Governance of AI

This issue brief is part of the GeoTech Center’s “Atlantic Council Commission on Artificial Intelligence: US leadership in the age of AI” report, which offers an action-oriented roadmap for strengthening US domestic AI capacity, aligning with allies, and sustaining global leadership.

Governments have become primary partners in the AI economy, not only as regulators but as major users, integrators, investors, and market shapers.

In the United States, the scale of federal AI adoption has expanded rapidly. As of April 2026, federal agencies had reported 3,611 individually reported AI use cases, including 445 high-impact use cases, across forty-one agency submissions spanning internal operations, healthcare applications, and service delivery. This growth has been reinforced by procurement and integration efforts led by the US General Services Administration, which have facilitated access to frontier AI systems, including large language models, from leading private-sector providers such as Anthropic, Google, OpenAI, and xAI. As agencies increasingly rely on private-sector AI systems, new governance and procurement challenges have emerged.

Policy guidance has evolved in parallel. In April 2025, the OMB issued Memoranda OMB M-25-21 and OMB M-25-22, which together established a more structured approach to federal AI adoption. These directives emphasized responsible innovation, streamlined acquisition, and risk management, while mandating the designation of chief AI officers within agencies to oversee governance, deployment, and compliance. In December 2025, OMB issued Memorandum OMB M-26-04, “Increasing Public Trust in Artificial Intelligence Through Unbiased AI Principles,” which introduced new procurement and transparency requirements for generative AI systems, particularly large language models used by federal agencies. At the same time, national security applications of AI have accelerated. The US Department of Defense (DOD) launched the AI Acceleration Strategy in January 2026, underscoring a shift toward integrating advanced and agentic AI capabilities into military operations.

Throughout this expansion, federal AI programs face new—but expected—operational and governance challenges. Existing frameworks for cybersecurity, data privacy, and internet technology acquisition might not always be agile enough to manage the unique risks of generative AI. For example, a privacy policy can impede data sharing among agencies and prevent effective collaboration on shared AI applications. Agencies must also contend with risks unique to AI systems. NIST’s Generative AI Profile (AI 600-1) identifies a range of these risks including hallucinated outputs, information integrity, and data privacy and security risks, which in federal contexts raise particular concerns about preserving distinct classification controls across data inputs and outputs in AI systems. Agencies also face emerging governance gaps around the integrity and interoperability of data and the absence of common standards for tracking model provenance, including where models originated, what data they were trained on, and what modifications have been made. At the same time, the federal government faces intense competition from the private sector in attracting and retaining AI talent, as well as in securing access to the computational infrastructure required to develop and deploy advanced systems. These challenges are compounded by risks unique to generative AI, highlighting the need for updated governance approaches that better align security, usability, and innovation.

More broadly, AI governance in the United States has emerged through a patchwork of policies and voluntary guidelines and best practices rather than a unified legal framework. Federal agencies rely on existing authorities, executive guidance, and procurement rules to govern AI systems, while Congress has yet to pass comprehensive AI legislation. Meanwhile, states are moving forward with their own AI laws and regulations, producing a fragmented governance landscape that complicates compliance, innovation, and national policy coordination. Recent federal actions have sought to address this fragmentation. The December 2025 White House executive order on national AI policy reflects an effort to establish a more unified federal framework, including potential preemption of state-level regulations viewed as barriers to innovation. However, this approach introduces new tensions between national consistency and state-level experimentation, particularly in areas such as safety and civil rights.

Beyond domestic governance, the United States is also shaping the global AI ecosystem through industrial policy and export controls. Since 2022, restrictions on advanced semiconductors and related technologies have aimed to limit adversaries’ access to critical AI infrastructure. At the same time, the 2025 AI Action Plan outlines a complementary effort to expand the global adoption of US AI technologies and infrastructure, particularly through partnerships with allies and partners. Together, these efforts reflect a strategy focused both on restricting access to critical inputs and scaling the US AI ecosystem internationally.

Balancing rapid adoption with risk management

Federal AI policy is attempting to accelerate adoption while also ensuring responsible use. OMB M-25-21 and OMB M-25-22 encourage agencies to reduce barriers to innovation and streamline procurement, while also requiring risk management practices for high-impact AI systems. More recent guidance, including OMB M-26-04, adds new requirements for generative AI systems related to transparency, documentation, and unbiased outputs, particularly in procurement. These policies show that the government is trying to move quickly on adoption while simultaneously building governance and oversight mechanisms, which can slow implementation and create uncertainty for agencies and government vendors. The recent Anthropic dispute with the DOD over military use of its Claude AI models underscores the real-world tensions between federal procurement, AI safety policies, and national security requirements.

