GSA Issues Proposed AI Contract Clause, Seeks Feedback

The General Services Administration (GSA) is seeking public comment on a new GSA Regulation clause, 552.239-7001, Basic Safeguarding of Data within Large Language Model Artificial Intelligence Systems (LLMs), governing data safeguards and requirements prime contractors must comply with when providing or using LLMs under federal contracts. This updated clause (Revised Clause) reflects substantial revisions from an earlier version released in March 2026 (Original Clause) that faced substantial pushback from industry. Where the Original Clause cast a wide net — imposing obligations broadly across AI systems with little differentiation among supply-chain participants — the Revised Clause is more narrowly tailored. The Revised Clause:

• Focuses on LLMs that process government data.
• Exempts LLMs embedded in common commercial products or when LLM functionality is “incidental to the primary purpose of the core requirement being procured.”
• Allows the government to retain intellectual property rights in its data and prohibits LLMs from training on that data.
• Replaces certain supply-chain sourcing requirements in the Original Clause with a requirement to “maximize” the use of LLMs developed, managed, and operated by U.S.-incorporated entities.
• Requires contractors to ensure an LLM is “developed and monitored” in accordance with “unbiased AI principles.”
• Imposes mandatory, role-based flow-down clauses on subcontractors.
• Includes liability caps, disclosure safeguards, and trade secrets protections, among other provisions.

Comments and Listening Sessions

Written comments on the Revised Clause are due by August 3, 2026. Additionally, GSA has scheduled a public listening session for Tuesday, July 14, 2026, from 11 a.m. to 2 p.m. ET at The George Washington Law School, Room Lerner 201, 2000 H Street, NW, Washington, D.C. Registration closes on July 3, 2026.

Key Provisions in Revised Clause

Applicability to Government Data. The Original Clause applied to any contract “for AI capabilities,” without defining that term or specifying the conditions under which the clause’s obligations attached. The Revised Clause, in contrast, establishes an applicability threshold: the clause only applies where “Government Data” (which generally includes data inputs and outputs provided or created under the relevant contract but excludes contractor background IP and information generated outside of the contract) will be processed by an LLM.

The Revised Clause also introduces two important carve-outs: the clause does not apply when the LLM is embedded in a common commercial product, such as a word processor or map navigation system, or when LLM functionality is merely “incidental to the primary purpose of the core requirement being procured.” The phrase “incidental to the primary purpose of the core requirement being procured” is not defined.

IP Rights Restructured. The Original Clause granted the government a sweeping license to use the AI system “for any lawful Government purpose” for the duration of the contract and did not define or protect contractors’ preexisting proprietary content fed into the system. The Revised Clause makes three significant changes:

• First, a new defined term, “Background Data,” covers preexisting proprietary content, reference materials, knowledge bases, or other intellectual property owned or controlled by the contractor that may be incorporated into the LLM’s processing or outputs through retrieval processes, vector stores, embeddings, or similar mechanisms. 
• Second, the contractor retains ownership of the underlying LLM, base models, and Background Data in its original form. 
• Third, the government’s license to use the LLM is strictly limited to the specific purposes and scope of work defined within the contract or task/delivery order, and is restricted to the commercially available features, Background Data, and functionality of the LLM as described in and “necessary to fulfill th[e] contract.” 

“American AI Systems” Prohibition Replaced With Criteria-Based “Maximize Use” Standard.  The Original Clause required contractors to “use only American AI Systems,” and expressly prohibited the use of foreign AI systems in the performance, including any AI components made or controlled by non-U.S. entities. (The Original Clause did not define the term “American AI Systems.”)

The Revised Clause replaces this bright-line prohibition with a more flexible requirement: contractors must maximize the use of LLMs that are “developed, managed, and operated” by U.S.-incorporated entities subject to U.S. law and jurisdiction and that are not subject to foreign control. Incidental foreign-developed components, such as open-source components and published research, ancillary third-party services, and globally operated infrastructure dependencies are permissible, provided they do not introduce security or foreign control risks. 

