[Federal Register Volume 91, Number 116 (Wednesday, June 17, 2026)]
[Proposed Rules]
[Pages 36559-36566]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2026-12205]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

48 CFR Parts 539 and 552

[Notice-MVAC-2026-01; Docket No. 2026-0331; Sequence No. 1]


General Services Acquisition Regulation; Acquisition of 
Information and Communication Technology; Notice of Listening Sessions 
and Request for Comments

AGENCY: Office of Acquisition Policy, General Services Administration 
(GSA).

ACTION: Proposal; request for comments.

-----------------------------------------------------------------------

SUMMARY: The General Services Administration (GSA) is seeking public 
comment on the draft of a new General Services Administration 
Acquisition Regulation (GSAR) clause regarding basic safeguarding of 
data within Large Language Model Artificial Intelligence Systems 
(LLMs). Due to the complexity of the issue, GSA is publishing this 
notification and draft clause to gather feedback from stakeholders 
before taking future action (e.g., deviation and/or formal rulemaking).

DATES: 
    Comment due date: Interested parties should submit written comments 
as noted below on or before August 3, 2026, to be considered in the 
formation of the final GSAR clause.
    Public listening session date: GSA plans to hold a public listening 
session on Tuesday, July 14, 2026. For additional information see 
section D of the SUPPLEMENTARY INFORMATION.

ADDRESSES: GSA invites interested persons to submit comments on this 
notification via the Federal eRulemaking portal at https://www.regulations.gov. This website provides the ability to type short 
comments directly into the comment field or attach a file for lengthier 
comments. Submit comments by searching for ``Notice-MVAC-2026-01'' and 
follow the instructions on the site. Please include your name, company 
name (if any), and ``Notice-MVAC-2026-01'' on your attached document. 
To confirm receipt of your comment(s), please check 
www.regulations.gov, approximately two-to-three days after submission 
to verify posting.
    If your comment cannot be submitted using https://www.regulations.gov, call or email the points of contact in the FOR 
FURTHER INFORMATION CONTACT section of this document for alternate 
instructions.
    Please note that all public comments received are subject to the 
Freedom of Information Act and will be posted in their entirety, 
including any personal and/or business confidential information 
provided. Do not include any information you would not like to be made 
publicly available. All statements received, including attachments and 
other supporting materials, are part of the public record and subject 
to public disclosure. You should submit only information that you wish 
to make available publicly.

Public Listening Session

    The Listening Session will be held from 11 a.m. to 2 p.m. ET, at 
The George Washington Law School, Room Lerner 201, 2000 H Street NW, 
20052. For additional information see section D of the SUPPLEMENTARY 
INFORMATION.

FOR FURTHER INFORMATION CONTACT: For questions about this request for 
comments, please contact Ms. Johnie McDowell at 202-718-6112 or via 
email at [email protected]. For questions about the listening session, 
please email [email protected].

SUPPLEMENTARY INFORMATION:

A. Background

    The rapid advancement and adoption of Large Language Model 
Artificial Intelligence (LLM) systems present both unprecedented 
opportunities and significant challenges for Federal agencies. As GSA 
establishes contracts for these technologies, ensuring the integrity, 
security, and appropriate handling of Government Data is paramount. 
This notification introduces a new GSAR clause, 552.239-7001,

[[Page 36560]]

``Basic Safeguarding of Data within Large Language Model Artificial 
Intelligence Systems (LLMs),'' to address these critical concerns. This 
clause may be used in GSA's Government-wide contracts (e.g., Federal 
Supply Schedule, GWACs, and OASIS+).
    This clause is developed in response to the growing use of LLMs 
across Government and the need for a standardized approach to data 
protection, intellectual property, and ethical AI development when 
LLM's are used to process Government data. It is informed by principles 
outlined in Executive Orders (e.g., Executive Order 14110, Safe, 
Secure, and Trustworthy Development and Use of Artificial Intelligence 
and OMB Memorandums (e.g., OMB memorandum M-25-22, Driving Efficient 
Acquisition of Artificial Intelligence in Government, and comments 
received on the first draft of this clause. The first draft was issued 
through GSA Interact on January 12, 2026 (https://buy.gsa.gov/interact/community/6/activity-feed/post/4d70761f-60f8-4eb0-8119-052ec4c7c9b3/Advanced_Notice_for_MAS_Refresh_31_and_Upcoming_Mass_Modification).
    The updated draft of the clause can be found below.

