On July 14, 2026, the General Services Administration (“GSA”) held a public listening session to gather stakeholder feedback on a revised draft General Services Administration Acquisition Regulation (“GSAR”) clause addressing the basic safeguarding of Government data within Large Language Model Artificial Intelligence Systems (“LLMs”). The session—part of GSA’s second round of engagement on the draft clause—invited industry associations, companies, academics, and individual practitioners to comment on the clause’s strengths, weaknesses, and practical improvements. GSA officials emphasized that they were seeking specific, constructive, and actionable feedback to help craft an AI clause that protects the public’s data while enabling agencies to adopt AI quickly and with confidence.
Background
GSA is proposing to add GSAR clause 552.239-7001, “Basic Safeguarding of Data within Large Language Model Artificial Intelligence Systems (LLMs),” (the “Proposed Clause”) to establish comprehensive requirements for protecting Government Data (defined by the Proposed Clause as “Data Inputs and Data Outputs,” which includes all data, information, and content submitted to the LLM by the Government, as well as all data and content generated by the LLM in performance of the contract) when it is processed by LLMs. The Proposed Clause is intended for use in GSA’s Government-wide contract vehicles, including the Federal Supply Schedule, Governmentwide Acquisition Contracts, and OASIS+.
The current draft reflects substantial revisions to an earlier version issued in January 2026. That initial draft drew significant criticism from industry stakeholders who raised concerns about its overbroad scope, lack of alignment with existing commercial licensing models, unclear definitions, impractical flowdown requirements, and the absence of objective standards for its unbiased AI provisions. GSA has attempted to address many of these concerns in the revised draft, though—as the listening session made clear—stakeholders believe further refinement is needed.
Key Provisions of the Proposed Clause
The Proposed Clause applies only when Government Data will be processed by an LLM. It does not apply when the LLM is embedded in a common commercial product or when LLM functionality is incidental to the primary purpose of the core requirement being procured. In other words, the Proposed Clause does not apply where the LLM feature is a secondary, nonessential component of the main product or service the Government is acquiring. The key provisions include:
- Supply Chain Roles. The Proposed Clause recognizes that modern LLM deployments involve multiple entities performing distinct functions rather than a single vendor relationship. It defines four functional roles: LLM Developer (parties that design, train, and publish models); LLM System Operator (parties that host and provide access to models); LLM System Integrator (parties that configure and adapt models for specific use cases); and LLM Service Provider (parties that deliver LLM applications to end users). The Proposed Clause assigns specific obligations to each role and requires contractors to flow down applicable requirements to subcontractors and other supply chain participants.
- Data Ownership and Use Restrictions. The Proposed Clause aims to establish clear boundaries around how contractors may use Government Data. The Government retains full ownership of all Government Data and custom developments created under the contract. Contractors receive only a limited, revocable license to use Government Data for contract performance. Contractors are expressly prohibited from using Government Data for unauthorized purposes, including training or fine tuning models, informing business decisions, or providing data to third parties.
- Data Handling and Localization. To protect Government Data from unauthorized access or disclosure, the Proposed Clause requires contractors to implement technical, administrative, and organizational safeguards. These include automated processing systems that restrict human access to Government Data, encrypted transmission and storage, and audit logging. The Proposed Clause also specifies data localization requirements, prohibiting the removal or transmission of Government Data outside agreed upon premises or FedRAMP authorized services without written consent.
- Change Notification. The Proposed Clause establishes notification requirements to ensure the Government is informed of changes that could affect data security or system performance. Contractors must provide thirty days’ advance written notice before making material changes, such as adding or replacing LLMs, changing data protection controls, or modifying systems to comply with non-U.S. government requirements. Contractors must also provide seven days’ notice of any change that materially increases output bias, decreases safety guardrails, or degrades performance.
- Data Portability. To prevent vendor lock in and ensure continuity of operations, the Proposed Clause requires contractors to support the export of Government Data in open or standard machine readable formats. Contractors must provide documented APIs for data export and may not impose proprietary formats or technical restrictions that materially impair the Government’s ability to retrieve or migrate its data to another service.
- Unbiased AI Principles. The Proposed Clause requires contractors to ensure that LLMs are truthful, neutral, and nonpartisan. LLMs must prioritize historical accuracy and scientific objectivity, and contractors may not intentionally embed partisan or ideological judgments through training data, system prompts, or other configuration methods. The Government reserves the right to conduct its own evaluations of deployed LLMs using undisclosed benchmarks. Noncompliance may trigger decommissioning requirements, with contractors bearing the associated costs up to a percentage of the contract value.
