On this page
TL;DR
OMB Memorandum M-24-18 (issued October 2024) directs federal agencies to manage AI risk in acquisitions, requiring contractors to disclose covered AI, provide model documentation, support agency monitoring, and align with NIST AI RMF and EO 14110. The checklist below covers the eleven contractor-facing obligations, organised by pre-award, contract execution, and in-life monitoring. Source: OMB M-24-18, October 2024. Updated 2026-05-20.
What M-24-18 is and how it relates to M-24-10
OMB Memorandum M-24-18, Advancing the Responsible Acquisition of Artificial Intelligence in Government, was issued by the Office of Management and Budget on 24 October 2024. It is the procurement-facing companion to OMB M-24-10 (March 2024), which sets internal agency governance requirements. Where M-24-10 directs how agencies govern their own AI, M-24-18 directs how agencies procure AI from vendors.
The practical effect for vendors is that any contract supplying AI to a federal civilian agency now carries new disclosure, documentation, testing, and monitoring obligations. These obligations flow down to subcontractors and, in many cases, to embedded AI features inside otherwise non-AI products. The memorandum applies to civilian agencies (the Department of Defense and the Intelligence Community are governed by parallel guidance), and aligns acquisition language with the NIST AI Risk Management Framework and Executive Order 14110.
Three definitions drive the entire framework. Covered AI means AI functionality that is the subject of the acquisition, or that the agency will use in the performance of the contract. Rights-impacting AI is AI whose output serves as a principal basis for a decision that affects an individual's civil rights, civil liberties, privacy, equal opportunity, or access to critical resources. Safety-impacting AI is AI whose output could affect human safety, critical infrastructure, or strategic assets. Rights- and safety-impacting designations trigger the heaviest contractor obligations.
Who this applies to
If your company sells to any federal civilian agency, M-24-18 likely applies to you, either directly or as a flow-down from a prime contractor. The most common entry points are: standalone AI products (decision support, document automation, code generation); AI features inside enterprise SaaS (collaboration suites, CRM, ERP, ITSM); large language model API access (OpenAI, Anthropic, Google, AWS Bedrock, Azure OpenAI); custom AI development services; and data labelling, evaluation, or red-teaming services where the deliverable is used to train or evaluate covered AI.
Three scoping signals to check immediately. First, does the contract or solicitation reference NIST AI RMF, AI Use Case Inventory, or AI Use Case Disclosure - if so, M-24-18 is in force. Second, does the contract or solicitation use the FAR/DFARS AI procurement clauses being developed in response to M-24-18 - same answer. Third, has the agency Chief AI Officer (designated under M-24-10) been named in the contract correspondence - same answer. Any of these three should trigger a M-24-18 readiness review.
The 11 contractor obligations under M-24-18
The memorandum's contractor-facing requirements can be organised into eleven discrete obligations, mapped here against pre-award, contract execution, and in-life monitoring. Treat the list below as the working contract review checklist.
1. AI disclosure and Use Case Inventory contribution
Contractors must disclose to the contracting agency all AI used in performance, sufficient to support the agency's AI Use Case Inventory required under EO 14110 and M-24-10. The disclosure must cover the AI vendor or developer, the AI's purpose in the contract, the data classes the AI processes, and whether the AI is rights-impacting or safety-impacting.
Practical preparation: maintain an internal AI bill of materials (AIBOM) for every system that touches a federal contract. The AIBOM should list every model component (foundation model, fine-tunes, retrievers, classifiers, guardrails), provenance, training data summary, and version. The AIBOM is the artefact you hand to the contracting officer; if you cannot produce one in 24 hours, you are not M-24-18 ready.
2. Rights-impacting and safety-impacting tagging
For each disclosed AI use, contractors must tag whether it is rights-impacting, safety-impacting, both, or neither, using the definitions in OMB M-24-10 Appendix I. Tagging accuracy matters because the rights- or safety-impacting tag triggers all of the heaviest downstream obligations - testing, monitoring, individual notice and appeal, and impact assessment.
Practical preparation: train your solutions architects and proposal team to apply the M-24-10 tagging rubric before contract signature. Document the rationale per use case. Expect the contracting officer to challenge a 'neither' tag on any AI that touches benefits adjudication, hiring, law enforcement, healthcare triage, identity verification, or critical infrastructure control.
