Professionals Services Insights Community
About Offices Careers
Home / Insights / GSA Proposes Revisions to ...
PDF

June 18, 2026

Dismas Locaria Emily M. Rios

GSA Proposes Revisions to Clause on Basic Safeguarding of Data within Large Language Model Artificial Intelligence Systems (LLMs)

7 min

On June 17, 2026, the U.S. General Services Administration (GSA) proposed a revised General Services Administration Acquisition Regulation (GSAR) clause, 552.239-7001, "Basic Safeguarding of Data within Large Language Model Artificial Intelligence Systems (LLMs)," that, if finalized, will impose substantial obligations on contractors processing government data through LLMs. This clause creates requirements for data protection, intellectual property, and ethical artificial intelligence (AI) development when LLMs are used to process government data.

This alert follows up on our previous article regarding GSA's March 6, 2026 draft version of this contract clause and highlights the changes to the clause. As noted therein, there were several provisions that caught the attention of industry, such as the fact that GSA was seeking an "irrevocable, royalty-free, non-exclusive license to use the AI System for the duration of th[e] contract for any lawful Government purpose" (emphasis added) and that the license would also include the government's right to "[i]ntegrate the AI system with Government systems as necessary for any lawful Government purpose."

Following industry comments on the initial draft, GSA implemented the following changes to the proposed clause:

  • Perhaps the most notable is rebranding the name of the clause. Previously, the clause was named "Basic Safeguarding of Artificial Intelligence Systems" and is now called "Basic Safeguarding of Data Within Large Language Model Artificial Intelligence Systems." While subtle, the change appears to focus the safeguarding on the data within an AI system as opposed to regulating the system itself. However, as discussed herein, this change in branding may be just that, as many of the provisions of the clause retain terms that impose potentially onerous control over the system itself.
  • GSA purports to narrow the applicability of this clause to GSA solicitations and contracts (such as Federal Supply Schedule contracts or other government-wide contracts), including those for commercial products and services, when government data will be processed by an LLM. "Government data," however, appears to be broadly defined to include data well beyond what one might expect, as it includes "data inputs" and "data outputs" generated under the contract, not just government data in the plain sense. Moreover, the rule does not define the term "processed by," so it is unclear how narrow this application could be in practice.
  • The clause more expressly includes an exception for AI that is embedded in a common commercial product, such as a word processor or map navigation system, but now also includes an exception for LLM functionality that is incidental to the primary purpose of the core requirement being procured. Of course, "incidental" also remains undefined and is therefore leaving this concept and the application of this exception subject to interpretation.
  • The license created much discussion under the first version of this clause, as GSA originally sought the use of an "AI System for the duration of th[e] contract for any lawful Government purpose" and the right to "[i]ntegrate the AI system with Government systems as necessary for any lawful Government purpose." GSA now appears to have narrowed the license grant to the government to include "an irrevocable, royalty-free, non-exclusive license to use the LLM for the duration of the work defined in the contract or task/delivery order." This license is "strictly limited to the specific purposes and scope of work defined within the contract or task/delivery order, and is restricted to the commercially available features, Background Data, and functionality of the LLM as described in and necessary to fulfill this contract or task/delivery order and its accompanying documentation, unless specified otherwise." The license clause provides the government the right to operate and access the LLM through agreed-upon methods; allow authorized government personnel and contractors to use the LLM; and integrate the LLM with government systems as necessary. Overall, this appears to be a much-improved revision to the license terms, but the automatic use by contractors could be problematic, and AI providers should be mindful of the scope and breadth of a particular contract or task/delivery order if they have concerns about the use of their AI system.
  • GSA clarified certain contractor responsibilities for LLMs. In particular, the contractor must exercise due diligence in selecting and overseeing LLM Developers, LLM System Operators, LLM System Integrators, and LLM Service Providers by relying on the applicable flowdown requirements or obtaining attestation that requirements have been implemented. The contractor must also notify the Contracting Officer of any known non-adherence to this clause within 72 hours.
  • Finally, GSA updated contractors' obligations for compliance, reporting, and documentation, including, but not limited to:
    • Disclosing all LLMs used or made available in performance of a contract or task/delivery order and all entities filling the LLM roles to the Contracting Officer within 120 days of commencing work, if no date is specified in the contract or order;
    • Disclosing whether an LLM has been modified or configured to comply with any non-U.S. federal government statutes, regulations, or policies to the Contracting Officer within 30 days after an award, unless otherwise stated in the solicitation, contract, or order;
    • Notifying the Contracting Officer and any government-provided point of contact within 72 hours of the discovery of an incident affecting the handling of government data and providing daily status updates;
    • Providing documentation of compliance with this clause upon government request;
    • Notifying the Contracting Officer of planned material changes at least 30 days prior to the implementation of the change; and
    • Ensuring LLMs are developed and monitored in accordance with unbiased AI principles. On this, while GSA removed previous references to the AI tool not being allowed to favor "ideological dogmas such as Diversity, Equity, Inclusion," the clause still goes to great length defining "unbiased AI principles." Specifically, that it must (1) "prioritize historical accuracy, scientific inquiry, and objectivity and must acknowledge uncertainty where reliable information is incomplete or contradictory"; and (2) be "a neutral, nonpartisan tool that does not manipulate responses in favor of ideological dogmas" and that the contractor "must not intentionally introduce or embed partisan or ideological judgments into the LLM's Data Outputs through methods such as training data selection, fine-tuning, Retrieval-Augmented Generation (RAG) references, system prompts, or other configuration methods"; and (3) the contractor "must implement continuous improvement processes to enhance detection and mitigation of performance, trustworthiness, bias, and/or systems generating illegal or prohibited content, including regular evaluation of system outputs (excluding Data Outputs) against verified factual sources."
  • Notably, it would appear the revised clause has done away with the American-only AI system provision previously included in the prior version of the clause. However, the clause does include provisions designed to protect the government from foreign compulsion (i.e., LLMs cannot be controlled by foreign governments; no foreign government can compel disclosure of government data; and the tool cannot be developed, managed, or operated by an adversary foreign government).

