GSA has revised its proposed AI safeguarding clause covering every GSA Schedule contract and GWAC vehicle — including OASIS+, SEWP VI, and all Federal Supply Schedules. The revision replaces the single blanket AI data protection clause with four role-based clauses: Developer, Operator, Integrator, and Service Provider. Each carries distinct obligations. Government data cannot be used to train commercial AI models under any role. Foreign ownership restrictions on large language models (LLMs) may create new barriers for small firms using offshore AI tools. Comments close August 3, 2026 — and as of early July, only six companies have submitted comments.
I spent eighteen years as a Contracting Specialist and Contracting Officer at GSA, IRS, DoD, and DOI. I have watched the AI contracting space evolve from a single clause proposal — which GSA published in January 2026 and then significantly revised by June — into this current four-role structure. The shift from a single flow-down to role-based obligations is the right direction, but the definitions matter enormously. If your contract spans multiple roles — and many IT contractors will — you need to understand which obligations apply at each stage of your work.
What contract vehicles does this AI clause cover?
GSA's revised AI clause applies to every contract vehicle GSA administers — all Multiple Award Schedule (MAS) SINs, OASIS+, SEWP VI, Alliant 3 (when awarded), and other GSA-managed GWACs. It flows down to all task orders and delivery orders under those vehicles where the contractor uses or provides AI tools, systems, or services.
This is not a niche clause for IT-only contractors. If you are on a professional services Schedule and you use an AI writing tool to draft deliverables for a federal client, the clause applies to you. If you are a management consulting firm on OASIS+ using AI to analyze program data, the clause applies. The scope is intentionally broad — GSA's position is that any AI tool that touches or processes government information is subject to the rule.
GWACs and contract vehicles covered:
- GSA MAS: All SINs across all Schedules (IT, professional services, facilities, products)
- OASIS+ (One Acquisition Solution for Integrated Services Plus): All domains and pools
- SEWP VI (Solutions for Enterprise-Wide Procurement): When awarded
- Alliant 3: When awarded
- 8(a) STARS III: Covered as a GSA-managed GWAC
- Other GSA-managed indefinite delivery vehicles
What are the four roles and how does GSA define them?
The four roles — Developer, Operator, Integrator, and Service Provider — define what your relationship to AI systems is under a given contract. A single contractor can hold multiple roles simultaneously on different task orders, or even on a single task order if the scope involves building, deploying, and maintaining an AI system.
When I was reviewing contract modifications as a Contracting Specialist at GSA, ambiguity in role definitions was always the source of disputes at the task order level. The four-role structure is more precise than the prior single-clause approach, but the definitions will be tested when contractors perform across multiple categories on complex AI integration projects. Here is how GSA defines each role:
| Role | Definition | Example | Primary Obligation |
|---|---|---|---|
| Developer | Designs, builds, or trains an AI system or model for use on the contract | Building a custom NLP model for document classification on a federal knowledge management system | Data provenance documentation; no training on government data without explicit authorization; model transparency requirements |
| Operator | Deploys and runs an AI system in a federal environment without modifications to the model itself | Deploying a commercial AI tool (e.g., a summarization tool) to process federal documents under a contract | Data handling restrictions; access controls; no routing government data through unauthorized commercial AI pipelines |
| Integrator | Connects AI tools or APIs with existing federal systems as part of a larger solution | Wiring an AI-powered chatbot into a federal agency's ticketing or HR system | Data flow documentation; ensuring each integrated component meets applicable AI safeguarding requirements; pass-through compliance obligations |
| Service Provider | Provides AI-enabled services as a deliverable — the AI is embedded in the output but not delivered as a standalone system | Delivering AI-generated data analysis reports, AI-assisted proposal reviews, or AI-enhanced translation services under a services contract | Disclosure of AI involvement; output validation requirements; restrictions on what data can feed the AI service |
What does the prohibition on training commercial AI models with government data mean?
Under all four roles, contractors are prohibited from using government data processed under a GSA contract to train, fine-tune, or improve a commercial AI model. This applies regardless of whether the data is classified, Controlled Unclassified Information (CUI), or unclassified public data — if it was collected or processed under a federal contract, it cannot feed a commercial AI model's training pipeline without explicit written authorization.
