Use of Artificial Intelligence at GSA

Number: 2185.1A CIO
Status: Active
Signature Date: 06/07/2024
Expiration Date: 06/07/2027

Purpose 

This directive establishes the governing policies regarding the controlled access and responsible use of artificial intelligence (AI) technologies and platforms. It addresses the assessment, procurement, usage, monitoring, and governance of AI systems and software within the GSA network, in conjunction with all existing security, privacy, policies, directives, ethics regulations, and laws. 

Background 

The AI in Government Act of 2020 (Public Law 116-260), AI Training Act of 2023 (Public Law 117–207), Executive Order 13859, Executive Order 13960, Executive Order 14110, Executive Order 14091, M-21-06, M-24-10, OMB Circular No. A-119, and the AI Bill of Rights direct all Federal agencies to:

  1. Ensure that all AI and automated systems comply with applicable Federal law in a manner that advances equity, safety, and privacy;
  2. Establish or update processes to measure, monitor, evaluate, and report on AI activities, use-cases, their ongoing performance, and manage the risks of using AI through regular risk assessments as required, especially for safety-impacting and rights-impacting AI;
  3. Prioritize appropriate uses of AI that improve their agency’s mission, advance equity and identify and remove barriers to the responsible use of AI in the agency, including through the advancement of AI-enabling enterprise infrastructure, workforce development measures, policy, and other resources for AI innovation;
  4. Ensure adequate infrastructure and capacity is available to sufficiently curate agency datasets for AI usage, including the requisite data governance and management practices as they relate to data curation, labeling, and stewardship;
  5. Initiate measures and procedures to regularly assess the agency’s AI workforce capacities and its projected AI workforce needs;
  6. Support interagency coordination bodies related to AI activities and AI standards-setting initiatives, and encourage agency adoption of voluntary consensus standards for AI.

Applicability 

This order applies to:

  1. All GSA employees and contractors that may have a need to access or share data, as well as system-to-system data exchanges;
  2. IT systems owned and operated by or on the behalf of any of the GSA Service and Staff Offices (SSOs), including Regional Offices; 
  3. GSA or Federal data contained on or processed by IT systems owned and operated by or on the behalf of any of the GSA SSOs, including Regional Offices;
  4. The Office of Inspector General (OIG) to the extent that the OIG determines it is consistent with the OIG’s independent authority under the Inspector General Act of 1978 (5 U.S.C. App. 3) and does not conflict with other OIG policies or the OIG mission; and
  5. The Civilian Board of Contract Appeals (CBCA) only to the extent that it is consistent with the CBCA’s requisite independence as defined by the Contract Disputes Act (CDA) and its legislative history. 41 U.S.C. §§ 7101-7109 (2012) and S. Rep. No. 95-1118 (1978).

Cancellation 

This directive cancels the Security Policy for Generative Artificial Intelligence (AI) Large Language Models (LLMs) (Number: CIO IL-23-01).