Share with your COO
Four federal agencies, DOD, DHS, GSA, and the VA, are failing to capture lessons learned from AI procurement contracts, according to a new GAO review of 13 AI acquisitions. None of the four had policies requiring systematic collection of procurement insights, leaving GSA’s government-wide AI knowledge repository effectively empty. The GAO issued four recommendations, one per agency, all accepted. With OMB’s April 2025 guidance now requiring responsible AI acquisition practices, the agencies are on the clock to update internal policy before the next contract cycle.
What this means for your business
The pattern here is familiar to anyone who has watched large organizations buy software at scale: procurement moves faster than institutional memory, and every team reinvents the same contract terms from scratch. For enterprise AI vendors, the more interesting signal is that the federal government is actively building procurement infrastructure that will eventually standardize how agencies evaluate, test, and contract for AI. Vendors already selling to federal agencies, or hoping to, are competing today under informal rules that will tighten considerably once agencies actually have to document what worked and what didn’t.
The GAO’s specific concerns, data rights clauses and model testing requirements, are not bureaucratic trivia. Data rights determine who owns the training data, fine-tuned model weights, and outputs generated under a government contract. Testing requirements define what “the system works” actually means before an agency pays. Both of these are areas where commercial AI vendors have historically written contracts that favor themselves, and government buyers have lacked the institutional knowledge to push back. A functioning lessons-learned repository changes that negotiating dynamic over time, even if the immediate policy mandates are modest.
The falsification condition here is straightforward: if GSA’s web-based repository remains unfilled twelve months after agencies update their policies, the compliance exercise will have produced paperwork, not knowledge. The real pressure point for enterprise AI vendors isn’t the GAO report itself, it’s the contracting officer who, eighteen months from now, arrives at a negotiation holding documented precedents from prior acquisitions. That officer will have sharper questions about model provenance, data handling, and testing thresholds than any federal buyer has asked before. Whether your contracts can survive that scrutiny is the thing worth auditing now.
Based on reporting from GAO: Agencies Must Strengthen AI Procurement Practices by Capturing Lessons Learned, originally published 2026-04-14 03:00:00.