B. Discussion of Proposed Changes

    GSA proposes to add GSAR clause 552.239-7001 to establish 
comprehensive requirements for the basic safeguarding of Government 
Data within LLM systems when they process Government data. The clause 
reflects substantial revisions from the January 12, 2026, version and 
reflects GSA's understanding of comments and concerns on that version.
Key Changes
    In addition to other updates, GSA implemented the following changes 
as a response to industry comments:
Scope
    Clarified the scope of the clause by:
     Changing the name of the clause to ``Basic Safeguarding of 
Data within Large Language Model Artificial Intelligence Systems 
(LLMs)''.
     Clarifying that the clause only applies when LLMs process 
Government data.
     Adding exceptions.
     Establishing a new section entitled ``Applicability and 
Flowdown'' (paragraph (a)). This section clarifies when the clause 
applies (when Government Data is processed by an LLM) and when it does 
not (LLMs embedded in common commercial products or when LLM 
functionality is incidental).
     The clause is updated to establish common roles involved 
with various functions within the LLM supply chain (i.e., LLM 
Developers, LLM System Operators, LLM System Integrators, and LLM 
Service Providers) and mandates the flowdown of specific paragraphs/
requirements within the basic clause to any subcontractor or service 
provider functioning within common applicable roles. The goal is to 
ensure data safeguarding responsibilities are extended appropriately 
throughout the complex ecosystem of LLM development and deployment.
Definitions
    Expanded and clarified definitions as follows:
     Contractor: Clarified the term for both prime contractors 
and subcontractors in the context of required flowdown requirements.
     Data, Data Inputs, Data Outputs, Government Data: 
Clarified the scope for what constitutes Government information within 
the LLM context, including user prompts, queries, generated responses, 
and derived data.
     Established definitions for LLM System Integrator, LLM 
System Operator, LLM Developer, LLM Service Provider, Background Data, 
and Material Change.
Contractor Responsibilities
     Clarified requirements for contractor responsibilities, 
government data use and handling, licensing requirements, and 
compliance requirements.
Compliance, Reporting, and Documentation
     Identified the contractor and flowdown roles regarding 
compliance, reporting and documentation including timeframes.
Change Notification
     The term ``change management'' was changed to ``Change 
Notification'' (paragraph ``i'' of the clause) to better describe the 
requirement. Clarifying language was added to ensure that contractors 
know what, when, and how to notify GSA of changes to the LLM.
Unbiased AI Principles
     The draft provides more context to the application of 
``unbiased AI principles'' (paragraph ``j'' of the clause).

C. Specific Questions for Comment

    To understand the scope of the impact of this clause and how this 
impact could be affected in subsequent actions (e.g., deviation and/or 
rulemaking), GSA welcomes input on the following questions in addition 
to all other comments you want GSA to consider:
    1. Does the change in clause prescription adequately address 
previous concerns about the broadness of the scope of the clause?
    2. Are the requirements such as Government data ownership and 
protection and contractor accountability clearly defined?
    3. Are the roles and responsibilities of the contractor, LLM 
Developer, LLM System Operator, LLM System Integrator, and LLM Service 
Provider clearly defined and flowdown paragraphs accurately presented?
    4. Do you understand how to implement the flowdown clauses?
    5. Does the clause adequately address risks related to foreign 
ownership or control of LLMs, where changes to the LLM could covertly 
affect Government Data, outputs, or decisions without changing the 
contracting entity?
Format of Responses
    When submitting comments, please identify the specific page number, 
section, and paragraph (e.g., page 5, (c)(1)(i), flowdown clause 
number, etc). For each entry, include any administrative burdens, 
reasons for disagreement or support, and suggested language. 
Additionally, where applicable, please provide citations and sources 
that support your recommendations.
    For ease of reading and standardization, the use of a spreadsheet 
to format (e.g., company name, identify specific paragraph, copy of 
exact language in dispute, suggested language, comment, citation, if 
any) is encouraged. If commenters identify benefits, costs, burdens, 
loopholes, or shortcomings of particular options for implementing the 
clause, GSA requests that commenters provide data and evidence to 
support the comments.

D. Listening Session Registration

    Industry partners wishing to attend in-person or virtually must 
register. Registration will close on Friday, July 3, 2026. In-person 
attendance space is limited and will be on a first-come, first-served 
basis. Once the maximum in-person attendance registration has been 
reached, all other registrants will be registered for virtual 
attendance. Registrants who would like to present information on topics 
must register in advance and registration will close on Friday, July 3, 
2026.
    GSA invites a wide range of perspectives to discuss how we can

[[Page 36561]]

improve the draft clause. We want to hear about its strengths, 
potential weaknesses, and practical ways to make it more effective.
    Industry partners and the public are asked to only register to 
speak to one of these categories:

 Government Data Ownership and Protection Requirements
 Prime Contractor Requirements
 Clause Flowdown Requirements
 Other Clause Requirements

    To register for the Listening Session in person or virtually, 
visit: https://gsa.zoomgov.com/webinar/register/4917809414710/WN_2L3o5vduRBOpdur9ub_-0A. Registration will close on Friday, July 3, 
2026.
    After registering, to request to speak on one of the previously 
listed categories, do so at https://forms.gle/1Whv75hUG38ZWtfD7. This 
registration will close on Friday, July 3, 2026. Members of the press, 
in addition to registering for this event, must RSVP to [email protected] 
no later than Friday, July 3, 2026.

List of Subjects

48 CFR Part 539

    Computer technology, Government procurement.

48 CFR Part 552

    Government procurement, Reporting and recordkeeping requirements.

Nicholas West,
Director, Office of GSA Acquisition Policy, Integrity & Workforce, 
Office of Government-wide Policy, Office of Acquisition Policy.
    For the reasons set out in the preamble, GSA proposes to amend 48 
CFR chapter 5 as follows:

0
1. Add part 539 to read as follows:

PART 539--ACQUISITION OF INFORMATION AND COMMUNICATION TECHNOLOGY

Sec.
539.71 Solicitation provisions and contract clauses.
539.72 [Reserved]

    Authority:  40 U.S.C. 121(c).


539.71  Solicitation provisions and contract clauses.

    (a) Basic Safeguarding of Data Within Large Language Model 
Artificial Intelligence Systems (LLMs). The contracting officer must 
insert the clause at 552.239-7001, Basic Safeguarding of Data Within 
Large Language Model Artificial Intelligence Systems, in solicitations 
and contracts, including those for commercial products and services, 
when Government data will be processed by a LLM.
    (b) Exceptions. The clause does not apply when--
    (1) The LLM is embedded in a common commercial product, such as a 
word processor or map navigation system (see section 7223(4)(B) of Pub. 
L. 117-263); or
    (2) The LLM functionality is incidental to the primary purpose of 
the core requirement being procured.


