GSA Revises AI Contract Clause After Industry Pushback

The General Services Administration has released a substantially revised contract clause governing how federal contractors must safeguard data when using large language models, backing away from several provisions that drew industry criticism earlier this year.

The updated regulation, GSA Regulation clause 552.239-7001, applies specifically when an LLM processes government data under federal contracts. According to details first reported by Crowell & Moring, the revised clause represents a significant narrowing from the original version released in March 2025, which imposed obligations broadly across AI systems without distinguishing between different types of use or supply chain roles.

Scope and exemptions

The revised clause only triggers when "Government Data" — defined as data inputs and outputs provided or created under the contract, excluding contractor background intellectual property — will be processed by an LLM. Two important carve-outs exempt LLMs embedded in common commercial products like word processors or mapping tools, and situations where LLM functionality is "incidental to the primary purpose of the core requirement being procured."

This represents a substantial pullback from the original proposal, which applied to any contract "for AI capabilities" without defining that term or establishing clear applicability thresholds.

U.S. sourcing requirements softened

The original clause prohibited contractors from using any AI components "manufactured, developed, or controlled by non-U.S. entities." The revision replaces this absolute ban with a requirement to "maximize" the use of LLMs developed, managed, and operated by U.S.-incorporated entities subject to U.S. law and jurisdiction.

The new language permits incidental foreign-developed components, including open-source elements, published research, ancillary third-party services, and globally operated infrastructure, provided they don't introduce security or foreign control risks.

Supply chain responsibilities

The revised clause introduces four distinct supply chain roles aligned with NIST AI Risk Management Framework 1.0: LLM Developer, LLM System Operator, LLM System Integrator, and LLM Service Provider. Prime contractors must flow down specific obligations to subcontractors based on which role they fill, using four companion clauses.

This replaces the original's single catch-all pass-through provision that made prime contractors responsible for any "Service Provider" without clear role definitions.

Contractor protections added

Several new provisions address industry concerns about liability and intellectual property. The revised clause includes a cap on decommissioning liability, requires written notice and an opportunity to cure before termination for cause, and explicitly protects contractor "Background Data" — preexisting proprietary content that may be incorporated into LLM processing.

Contractors are not required to disclose proprietary source code, model weights, or trade secrets. The government's license to use contractor LLMs is now strictly limited to the specific purposes and scope of work defined in the contract, rather than "any lawful Government purpose" as the original clause stated.

Bias requirements remain

The clause retains requirements that LLMs be "developed and monitored" according to "unbiased AI principles," including being "truthful," prioritizing "historical accuracy," and refraining from manipulating responses to favor "ideological dogmas." The revised version removes a specific reference to "Diversity, Equity, Inclusion" that appeared in the original.

Why it matters

Federal contractors using AI tools face a rapidly evolving compliance landscape as agencies implement executive orders on AI procurement. The GSA's willingness to substantially revise its approach based on industry feedback suggests room for continued negotiation, but contractors should prepare for new documentation, vendor management, and technical requirements when LLMs touch government data. Companies with existing federal contracts should assess whether their current LLM deployments and vendor agreements can satisfy the new criteria before the clause becomes final.

GSA is accepting written comments through August 3, 2026, and will hold a public listening session on July 14, 2026, at George Washington Law School. Details were first reported by Crowell & Moring.