How federal agencies are tackling AI use under Trump; Another attempt to extend CISA 2015 law

Federal agencies’ latest status updates on how they’re using artificial intelligence reveal persistent barriers and variability on where agencies stand with ”high-impact” use cases. The release of the 2025 AI compliance plans offers one of the first in-depth glimpses at how federal agencies are addressing issues of AI risk management, technical capacity and workforce readiness under the second Trump administration. Those documents, which were required under the Trump administration’s AI governance memo to agencies, were supposed to be released publicly by Sept. 30. As of publication time, FedScoop located roughly 20 plans and 14 strategies across 22 agencies. For nine of the roughly two dozen Chief Financial Officers Act agencies, FedScoop was unable to find either a plan or a strategy. The U.S. Department of Agriculture and the Nuclear Regulatory Commission, meanwhile, produced only strategies. FedScoop and DefenseScoop attempted to contact the CFO Act agencies that didn’t produce both documents, but the agencies either didn’t respond or didn’t provide the documents. Two of those agencies, NASA and the Justice Department, noted the government shutdown in their responses, and both the DOJ and Department of Defense indicated they were working to post at a later date. Agencies were also required to submit AI strategies for the first time this year. Those documents contain some of the same information as the compliance documents, including plans to train the workforce, examples of use cases, and systems for governance. The compliance plans, meanwhile, which are in their second year, have changed only slightly from their previous iterations, with some agencies showing progress on their implementation of the technology and risk management practices.

A top Senate Democrat introduced legislation Thursday to extend and rename an expired information-sharing law, and make it retroactive to cover the lapse that began Oct. 1. Michigan Sen. Gary Peters, the ranking member of the Homeland Security and Governmental Affairs Committee, introduced the Protecting America from Cyber Threats (PACT) Act, to replace the expired Cybersecurity and Information Sharing Act of 2015 (CISA 2015) that has provided liability protections for organizations that share cyber threat data with each other and the federal government. Industry groups and cyber professionals have called those protections vital, sometimes describing the 2015 law as the most successful cyber legislation ever passed. The 2015 law shares an acronym with the Cybersecurity and Infrastructure Security Agency, which some Republicans — including the chairman of Peters’ panel, Rand Paul of Kentucky — have accused of engaging in social media censorship. As CISA 2015 has lapsed and Peters has tried to renew it, “some people think that’s a reauthorization of the agency,” Peters told reporters Thursday in explaining the new bill name.

The Daily Scoop Podcast is available every Monday-Friday afternoon.

If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.