539.72  [Reserved]

PART 552--SOLICITATION PROVISIONS AND CONTRACT CLAUSES

0
2. The authority citation for part 552 continues to read as follows:

    Authority:  40 U.S.C. 121(c).

0
3. Add 552.239-7001 to read as follows:


552.239-7001  Basic Safeguarding of Data Within Large Language Model 
Artificial Intelligence Systems.

    As prescribed in 539.71, insert the following clause:


552.239-7001  Basic Safeguarding of Data Within Large Language Model 
Artificial Intelligence Systems (XXX 2026) (GSAR Deviation)

    (a) Applicability and Flowdown.
    (1) Applicability.
    (i) This clause applies only when Government Data will be processed 
by a Large Language Model Artificial Intelligence System (LLM).
    (ii) This clause does not apply when--
    (A) The LLM is embedded in a common commercial product, such as a 
word processor or map navigation system (see Section 7223(4)(B) of 
Pubublic Law 117-263);
    (B) The LLM functionality is incidental to the primary purpose of 
the core requirement being procured.
    (2) Flowdown Requirements. The Contractor must extend (flowdown) 
the specific paragraphs of the base clause to any subcontractor or 
service provider (referred to as ``Contractor'' in each flowdown 
supplemental clause) functioning in the applicable roles, as defined in 
the flowdown supplemental clauses. Where a single entity performs 
multiple roles, multiple flowdown supplemental clauses should be used:
    (i) 552.239-7001-1 LLM Developer Flowdown Requirements (DATE);
    (ii) 552.239-7001-2 LLM System Operator Flowdown Requirements 
(DATE);
    (iii) 552.239-7001-3 LLM System Integrator Flowdown Requirements 
(DATE);
    (iv) 552.239-7001-4 LLM Service Provider Flowdown Requirements 
(DATE).
    (b) Definitions. As used in this clause--
    Background Data means any pre-existing proprietary content, 
reference materials, knowledge bases, or other intellectual property 
owned or controlled by the Contractor that may be referenced, 
retrieved, augmented, or otherwise incorporated into the LLM's 
processing or outputs through any enrichment mechanism, including but 
not limited to retrieval processes, vector stores, embeddings, 
knowledge graphs, plugins, tool calls, agent actions, or similar 
mechanisms.
    Contractor means the entity that enters into the direct contract 
with GSA responsible for implementation of this clause (i.e., prime 
contractor) or, for the purposes of each flowdown supplemental clause, 
the subcontractor or service provider functioning in the applicable 
role.
    Custom Development means any design of or modifications, 
customizations, configurations, or enhancements to LLMs or associated 
implementations or workflows, and any related work product or 
deliverables, in each case developed specifically for the Government 
under this contract or task/delivery order, including any 
modifications, customizations, configurations, or enhancements to LLMs 
as a result of model training or fine-tuning. Custom Development 
excludes any background intellectual property (e.g., the underlying 
supporting services, default configurations, and/or mechanisms) 
existing prior to entry into this contract or developed independently 
by the Contractor.
    Data has the same meaning as defined in 44 U.S.C. 3502(16) and 
must, without limiting the generality of the foregoing, specifically 
include Data Inputs and Data Outputs.
    Data Inputs means all data, information, personally identifiable 
information (PII), or content submitted to the LLM and related 
operational systems by, or created for, the Government, including but 
not limited to user prompts, queries, instructions, system prompts, 
source data, documents, knowledge bases, Government email addresses, 
user account information, and any other information or content 
submitted to the LLM and related operational systems by or on behalf of 
the Government. This definition specifically excludes any background 
intellectual property or information existing prior to entry into this 
contract or task/delivery order or

[[Page 36562]]