From the CO seat, this is the provision that will generate the most disputes — and the most modification requests. The line between "using government data to improve service delivery" and "using government data to train a model" is not always clear in practice. A managed services contractor whose AI tool learns from patterns in agency data over time may be inadvertently fine-tuning the underlying model. Document your AI tool's data handling architecture before your next task order submission — COs will ask about it.
What the prohibition specifically covers:
- Model training: Using government data as training examples for supervised or unsupervised learning
- Fine-tuning: Using government data to adjust a pre-trained model's weights or behavior
- Retrieval-Augmented Generation (RAG) corpus building: Incorporating government documents into a persistent vector database that improves model responses beyond the contract period
- Behavioral feedback loops: Systems that use agency user interactions to improve model performance — RLHF (Reinforcement Learning from Human Feedback) using government user sessions
What is generally permissible (consult your PCO for task-order-specific determinations):
- Using government data as input for inference (generating outputs) within a secure, authorized environment
- In-context learning within a single session that does not persist beyond the session
- Using government data to evaluate model performance when explicitly authorized in the contract
What do the foreign ownership restrictions on LLMs mean for small contractors?
GSA's revised clause includes restrictions on AI models where the underlying technology is owned or controlled by foreign entities in certain countries. Contractors using LLMs from providers with foreign ownership structures that trigger the restrictions may be unable to use those tools on covered contracts without a waiver or alternative solution.
This is the provision most likely to create immediate operational issues for small IT contractors and professional services firms. Many small businesses rely on commercially available LLMs accessed through API — OpenAI, Anthropic, Google Gemini, Mistral, and others. The foreign ownership analysis turns on whether the model provider has meaningful ownership or control by entities from covered countries, not just where the servers are located.
The practical risk areas for small contractors:
- Chinese-owned or -influenced AI tools: Any LLM with significant ownership or investment from Chinese entities may be restricted — this includes some tools marketed and sold in the U.S.
- Open-source models with foreign-hosted weights: Models where training data, weights, or infrastructure are hosted or controlled by covered foreign entities
- Third-party AI APIs without clear ownership documentation: If your tool stack includes AI APIs and you cannot document the ownership structure of the underlying models, you will need that documentation before your next task order award
Steps to take now:
- List every AI tool you use or plan to use on federal contracts
- Identify the provider of each tool and document their corporate ownership structure
- For each LLM API, confirm the underlying model provider and research any foreign investment disclosures
- Flag any tool with ambiguous ownership for legal review before the clause takes effect
Why are so few companies commenting on this rule — and why that matters?
As of early July 2026, only six companies have submitted public comments on GSA's revised AI clause proposal. Comment periods for FAR and GSAR rulemaking close August 3, 2026. The final rule will reflect the comments received. Six comments from the industry means the rule will be shaped almost entirely by government priorities, not contractor operational realities.
I have sat in rule-making working groups on the government side. The comment record is the only formal mechanism for industry to force the agency to address specific concerns in the final rule preamble. Every comment that identifies a specific operational problem must be addressed in the final rule — either by accepting the comment and modifying the rule, or by explaining why the comment was rejected. A rule with six comments is a rule where the government gets to write its own responses to six concerns. A rule with three hundred comments is a rule where the government has to engage with three hundred industry-raised issues.
The most impactful comments to submit before August 3:
- Role definition ambiguity: Submit specific scenarios where a single task order would require a contractor to operate under two or more roles simultaneously — ask GSA how to determine which clause applies
- Training vs. inference boundary: Submit specific AI tool architectures (RAG, RLHF, in-context learning) and ask GSA to clarify whether each crosses the training prohibition line
- Foreign ownership determination process: Ask GSA to provide a specific determination process or safe harbor for contractors who have completed a good-faith ownership analysis and cannot obtain further documentation from a tool provider
- Small business operational impact: Quantify the cost of replacing AI tools that fail the foreign ownership test — this creates a record for potential regulatory flexibility analysis
Submit comments through the Federal Register docket for this GSAR clause proposal at regulations.gov. Comments are public and become part of the formal administrative record.