GSA is specifically requesting public comment on whether the revised scope adequately addresses prior concerns about the breadth of the Proposed Clause, whether requirements such as Government data ownership and protection and contractor accountability are clearly defined, whether the roles and responsibilities of the contractor, LLM Developer, LLM System Operator, LLM System Integrator, and LLM Service Provider are clearly defined and flowdown paragraphs accurately presented, whether commenters understand how to implement the flowdown clauses, and whether the Proposed Clause adequately addresses risks related to foreign ownership or control of LLMs where changes to the LLM could covertly affect Government Data, outputs, or decisions without changing the contracting entity.
Summary of Public Comments
Public commenters generally addressed six principal topics: (1) data definitions and intellectual property, (2) alignment with commercial practices, (3) unbiased AI principles, (4) Proposed Clause flowdown for open source models, (5) scope and applicability, and (6) human oversight and incident reporting.
- Data Definitions, Ownership, and Intellectual Property
- System generated data such as metadata and logs should be excluded from the definition of data outputs.
- Government ownership of outputs derived from contractor background data may discourage AI investment.
- The custom development definition may be too broad and could restrict reuse of integrator-developed intellectual property.
- A functional test for Government usage context could replace the example-based approach.
- Alignment with Commercial Practices and the FAR Overhaul
- The Proposed Clause overrides standard commercial license terms and should align with commercial practice.
- The Proposed Clause may be incompatible with commercial item mandates under the Federal Acquisition Streamlining Act.
- The initiative runs counter to the ongoing FAR overhaul, which seeks to eliminate non statutory requirements.
- GSA should accept existing commercial terms and FedRAMP controls where they already address government needs.
- Unbiased AI Principles, Benchmarking, and Evaluation
- The unbiased AI principles lack objective benchmarks, standardized metrics, and clear evaluation procedures.
- Assessment obligations shift to contractors for commercial models they did not develop.
- The Government may use undisclosed benchmarks, and noncompliance could trigger suspension or uncapped liability.
- Anchoring principles to consensus standards such as ISO/IEC 42001 or National Institute of Standards and Technology (“NIST”) guidance and limiting obligations to commercially reasonable efforts would address these concerns.
- Ill-defined neutrality requirements raise free expression concerns.
- Proposed Clause Flowdown and Open Source Models
- Contractors often lack contractual relationships with open weight model publishers, leaving no vehicle for flowdown obligations.
- Obligations should follow the party that touches Government Data rather than the open model developer.
- Applicability exceptions and flowdown obligations lack cross references, potentially sweeping in excepted entities.
- Vertically integrated providers may map to all four roles, creating duplicative or conflicting obligations.
- A statutory tension exists with Section 1824 of the fiscal year 2026 National Defense Authorization Act.
- Scope, Applicability, and Change Notification
- Key terms such as “incidental” and “common commercial product” are undefined or unduly narrow.
- Clear transition mechanics such as phase-in periods, equitable adjustment, or grandfathering would avoid disruption to active programs.
- The thirty-day advance notice requirement and seven-day degradation notice are commercially impracticable.
- The requirement to report any known nonadherence is overly broad and should be narrowed.
- Human Oversight, Traceability, and Incident Reporting
- Requiring only summaries of intermediate processing may give a false sense of security, and access to unsummarized reasoning traces would be preferable.
- Models may recognize when they are being tested and produce answers that match evaluator expectations rather than actual deployment behavior.
- Incident reporting should expand to cover successor model training systems and model-initiated behavior, and carefully defined exceptions should permit human access to encrypted Government Data for troubleshooting purposes.
Next Steps
GSA officials acknowledged that this revised draft represents meaningful progress but is not yet final, and that the central challenge remains defining who is responsible for each obligation across a complex and rapidly evolving supply chain. All interested parties are encouraged to submit written comments through the Federal eRulemaking Portal, on or before August 3, 2026, with recommended clarifications and concrete costs and consequences of the current draft language. GSA noted that future action may take the form of a deviation and/or formal rulemaking.
Implications for Government Contractors
Organizations that contract with the Government to provide or integrate AI capabilities should closely evaluate how the Proposed Clause would affect their commercial terms, intellectual property, compliance obligations, and supply chain relationships. In particular, contractors should consider:
- Whether existing commercial license terms conflict with the Proposed Clause’s data ownership and use restrictions;
- How flowdown obligations would apply across their LLM supply chains, particularly where open-source or open-weight models are involved;
- Whether their current incident response and change management processes satisfy the Proposed Clause’s notification timelines; and
- How the unbiased AI provisions would affect their product development and deployment practices.
Alston & Bird will continue to monitor developments related to this rulemaking and provide updates as the implementing guidance and final rules are released. For more information, Alston & Bird’s Privacy, Cybersecurity, and Data Strategy Team has extensive experience advising clients on artificial intelligence and government contracting. Please contact us and sign up for alerts at AlstonPrivacy.com.