developed independently by such Contractor.
    Data Outputs means all data, information, PII, any improvements, 
enhancements, corrections, annotations, or other modifications made to 
Data Inputs, or content generated by the LLM in the performance of this 
contract, including but not limited to responses, results, analyses, 
anonymized data, derivative data, metadata, logs, synthetic data, and 
any other output or action produced by the LLM, regardless of whether 
such output incorporates or is derived from Background Data. This 
definition specifically excludes technical system-level data that 
contains no Government information or Government usage context, such as 
performance metrics, token counts, and processing times.
    Government means any entity authorized to obtain procurement 
services through GSA pursuant to 40 U.S.C. Sec.  501, 502.
    Government Data means Data Inputs and Data Outputs.
    Information system means a discrete set of information resources 
organized for the collection, processing, maintenance, use, sharing, 
dissemination, or disposition of information (44 U.S.C. 3502(8)).
    Large Language Model Artificial Intelligence System (LLM) means a 
generative artificial intelligence model trained on vast, diverse 
datasets that enable the model to generate natural-language responses 
to user prompts (Ref. Executive Order 14319 Section 2). LLM includes 
the integrated technical and operational environment in which the model 
is configured, deployed, operated, monitored, or made available for the 
processing of Government Data, including the model, hosting and access 
infrastructure, system prompts, configurations, knowledge bases, 
retrieval mechanisms, Application Programming Interfaces (APIs), user 
interfaces, guardrails, monitoring systems, and associated workflows.
    LLM Developer means the party that performs LLM Development Tasks 
(as defined in NIST AI RMF 1.0, Appendix A as ``AI Development Tasks'') 
by designing, developing, training, fine-tuning, calibrating, testing, 
publishing, licensing, or otherwise making available an LLM, including 
model weights, interfaces, model cards, safety documentation, or 
conditional usage restrictions. LLM Developer maps primarily to the 
``AI Development'' actor category in NIST AI RMF 1.0, Appendix A.
    LLM Service Provider means the party that performs LLM Deployment 
and Operation & Monitoring (as defined in NIST AI RMF 1.0, Appendix A 
as ``AI Deployment and Operation & Monitoring'') tasks by providing an 
LLM-enabled application, product, service, workflow, API, user 
interface, or business capability to Customers or End Users, and 
controlling the manner in which the service is presented, accessed, 
administered, supported, or used within that application or workflow. 
LLM Service Provider maps primarily to the ``AI Deployment'' and 
``Operation and Monitoring'' actor categories in NIST AI RMF 1.0, 
Appendix A.
    LLM System Integrator means the party that performs LLM Design and 
LLM Deployment (as defined in NIST AI RMF 1.0, Appendix A as ``AI 
Design'' and ``AI Deployment'', respectively) tasks by selecting, 
configuring, adapting, or materially controlling how an LLM System 
performs in a specific deployment or use case, including by selecting 
models, setting system prompts, prompt templates, Retrieval-Augmented 
Generation (RAG) sources, fine-tuning data, tools, plugins, agents, 
guardrails, filters, evaluation criteria, human-review thresholds, or 
output constraints. LLM System Integrator maps primarily to the ``AI 
Design'' and ``AI Deployment'' actor categories in NIST AI RMF 1.0, 
Appendix A, and includes parties NIST identifies as ``system 
integrators.''
    LLM System Operator means the party that performs LLM Deployment 
and Operation & Monitoring (as defined in NIST AI RMF 1.0, Appendix A 
as ``AI Deployment and Operation & Monitoring'') tasks by hosting, 
serving, operating, or providing access to an LLM or LLM System, 
including through cloud infrastructure, model endpoints, runtime 
environments, API availability, capacity management, logging, 
retention, and runtime security. LLM System Operator maps primarily to 
the ``AI Deployment'' and ``Operation and Monitoring'' actor categories 
in NIST AI RMF 1.0, Appendix A, and may also be a ``Third-party 
entity'' where it provides such services for another organization.
    Material Change means any modification that could affect the 
trustworthiness, security, or operational integrity of the performance 
of the contract, especially as they pertain to the processing and 
protection of Government Data and the contractors involved in that 
process.
    Personally Identifiable Information (PII) has the same meaning as 
defined in OMB Circular No. A-130.
    (c) Order of Precedence. For purposes of the order of precedence in 
GSAR clause 552.212-4, this clause is incorporated into the ``schedule 
of supplies/services''. This clause establishes specific requirements 
that take precedence over conflicting provisions in the Contractor's 
policies, requirements, terms, conditions, or commercial agreements.
    (d) Contractor Responsibility for LLM. The Contractor must:
    (1) Exercise due diligence in selecting and overseeing the LLM's 
Developer(s), System Operator(s), System Integrator(s), and Service 
Provider(s).
    (2) Notify the Contracting Officer, within 72 hours, of any known 
non-adherence to this clause.
    (3) Demonstrate compliance. The Contractor may satisfy due 
diligence by relying on:
    (i) Flowdown of applicable requirements of this clause to LLM's 
Developer(s), System Operator(s), System Integrator(s), and Service 
Provider(s); or
    (ii) Obtaining attestation, from an individual with appropriate 
authority representing the LLM's Developer(s), System Operator(s), 
System Integrator(s), and Service Provider(s), that requirements have 
been implemented.
    (e) Intellectual Property Rights.
    (1) Rights in Government Data.
    (i) The Government retains full ownership of, and will own, all 
Government Data and Custom Developments. The Contractor does not have 
any rights to use Government Data or Custom Developments provided to 
the Contractor other than those described in paragraph (e)(1)(iii).
    (ii) Only LLM Developers, LLM System Operators, LLM System 
Integrators, and LLM Service Providers may receive and process 
Government Data.
    (iii) The Contractor is granted a limited, revocable, non-
exclusive, non-transferable, worldwide, fully paid-up, royalty-free 
right and license to copy, store, transmit, modify, display, and use 
Government Data and Custom Developments for the duration of each 
individual awarded contract or task/delivery order solely for the 
following permitted purposes:
    (A) Performing the specific requirements;
    (B) Providing technical support and maintenance as required; and
    (C) Providing such other uses as may be expressly authorized in 
writing by the Contracting Officer.
    (iv) To the extent the Contractor obtains any intellectual property 
rights in Government Data, or any improvements, enhancements, feedback, 
or derivative works thereof, the Contractor assigns and transfers all 
such