Fragmentation between federal and state AI policies

The United States does not yet have a unifying body of law governing artificial intelligence. Federal oversight is spread across sector-specific regulations, agency guidance, procurement policies, and voluntary standards. At the same time, states have started to pass their own AI laws, producing a fragmented and uneven regulatory landscape. Recent polls show low public optimism toward AI in the United States. Comprehensive and forward-looking AI governance is essential to restoring public trust. The AI Action Plan marks a positive step by outlining national objectives for AI innovation, infrastructure, and diplomacy, but it lacks the force of law. Meanwhile, poorly designed federal preemption could override state regulations that aim to protect civil rights and public safety, which are areas of legitimate concern for many Americans.

Insufficient AI workforce inside the government

Federal agencies continue to face challenges in recruiting and retaining AI talent, competing directly with the private sector for technical expertise. Agencies also face difficulties in terms of providing education and training to the current workforce, competition with the private sector for AI-skilled professionals, compensation limitations, and slow hiring processes. These challenges have been compounded by the restructuring or elimination of some government technology units in recent years. The US Tech Force is intended to bring approximately one thousand technical experts into government for limited terms to help implement AI projects. However, long-term workforce and institutional capacity challenges remain.

Finding: Federal leadership in AI governance is necessary, but it is currently fragmented and inconsistently implemented. The federal government has issued substantial AI governance guidance—including OMB Memoranda M-24-10 and M-25-21—but implementation remains uneven across agencies, and no statutory framework exists to enforce consistent standards or define permissible use cases at a national level. Action is needed to establish durable, enforceable federal leadership in AI governance.

• Recommendation: Establish a coherent federal regulatory framework. The federal government should develop mandatory and voluntary standards addressing risk tiering, procurement standards, data governance, transparency requirements, and incident reporting to prevent fragmented governance, reduce reliance on diverging state-level or industry-led frameworks, and avoid repeating challenges seen in privacy regulation. It should collaborate with private-sector developers to leverage technical expertise while safeguarding public trust, particularly for high-risk applications. This framework should ensure consistent implementation of existing guidance, close gaps where OMB authority is limited, and create a foundation for consistent national policy.
• Recommendation: Act as a catalytic adopter of AI. As a complement to efforts outlined in preceding chapters to expand access to compute, data, and educational resources, the United States should use federal adoption strategically to drive broader innovation across states, sectors, and industry. Effective federal AI deployment can set standards, demonstrate best practices, and encourage wider adoption downstream. By showcasing how AI can be integrated safely and efficiently in public programs, the federal government can accelerate adoption and improve outcomes across government, private-sector, and state-level initiatives.

Finding: Federal agencies lack the procurement systems and workforce capacity needed to adopt AI effectively. Agencies face significant barriers to integrating AI into operations—from outdated procurement processes to a workforce that has not kept pace with the demands of overseeing and deploying AI systems. Addressing these structural gaps is essential to realizing the benefits of AI in government.

• Recommendation: Reform procurement systems to enable rapid acquisition of emerging AI capabilities. Agencies should implement adoption cycles that allow for continuous evaluation, adaptation, and scaling of AI tools while maintaining operational security. Procurement reform should include structuring acquisitions around outcomes rather than inputs and should be supported by readiness assessments such as data audits and governance reviews. Agencies should also collaborate with AI evaluation experts (e.g., at NIST) to streamline and standardize assessments of AI tools and platforms, including for security and auditability.
• Recommendation: Invest in training and professional development for administrative and executive staff. Agencies need people capable of responsibly adopting and overseeing AI systems and should revitalize technology-focused positions reduced by prior budget cuts.

Finding: AI’s geopolitical significance demands that national security and international competitiveness are central to federal AI strategy. The United States must develop governance approaches that balance innovation, security, and strategic influence—ensuring that AI adoption strengthens, rather than undermines, the United States’ global position. Policy and investment decisions should align AI deployment with strategic objectives, support defense readiness, and enhance the United States’ position as a leader in emerging AI technologies.

• Recommendation: Ensure AI adoption supports national defense and strengthens partnerships with allies. Federal AI strategy should prioritize applications that reinforce defense readiness and maintain US competitiveness in AI development and deployment. This includes joint AI infrastructure investments with allies, coordinated export control regimes, and shared testing and evaluation arrangements for defense-relevant AI systems.
• Recommendation: Develop governance approaches that balance innovation, security, and strategic influence. Policy frameworks should account for AI’s dual-use nature, ensuring that the drive for innovation does not come at the cost of security or strategic positioning.

Coley Felt is an assistant director at the Atlantic Council’s GeoTech Center.

Ryan Pan is a program assistant at the Atlantic Council’s GeoTech Center.

The GeoTech Center champions positive paths forward that societies can pursue to ensure new technologies and data empower people, prosperity, and peace.

Learn more

Image: Credit: Louis Velazquez via Unsplash