OMB’s AI risk management deadline hits federal agencies, but not all were ready

The deadline for federal agencies to implement risk management practices for high-impact AI use cases — or terminate them — has come and gone, but a handful of departments are still working to complete their requirements. FedScoop reached out to 28 federal agencies to inquire about the steps they have taken to ensure compliance within the April 3 timeframe. Some agencies fulfilled the requirements, like the Labor Department, NASA, the VA, State, GSA, and the EPA, while others reclassified use cases or still have a couple boxes to check. A few appear to have missed the deadline entirely. As outlined by an Office of Management and Budget memorandum, uses considered high-impact are required to comply with minimum risk management practices, which include pre-deployment testing, impact assessments, adverse impact monitoring, adequate human training and assessments, appropriate fail-safes that minimize harm, consistent appeal processes, and options for end users to submit feedback.

The Department of Justice is asking Congress for a major boost in fiscal 2027 to the fund it uses to support IT modernization and enterprise cybersecurity, with the entire increase going directly to the agency’s zero-trust cybersecurity architecture. DOJ has requested $149 million for its Justice Information Sharing Technology fund as part of the Trump administration’s fiscal 2027 budget request. Congress appropriated $38.5 million for the program in the past two fiscal years. The primary difference between this request and the funding enacted in the most recent years prior is the $110.3 million that DOJ says it needs to support its migration to a zero-trust architecture for its unclassified and national security systems. To put that into perspective, Justice requested a more meager $11.8 million increase to the JIST fund’s topline in fiscal 2026 for “cybersecurity posture enhancement,” which it did not get. In its congressional budget justification for 2027, Justice explains that despite an industrywide shift to zero trust as the cybersecurity model of choice in response to the SolarWinds attack on federal agencies in 2020, its funding for cyber was cut by $108 million in fiscal 2024 and remained essentially flat since then. “Enacted funding levels over the past three years are below the level required to cover DOJ’s over 275,000 endpoints and approximately 160,000 users,” the budget document states, adding that “the current funding levels impact the Department’s current defenses and constrain its ability to adapt to evolving threats.”

The Daily Scoop Podcast is available every Monday-Friday afternoon.

If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.