[[Page 36563]]

rights to the Government effective immediately upon creation.
    (v) The Contractor retains ownership of the underlying LLM, base 
models, and Background Data in its original form.
    (2) License Grant to Government. The Contractor grants to the 
Government an irrevocable, royalty-free, non-exclusive license to use 
the LLM for the duration of the work defined in the contract or task/
delivery order. This license is strictly limited to the specific 
purposes and scope of work defined within the contract or task/delivery 
order, and is restricted to the commercially available features, 
Background Data, and functionality of the LLM as described in and 
necessary to fulfill this contract or task/delivery order and its 
accompanying documentation, unless specified otherwise. This license 
includes the right to:
    (i) Operate and access the LLM through agreed-upon methods;
    (ii) Allow authorized Government personnel and contractors to use 
the LLM; and
    (iii) Integrate the LLM with Government systems as necessary.
    (3) Prohibited Uses of Government Data. Use of Government data is 
limited per paragraph (e)(1)(iii). Other uses of Government data are 
prohibited. Examples of prohibited use of Government Data includes:
    (i) Training, fine-tuning, or otherwise improving an LLM, including 
those operated by third parties, or to develop or improve the LLM(s) 
for any other customers or any commercial or non-commercial purposes.
    (ii) Using Government Data to inform the Contractor's advertising, 
marketing, sales, monetization, strategy, operations, or other business 
decisions, or to provide to other Government or non-Government 
entities.
    (iii) Retaining, accessing, or using beyond the scope and duration 
expressly permitted in the contract.
    (iv) Processing or storing Government Data with, or transferring 
Government Data to, any party not authorized under this contract or 
task/delivery order or without appropriate extension (flowdown) of 
applicable requirements.
    (v) Selling or licensing Government Data to any party.
    (4) Government Data Handling and Processing Requirements. Unless 
otherwise expressly authorized by the Contracting Officer:
    (i) The Contractor must implement reasonable technical, 
administrative, physical, and organizational safeguards to protect 
Government Data from loss, damage, destruction, unauthorized 
alteration, or corruption, and prevent its unauthorized, accidental, or 
unlawful access, disclosure, use, or processing;
    (ii) The Contractor must implement Data Handling Procedures that 
restrict human access to Government Data. These protocols must be 
implemented at the contract level and customization at the individual 
contract or task/delivery order level. Automated processing systems and 
operational controls that prevent human personnel from the Contractor 
or any Third-party entity from viewing, accessing, or reviewing 
Government Data during normal operations include:
    (A) Automated data ingestion, processing, and response generation 
without human content review;
    (B) Technical access controls that prevent personnel from viewing 
Government Data;
    (C) Encrypted data transmission and processing that renders 
Government Data unreadable to human personnel;
    (D) Administrative and technical safeguards that allow system 
operation, monitoring, and maintenance without exposing Government Data 
content; and
    (E) Audit logging systems that track data processing activities 
without capturing or displaying actual Government Data.
    (iii) The Contractor must ensure Government Data is stored or 
processed only when reasonably necessary for the performance of the 
contract;
    (iv) The Contractor must provide tools that enable the Government 
to maintain detailed records of all processing activities involving 
Government Data;
    (v) The Contractor must comply with the following Data localization 
requirements, including but not limited to:
    (A) Not removing or allowing removal of any such Government Data 
from the agreed-upon premises or FedRAMP-authorized services, without 
express written consent from the Contracting Officer; and
    (B) Not transmitting, storing, taking, or accessing such Government 
Data, or allowing such Government Data to be transmitted, stored, 
taken, or accessed by any means outside of the agreed-upon premises or 
authorized services, without express written consent from the 
Contracting Officer.
    (vi) The Contractor must implement and maintain appropriate 
technical and organizational measures to ensure that all such 
Government Data is logically segregated from the Data of any non-
Government customer or client, and is not commingled with Data of other 
customers or clients and provides adequate defense in depth through 
access controls, policy enforcement points, labeling, and/or encryption 
mechanisms and must perform continuous monitoring to protect against 
unauthorized access by external and internal threat actors, third 
parties, or disclosure resulting from human or machine error. Logical 
segregation does not require physical or dedicated instances within 
contractor-hosted or controlled systems, continuing compliance with the 
specified FedRAMP authorization level is deemed to satisfy these 
requirements by achieving equivalent security and separation.
    (vii) Upon completion, termination or expiration of the contract or 
task/delivery order, unless otherwise directed in writing by the 
Contracting Officer, the Contractor must securely and permanently 
delete all such Government Data and any Custom Developments from the 
LLM and all its other systems and all copies, backups and derivatives 
thereof, and certify deletion to the Contracting Officer in writing.
    (viii) Custom Developments and Model Rights. If there is a 
requirement for custom developments, the Contractor must:
    (A) Dedicate the Custom Developments, including any customized or 
enhanced models resulting from such Custom Developments, to the 
Government's exclusive use;
    (B) Treat such Custom Developments, custom models, and all 
associated Data as the Government's confidential information; and
    (C) Not use, reproduce, or derive benefit from such Custom 
Developments or custom models for any other purpose, or for the benefit 
of any other party, without express written authorization from the 
Contracting Officer.
    (ix) Feedback. The Government retains ownership of all feedback 
provided by the Government to the Contractor with respect to the LLM or 
Custom Developments, regardless of whether such feedback is generated 
by Government personnel, the Contractor, or through automated 
processes. If feedback includes Government Data and Government 
confidential information, that feedback may not be used for system 
improvement purposes or any other purposes (except solely in the 
performance of this contract).
    (f) Contractor Obligations for Compliance, Reporting, and 
Documentation. The Contractor must:
    (1) Disclose all LLMs used or made available in performance of this 
contract or a task/delivery order. Disclose all entities filling the 
roles defined by the flowdown supplemental clauses. Disclosures are due 
to the Contracting

[[Page 36564]]