What Is the Bottom Line?
- GSA's revised AI clause covers every Schedule and GWAC vehicle — if your firm uses AI on any GSA contract, this clause applies to you regardless of your SIN or domain
- The single blanket clause is replaced by four role-based clauses: Developer, Operator, Integrator, Service Provider — determine which roles apply to your work before the clause takes effect
- Government data cannot be used to train, fine-tune, or improve commercial AI models under any role — document your AI tools' data handling architecture now
- Foreign ownership restrictions on LLMs may require you to audit and potentially replace AI tools in your current tech stack
- Comments close August 3, 2026 — only six companies have commented; submit specific operational questions to force GSA to address them in the final rule
- Your PCO will receive a mass modification once the clause is finalized — review it when it arrives and flag any provisions your task orders cannot currently meet
If you hold a GSA Schedule or OASIS+ contract and use AI tools in your delivery work, Blackfyre provides compliance reviews and GSA contract strategy from a team with direct GSA Contracting Officer and Contracting Specialist experience — including familiarity with how these clauses are interpreted and enforced at the task order level.
Frequently Asked Questions
Does this AI clause apply to contractors who only use AI internally — not as a deliverable to the agency?
Yes, in most cases. If you use an AI tool to produce work products that are delivered under a federal contract — including drafts, analyses, summaries, code, or reports — the tool and the government data it processes are subject to the clause. The Operator and Service Provider role definitions are broad enough to capture internal AI use that produces government-facing outputs. If you are using AI only for internal operations entirely unrelated to contract performance, that use is outside the clause's scope — but confirm with your PCO for your specific contract language.
What if I am on OASIS+ as a prime and use a subcontractor who uses AI?
The Integrator role obligations include pass-through compliance requirements — primes are responsible for ensuring subcontractors who use AI tools on covered work meet the same clause requirements. If your subcontractor uses an AI tool you have not reviewed for foreign ownership or data training compliance, you carry that risk as the prime. Flow down the applicable clause requirements to subcontracts where AI tools are used and obtain written confirmation that your subs have reviewed and can comply.
How is the GSA AI clause different from the DoD AI requirements?
DoD AI requirements flow primarily through DFARS and specific program security requirements. The GSA clause applies to civilian and mixed-agency vehicles — MAS, OASIS+, and other GSA GWACs. If your firm holds both GSA and DoD contracts, you will face both sets of requirements simultaneously, and they are not identical. The DoD framework is more mature in areas like algorithm accountability and testing requirements; the GSA framework is more focused on data protection and commercial AI training restrictions. Compliance with one does not guarantee compliance with the other.
When will the final AI clause take effect?
The comment period closes August 3, 2026. After GSA reviews comments, a final rule will be published in the Federal Register. GSA has not announced a finalization date. Given the comment volume and complexity, a Fall 2026 or early 2027 finalization is most likely. The clause will take effect on new contracts and task orders on or after the effective date, and will be added to existing contracts through mass modification — watch for a mass mod notification from your PCO.
What does "foreign ownership restriction on LLMs" mean practically?
The restriction prohibits using LLMs where a covered foreign entity has ownership or control of the technology. "Covered foreign entity" is defined by reference to entities from countries identified in national security determinations — primarily China, Russia, Iran, and North Korea. The restriction is about the model's ownership structure, not the server location. If the LLM you use is provided by a U.S. company but the underlying model was developed by or licensed from an entity with covered foreign ownership, it may be restricted. Document the full ownership chain for every AI model in your stack.
If I only use GSA-approved cloud services (FedRAMP authorized), am I covered?
FedRAMP authorization addresses the security posture of the cloud platform — it does not address AI-specific data training restrictions or foreign ownership of AI models running on that platform. An AI tool can be hosted on a FedRAMP-authorized cloud and still violate the GSA AI clause if its underlying model is trained on government data or is controlled by a restricted foreign entity. FedRAMP authorization and GSA AI clause compliance are separate determinations.