3
This memorandum does not address issues that are present regardless of whether AI is
used versus any other software, such as issues with respect to Federal information and
information systems in general. In addition, this memorandum does not supersede other, more
general Federal policies that apply to AI but are not focused specifically on AI, such as policies
that relate to enterprise risk management, information resources management, privacy,
accessibility, Federal statistical activities, IT, or cybersecurity.
Agencies must continue to comply with applicable OMB policies in other domains
relevant to AI, and to coordinate compliance across the agency with all appropriate officials. All
agency responsible officials retain their existing authorities and responsibilities established in
other laws and policies.
a. Covered Agencies. Except as specifically noted, this memorandum applies to all agencies
defined in 44 U.S.C. § 3502(1).
7
As noted in the relevant sections, some requirements in this
memorandum apply only to Chief Financial Officers Act (CFO Act) agencies as identified in 31
U.S.C. § 901(b), and other requirements do not apply to elements of the Intelligence Community,
as defined in 50 U.S.C. § 3003.
b. Covered AI. This memorandum provides requirements and recommendations that, as
described in more detail below, apply to new and existing AI that is developed, used, or procured
by or on behalf of covered agencies. This memorandum does not, by contrast, govern:
i. agencies’ regulatory actions designed to prescribe law or policy regarding non-agency
uses of AI;
ii. agencies’ evaluations of particular AI applications because the AI provider is the target or
potential target of a regulatory enforcement, law enforcement, or national security
action;
8
iii. agencies’ development of metrics, methods, and standards to test and measure AI, where
such metrics, methods, and standards are for use by the general public or the government
as a whole, rather than to test AI for a particular agency application
9
; or
iv. agencies’ use of AI to carry out basic research or applied research, except where the
purpose of such research is to develop particular AI applications within the agency.
7
The term “agency,” as used in both the AI in Government Act of 2020 and the Advancing American AI Act, is
defined as “any executive department, military department, Government corporation, Government controlled
corporation, or other establishment in the executive branch of the Government (including the Executive Office of the
President), or any independent regulatory agency,” but does not include the Government Accountability Office; the
Federal Election Commission; the governments of the District of Columbia and of the territories and possessions of
the United States, and their various subdivisions; or Government-owned contractor-operated facilities, including
laboratories engaged in national defense research and production activities. 44 U.S.C. § 3502(1); see AI in
Government Act of 2020 § 102(2) (defining “agency” by reference to § 3502); Advancing American AI Act §
7223(1) (same). As a result, independent regulatory agencies as defined in 44 U.S.C. § 3502(5), which were not
included in the definitions of “agency” in Executive Order 13960 and Executive Order 14110, are covered by this
memorandum.
8
AI is not in scope when it is the target or potential target of such an action, but it is in scope when the AI is used to
carry out an enforcement or national security action. For example, when evaluating an AI tool to determine whether
it violates the law, the AI would not be in scope; if agencies were using that same tool to assess a different target,
then the AI would be in scope.
9
Examples include agency actions to develop, for general use, standards or testing methodologies for evaluating or
red-teaming AI capabilities.