Officer or ordering Contracting Officer by the date specified in the 
contract or task/delivery order. If no date is specified, disclosures 
are due within 120 days after commencing work under the contract or 
task/delivery order.
    (2) Maximize the use of LLMs that meet the following criteria:
    (i) Controlling Entity & Jurisdiction: Each LLM is developed, 
managed, and operated by an entity that is incorporated in the United 
States (U.S.) and is subject to U.S. law and jurisdiction.
    (ii) Protection Against Foreign Compulsion:
    (A) Each LLM's performance, operations, or protections cannot be 
controlled by a foreign Government.
    (B) No foreign Government or entity can compel disclosure of 
Government Data, or operational details that could compromise each 
LLM's integrity or security.
    (C) Each LLM, and any components performing core model, data 
storage or processing, output generation, or security functions, are 
prohibited from being developed, managed, or operated by entities 
subject to the direction, influence, or control of adversary foreign 
governments (see 15 CFR 791.4).
    (iii) Component Flexibility & Risk Mitigation: Incidental foreign-
developed components (e.g., open-source components, published 
research), ancillary Third-party services, or globally operated 
infrastructure dependencies are permissible, provided:
    (A) They do not introduce security risks or foreign control that 
would violate criteria (f)(2)(i) or (f)(2)(ii).
    (B) The systems storing or processing Government Data satisfy 
applicable Federal security requirements, including those for data 
residency and isolation.
    (C) A risk-based approach is applied, focusing on objective 
criteria such as ownership, control, hosting, and security posture.
    (3) Disclose whether the LLM has been modified or configured to 
comply with any non-U.S. federal government statutes, regulations, or 
policies no later than thirty (30) days after award to the Contracting 
Officer, unless otherwise stated in the solicitation, contract, or 
task/delivery order.
    (4) Provide a means for the Government to implement human 
oversight, intervention, and traceability. If the LLM uses intermediary 
processing such as reasoning, retrieval, or agentic processes, the LLM 
must summarize intermediary steps from data input to data output, and 
make this information accessible through data output, audit trail, and 
as applicable the user interface. At minimum, the LLM must include:
    (i) Summarized intermediate processing actions and decision points;
    (ii) Model routing decisions with accompanying rationale; and
    (iii) Data retrieval methods employed (e.g., Retrieval-Augmented 
Generation (RAG), web search), including complete source attribution 
with direct links and relevant excerpts from materials used in response 
generation.
    (5) Notify the Contracting Officer and any Government provided 
point of contacts as soon as possible but not longer than within 72 
hours of the discovery of any incident (as defined by the Federal 
Information Security Modernization Act of 2014 in 44 U.S.C. 3552(b)(2)) 
affecting any contractors, including Third-party entities, handling 
Government Data and provide daily status updates to all points of 
contact until resolved.
    (i) Such notification must include, to the extent known at the 
time:
    (A) Nature and scope of the incident;
    (B) Data potentially affected;
    (C) Immediate remediation steps taken;
    (D) Timeline for full resolution; and
    (E) Measures to prevent recurrence.
    (ii) Where FedRAMP incident communication and response procedures 
conflict with contractual requirements, the FedRAMP procedures take 
priority if the system is required to be FedRAMP Authorized.
    (iii) The Contractor must preserve all relevant logs, forensic 
images, and incident artifacts for a minimum of 90 calendar days from a 
security incident involving Government Data to support follow-on 
investigation activity by law enforcement entities.
    (iv) The Contractor must also complete the CISA incident reporting 
form (https://myservices.cisa.gov/irf).
    (6) Establish feedback mechanisms (consistent with OMB M-25-21 and 
successor requirements) allowing the Government to:
    (i) Provide performance feedback and improvement requests through 
formal channels;
    (ii) Request system modifications or enhancements; and
    (iii) Report operational concerns without requiring incident 
classification.
    (7) Provide, upon Government request, and under appropriate 
confidentiality protections, existing commercial documentation or 
disclosures sufficient to demonstrate compliance, including but not 
limited to:
    (i) Verification of compliance with this clause and the contract;
    (ii) List of entities involved in performance of this contract or 
task/delivery order, the entities' role(s), as defined by the flowdown 
supplemental clauses, which requirements of this clause are applicable 
to each entity, and the entities' approach to addressing the 
requirements in this clause;
    (iii) LLM decision-making processes, logic, and operational 
parameters;
    (iv) LLM Developers, general model characteristics, intended use, 
limitations, and risk considerations to enable informed and responsible 
use by the Government. The contractor is not required to disclose 
proprietary source code, model weights, or trade secrets.
    (v) System documentation consistent with NIST AI Risk Management 
Framework guidelines, Unbiased AI Principles, and LLM Transparency 
requirements such as system cards or equivalent documentation.
    (vi) Transparency & Auditability: The Contractor must provide 
commercially available means for the Government to implement 
appropriate human oversight, intervention, and traceability for the 
contracted use case, and to understand the role of various components 
in generating responses, to the extent commercially available and 
technically feasible;
    (vii) Privacy controls effectiveness and PII processing prohibition 
compliance;
    (viii) Testing methodologies used to detect and mitigate 
noncompliance with the unbiased AI principles described in paragraph 
(j)(1);
    (ix) Known biases (including commercial, political, or personal 
considerations, advertising, endorsements, or fraudulent/corrupt 
interests), limitations, truthfulness concerns, and performance 
metrics;
    (x) Influence, direction, or control of an adversary foreign 
governments (see 15 CFR 791.4);
    (xi) FedRAMP authorization packages, continuous monitoring data, 
and assessment artifacts necessary to issue or maintain an 
authorization to operate, consistent with 44 U.S.C. 3609(a)(8) and OMB 
M-24-15 and successor requirements; and
    (xii) Any other information necessary for the Government to monitor 
and evaluate the LLM's performance, risks, and effectiveness and to 
complete an LLM Impact Assessment required by OMB M-25-21 and successor 
requirements.
    (g) Privacy and Confidentiality Protections.
    (1) To the extent the Contractor has available tools, they must 
provide tools to enable the Government to implement appropriate 
Government-configurable