This updated clause provides some clarity from GSA's March 6, 2026 draft and purports to narrow its application; however, the clause still includes significant ambiguity and compliance requirements for contractors processing "government data" through LLMs (i.e., AI tools). Interested parties should review this proposed clause carefully and consider submitting further comments to the proposed rule. In fact, GSA has sought input on five specific questions:

  1. Does the change in clause prescription adequately address previous concerns about the broadness of the scope of the clause?
  2. Are the requirements, such as government data ownership and protection and contractor accountability, clearly defined?
  3. Are the roles and responsibilities of the contractor, LLM Developer, LLM System Operator, LLM System Integrator, and LLM Service Provider clearly defined and are flowdown paragraphs accurately presented?
  4. Do you understand how to implement the flowdown clauses?
  5. Does the clause adequately address risks related to foreign ownership or control of LLMs, where changes to the LLM could covertly affect Government Data, outputs, or decisions without changing the contracting entity?

Answers to these questions and other comments are due by August 3, 2026.

GSA will also hold a public listening session on July 14, 2026, regarding the proposed rule. Registration for the listening sessions closes on July 3, 2026.

Related Services

Practices

Related Insights

SBA Proposes Rule Establishing "Victims" of DEI and Past Ineligibility for the 8(a) Program as a Basis for Social Disadvantage Under the 8(a) Program
SBA Proposes Rule Establishing "Victims" of DEI and Past Ineligibility for the 8(a) Program as a Basis for Social Disadvantage Under the 8(a) Program

June 11, 2026

3min
Uniform Guidance Proposed Updates
Uniform Guidance Proposed Updates

May 29, 2026

1min
Christopher Griesedieck and Dismas Locaria Publish “Foreign-owned defense firms take note — New rule would extend FOCI requirements to unclassified (and even some commercial) contracts and subcontracts”
Christopher Griesedieck and Dismas Locaria Publish “Foreign-owned defense firms take note — New rule would extend FOCI requirements to unclassified (and even some commercial) contracts and subcontracts”

May 21, 2026

1min
View More

Recent News

Venable Practice Areas and Attorneys Recognized on Legal 500 United States 2026 List
Venable Practice Areas and Attorneys Recognized on Legal 500 United States 2026 List

June 10, 2026

3min
Venable Once Again Recognized Among the DC Metro Region's Top 25 Corporate Philanthropists
Venable Once Again Recognized Among the DC Metro Region's Top 25 Corporate Philanthropists

June 09, 2026

3min
Venable Proudly Sponsors the AHLA Annual Meeting in New York City on June 28-July 1
Venable Proudly Sponsors the AHLA Annual Meeting in New York City on June 28-July 1

June 09, 2026

1min
View More