“Unbiased AI Principles” Requirement Remains. In July 2025, the president signed an executive order to preclude the federal government from procuring AI models that incorporate “ideological biases or social agendas.” In December, the Office of Management and Budget (OMB) published guidance that imposed transparency, documentation, and disclosure obligations on AI contractors and directed agencies to revise procurement policies.

The Revised Clause follows through on that guidance by establishing requirements for contractors to ensure LLMs are “developed and monitored in accordance” with “unbiased AI principles.” These include requiring that an LLM be “truthful,” “prioritize historical accuracy” and “acknowledge uncertainty” where necessary, refrain from manipulating responses to favor “ideological dogmas,” and implement continuous improvement processes to enhance detection and mitigation of “bias.”

The Revised Clause does away with a reference in the Original Clause to “ideological dogmas such as Diversity, Equity, Inclusion.”

Mandatory Role-Based Flow-Down Provision Added. The Original Clause imposed a single, catch-all pass-through: if the contractor used an AI system owned or operated by a “Service Provider” — defined simply as an entity that “directly or indirectly provides, operates, or licenses an AI system” — the contractor bore responsibility for that entity’s adherence to the clause. The Revised Clause eliminates this single concept entirely and replaces it with four discrete, NIST AI RMF 1.0-aligned role definitions:

• LLM Developer (i.e., an entity that designs, trains, or makes available the foundational model).
• LLM System Operator (i.e., an entity that hosts, serves, and operates the model through cloud infrastructure and runtime environments).
• LLM System Integrator (i.e., an entity that selects, configures, and adapts the model for a specific deployment or use case, including through system prompts, RAG sources, and guardrails).
• LLM Service Provider (i.e., an entity that delivers the finished LLM-enabled application, product, or workflow directly to government customers and end users). 

Each role has a role-specific companion flow-down clause, meaning that prime contractors must determine which role(s) their LLM vendors fill to apply the clause. 

Liability Cap, Written Notice, and Disclosure Safeguards Added. The Original Clause imposed liability for “reasonable decommissioning costs if the agency terminates this contract for cause for failure to comply with the Unbiased AI Principles.” The Original Clause provided for no cure period, liability cap, or any obligation on the government to disclose the basis for its determination.

Under the Revised Clause, the contractor is liable for reasonable decommissioning costs only if the contracting officer terminates the contract for cause for failure to remediate after receiving specific written notice of non-compliance with the Unbiased AI Principles. The government must also disclose information, under appropriate confidentiality protections, to enable the contractor to understand the basis for the government’s determination and take reasonable remediation actions. These changes likely amount to a meaningful improvement in contractor due-process protections over the Original Clause.

Trade Secrets Protection Added. The Revised Clause expressly states that the contractor is not required to disclose proprietary source code, model weights, or trade secrets. This protection was not included in the Original Clause and appears to be a direct response to industry concerns about the disclosure obligations.

Key Questions for Contractors to Consider

Contractors should carefully assess the revised clause and consider whether to submit written comments to GSA by the August 1, 2026, deadline. GSA stipulates specific questions for comment as follows:

1. Does the change in clause prescription adequately address previous concerns about the broadness of the scope of the clause?
2. Are the requirements, such as contractor accountability and Government Data ownership and protection, clearly defined?
3. Are the roles and responsibilities of the contractor, LLM Developer, LLM System Operator, LLM System Integrator, and LLM Service Provider clearly defined and flow-down paragraphs accurately presented?
4. Do you understand how to implement the flow-down clauses?
5. Does the clause adequately address risks related to foreign ownership or control of LLMs, where changes to the LLM could covertly affect Government Data, outputs, or decisions without changing the contracting entity?

Contractors may also wish to consider whether:

• Their current LLM deployments — and the LLMs used by their subcontractors and commercial vendors — satisfy the revised U.S.-control and adversary-foreign-government criteria, and whether any foreign-origin components may need to be assessed or disclosed.
• Existing commercial agreements with LLM Developers, LLM System Operators, LLM System Integrators, and LLM Service Providers permit the required flow down of clause obligations, and whether renegotiation is necessary.
• Current models meet the requirements to adhere to “unbiased principles.”
• They are comfortable with the IP rights granted to the government, among others.

An assessment of the above issues can inform Contractors’ comments on the proposed clause. For further information and analysis, please contact our team.