[[Page 36565]]

controls, including but not limited to automated detection mechanisms 
and clear user notifications to manage, prevent, and reject the entry 
or persistence of PII within the LLM.
    (2) The Government, absent specific legal requirements, will not 
disclose confidential documentation or information provided by the 
Contractor.
    (h) Data Portability and Interoperability. The Contractor must:
    (1) Provide and ensure that LLM services support the export of 
Government Data (including but not limited to: user-generated content, 
interaction history, uploaded content and media, and knowledge bases) 
in open or standard machine-readable formats, together with sufficient 
associated metadata and schema information necessary for the Government 
to retrieve, use, or migrate Government Data to another service.
    (2) Provide and support documented APIs sufficient for Government 
integration and data export to the extent the service uses APIs.
    (3) Not impose proprietary formats, technical restrictions, 
additional costs, or additional licensing conditions that materially 
impair the Government's ability to retrieve, use, or migrate Government 
Data to another service.
    (4) Provide tooling or interfaces to facilitate migration of 
Government Data and Custom Developments in a secure manner.
    (i) Change Notification.
    (1) Advance Notice of Material Changes. The Contractor must provide 
written notice to the Contracting Officer at least thirty (30) calendar 
days prior to any planned material change affecting the services 
provided under this contract, including:
    (i) Adding, replacing, or materially changing any LLMs, LLM's 
Developer(s), System Operator(s), System Integrator(s), or Service 
Provider(s);
    (ii) Changes to the services handling Government Data, including 
discontinuation or material reduction of data protection controls 
applied to Government Data, or change in FedRAMP Authorization Status; 
or
    (iii) Any modification, configuration, or training change to the 
LLM made to comply with any non-U.S. government statute, regulation, or 
policy.
    (2) Model Version Changes. The Contractor must use reasonable 
efforts to provide the Government with concurrent access to any 
successor LLM, and associated documentation, for a minimum evaluation 
period of thirty (30) calendar days for major versions, and fifteen 
(15) calendar days for minor versions, prior to discontinuing or 
replacing any LLM in use under this contract.
    (3) Safety and Performance Degradation. The Contractor must notify 
the Contracting Officer within seven (7) calendar days of identifying 
any change that materially increases output bias; decreases safety 
guardrails or behavioral constraints; or degrades performance or 
truthfulness of outputs. The notification must describe the change, its 
purpose, the evaluation approach used and any new limitations, trade-
offs, or potential negative impacts identified.
    (4) Emergency and Unplanned Changes. If the Contractor implements a 
change without providing sufficient advance notice, or if a change is 
necessitated by a security or service emergency, the Contractor must:
    (i) Notify the Contracting Officer as soon as practicable upon 
learning of the change; and
    (ii) Describe any remediation or rollback actions available.
    (5) Notification: All notifications under paragraph (i) must 
include, to the extent known at the time of notification:
    (i) Description of change;
    (ii) Affected roles, services, systems, and Government Data;
    (iii) Any limitations, trade-offs, or negative impacts;
    (iv) Evaluation approach used to assess the change;
    (v) Any remediations or rollback actions; and
    (vi) Confirmation of applicable requirements of this clause have 
been flowed down appropriately.
    (j) Performance, Evaluation, and Remediation.
    (1) Unbiased AI principles. The Contractor must ensure the LLM is 
developed and monitored in accordance with the following unbiased AI 
principles:
    (i) The LLM must be truthful in responding to user prompts seeking 
factual information or analysis. The LLM must prioritize historical 
accuracy, scientific inquiry, and objectivity and must acknowledge 
uncertainty where reliable information is incomplete or contradictory.
    (ii) The LLM must be a neutral, nonpartisan tool that does not 
manipulate responses in favor of ideological dogmas. The Contractor 
must not intentionally introduce or embed partisan or ideological 
judgments into the LLM's Data Outputs through methods such as training 
data selection, fine-tuning, Retrieval-Augmented Generation (RAG) 
references, system prompts, or other configuration methods.
    (iii) The Contractor must implement continuous improvement 
processes to enhance detection and mitigation of performance, 
trustworthiness, bias, and/or systems generating illegal or prohibited 
content, including regular evaluation of system outputs (excluding Data 
Outputs) against verified factual sources.
    (2) Government Evaluation Rights and Remediation.
    (i) The Government reserves the right to conduct automated 
assessments of the LLM, as deployed and configured for government 
users, at any time using its own benchmarks. These evaluations may 
assess bias, truthfulness, safety, unsolicited ideological content, and 
other factors determined by the Government in order to facilitate 
evaluations.
    (ii) The Contractor must provide tools and interfaces that enable 
the Government to run its benchmarks in an automated fashion to test 
the production LLM and identify any material gaps.
    (iii) The Government may provide such results to the Contractor to 
support remediation efforts.
    (iv) All benchmarks, test data, and methodologies developed or used 
by the Government for such assessments are considered Government Data. 
The Government is under no obligation to disclose or provide access to 
the underlying data, methodologies, or systems, with the exception of 
data or methodologies used as the basis for an adverse action under 
paragraph (j)(3)(ii).
    (3) Non-Compliance.
    (i) The Government retains the right to suspend use of the LLM 
until performance issues are satisfactorily addressed;
    (ii) The Contractor is liable for reasonable decommissioning costs 
if the Contracting Officer terminates this contract or task/delivery 
order for cause for failure to remediate after receiving specific 
written notice of non-compliance from the Contracting Officer with the 
Unbiased AI Principles described in paragraph (j)(1).
    (A) Decommissioning cost liability are not to exceed __[Contracting 
Officer to insert a percentage] at a percentage of contract value; and
    (B) The Government must disclose information, under appropriate 
confidentiality protections, to enable the Contractor to understand the 
basis for the Government's determination and take reasonable 
remediation actions.


