859
- **Guidance Documents:** OMB M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI)
- **Tools:** GSA AI Acquisition Repository (Internal Federal Access Only)
## Practical Recommendations
1. **Identify "AI" in Contracts:** Explicitly tag AI-related procurements in agency systems to ensure they are captured for lessons learned.
2. **Focus on Data Rights:** Prioritize documentation of how vendors handle data ownership, as this is a high-risk area for AI acquisitions.
3. **Update Policy Now:** Do not wait for a GAO audit; update agency procurement manuals to include a mandatory "AI Post-Award Review" phase.