(end of clause)
0
4. Add 552.239-7001-1 to read as follows:


552.239-7001-1  LLM Developer Flowdown Requirements.

    As prescribed in 552.239-7001(a)(2), use the clause at 552.239-
7001-1, LLM

[[Page 36566]]

Developer Flowdown Requirements (DATE), to extend (flowdown) these 
requirements to a LLM Developer (e.g., model architecture, training, 
weights, model cards, safety documentation, base capabilities, 
acceptable use policies, base safety filters), as defined in clause 
552.239-7001(b).

Basic Safeguarding of the Data Within Large Language Model Artificial 
Intelligence Systems--LLM Developer Flow-Down Requirements (DATE)

(a) Applicability
(b) Definitions
(e) Intellectual Property Rights
(f) Contractor Obligations for Compliance, Reporting, and Documentation
(g) Privacy and Confidentiality Protections
(i) Change Notification
(j) Performance, Evaluation, and Remediation


(end of clause)

0
5. Add 552.239-7001-2 to read as follows:


552.239-7001-2  LLM System Operator Flowdown Requirements.

    As prescribed in 552.239-7001(a)(2), use the clause at 552.239-
7001-2, LLM System Operator Flow-Down Requirements (DATE), to extend 
(flowdown) these requirements to a LLM System Operator (e.g., cloud 
infrastructure, model hosting, endpoints, API availability, runtime 
security, logging, retention, data residency, capacity management, rate 
limits), as defined in clause 552.239-7001(b).

Basic Safeguarding of the Data Within Large Language Model Artificial 
Intelligence Systems--LLM System Operator Flow-Down Requirements (DATE)

(a) Applicability
(b) Definitions
(e) Intellectual Property Rights

    The following subparagraphs from paragraph (f) Contractor 
Obligations for Compliance, Reporting, and Documentation

(f)(2), (f)(2)(iii)(B)
(f)(4)
(f)(5)
(f)(6)
(f)(7)
(g) Privacy and Confidentiality Protections
(h) Data Portability and Interoperability

The following subparagraphs from paragraph (i) Change Notification
(i)(1)(i), (i)(1)(ii)
(i)(3)
(i)(4)
(i)(5)
(j) Performance, Evaluation, and Remediation

(end of clause)

0
6. Add 552.239-7001-3 to read as follows:


552.239-7001-3  LLM System Integrator Flowdown Requirements.

    As prescribed in 552.239-7001(a)(2), use the clause at 552.239-
7001-3, LLM System Integrator Flow-Down Requirements (DATE), to extend 
(flowdown) these requirements to a LLM System Integrator (e.g., model 
selection, system prompts, prompt templates, RAG sources, vector 
stores, tools, plugins, agents, guardrails, filters, fine-tuning data, 
evaluation criteria, human-review thresholds, output constraints, 
workflow logic), as defined in clause 552.239-7001(b).

Basic Safeguarding of the Data Within Large Language Model Artificial 
Intelligence Systems--LLM System Integrator Flow-Down Requirements 
(DATE)

(a) Applicability
(b) Definitions
(e) Intellectual Property Rights
(f) Contractor Obligations for Compliance, Reporting, and Documentation
(g) Privacy and Confidentiality Protection
(h) Data Portability and Interoperability
The following subparagraphs from paragraph (i) Change Notification
(i)(1)(i), (i)(1)(iii)
(i)(2)
(i)(3)
(i)(5)
(j) Performance, Evaluation, and Remediation
(end of clause)
0
7. Add 552.239-7001-4 to read as follows:


552.239-7001-4  LLM Service Provider Flowdown Requirements.

    As prescribed in 552.239-7001(a)(2), use the clause at 552.239-
7001-4, LLM Service Provider Flow-Down Requirements (DATE), to extend 
(flowdown) these requirements to a LLM Service Provider, as defined in 
clause 552.239-7001(b).

Basic Safeguarding of Data Within Large Language Model Artificial 
Intelligence Systems--LLM Service Provider Flow-Down Requirements 
(DATE)

(a) Applicability
(b) Definitions
(e) Intellectual Property Rights
(f) Contractor Obligations for Compliance, Reporting, and Documentation
(g) Privacy and Confidentiality Protections
(h) Data Portability and Interoperability
(i) Change Notification
(j) Performance, Evaluation, and Remediation

(end of clause)

[FR Doc. 2026-12205 Filed 6-16-26; 8:45 am]
BILLING CODE 6820-61-P