3. Pre-deployment testing evidence
For rights- and safety-impacting AI, contractors must provide pre-deployment testing evidence covering performance, fairness, robustness, and security. Testing must be conducted with data representative of the agency's actual operating context, not the model's general benchmarks.
Practical preparation: assemble a pre-deployment test pack per offering, including: benchmark performance with confidence intervals; subgroup fairness analysis across protected classes; adversarial robustness against the OWASP LLM Top 10 and NIST AI 600-1 Generative AI risk taxonomy; prompt injection and data exfiltration tests; and an explicit statement of training data sources sufficient to support the agency's bias evaluation.
4. Model and system documentation
Contractors must provide system documentation sufficient for the agency to perform its own NIST AI RMF MAP and MEASURE functions. The required artefacts typically include a model card, a system card, a data card or data nutrition label, and an integration architecture diagram showing where the AI sits relative to agency data, decisions, and human oversight.
Practical preparation: maintain a current model card per model (following Google's model card template or equivalent), a current system card per offering (following Anthropic and OpenAI system card patterns), and a data card per training dataset. Version these artefacts and treat them as contract deliverables, not marketing collateral.
5. Data handling, retention, and training-data restrictions
Contractors must disclose and contractually agree to: where agency data is processed (data residency); how long it is retained; whether it is used to train or improve any model; whether it is shared with subprocessors; and whether it is subject to lawful access requests. Most agencies will require an affirmative no-training default and explicit consent for any improvement use.
Practical preparation: stand up a federal data handling addendum that defaults to: no training use; US-region processing; defined retention (typically 30 to 90 days for logs, zero for prompt and response content); enumerated subprocessor list with prior notice for changes; and FedRAMP-aligned encryption and access controls. Reference the addendum in every covered offering.
6. Human oversight and escalation paths
For rights- and safety-impacting AI, contractors must support human review of AI outputs, with the ability for an agency official to override, reverse, or escalate the decision. The system must record the reviewer identity, action, and rationale in an audit-grade log.
Practical preparation: ensure the offering supports a review or approval workflow with role-based access, decision logging, and rollback. If the offering is a model API rather than an application, document the recommended human-in-the-loop pattern and provide reference architecture for agency implementation.
7. Individual notice and appeal
For rights-impacting AI, contractors must support agency obligations to notify affected individuals that AI was used in a decision affecting them and to provide an appeal path. The notice and appeal requirement flows from EO 14110 and is reinforced in M-24-10.
Practical preparation: provide template notice language, an explanation interface (what factors drove the decision and how a human reviewer can revisit it), and an API or workflow integration that captures appeal requests in the same audit log as the original decision.
8. Continuous monitoring and incident reporting
Contractors must support post-deployment monitoring of model performance, fairness, and security, and must report incidents within agency-specified timelines. Typical agency contract language requires 72-hour notification of a confirmed AI incident affecting agency data, decisions, or systems.
Practical preparation: instrument the offering with continuous performance, fairness, and drift monitoring; expose monitoring data to the agency via dashboard or API; and maintain a published incident response procedure with named contacts. Map the procedure to the agency's CISO and Chief AI Officer contact list per contract.
9. Subcontractor and subprocessor flow-down
M-24-18 requires the contractor to flow down equivalent obligations to subcontractors whose work touches covered AI. In practice, this means cloud providers, foundation model vendors, data labelling vendors, and any third-party API used in the AI pipeline.
Practical preparation: review every upstream contract for the AI offering. Foundation model vendors must accept the same data handling, no-training, and incident reporting terms you accept with the agency. If your foundation model vendor cannot accept those terms, you have a M-24-18 readiness gap that must be disclosed.
10. AI Impact Assessment support
For rights- and safety-impacting AI, the agency must conduct and publish an AI Impact Assessment under M-24-10. Contractors must provide the technical inputs - the model card, system card, data card, testing results, and monitoring plan - sufficient for the agency to complete the assessment.
Practical preparation: pre-package the AI Impact Assessment input pack as a single deliverable, mapped against the agency template. The CIO Council and AI.gov publish reference templates that most civilian agencies have adopted with minor variations.
11. Decommissioning and exit
Contractors must support orderly decommissioning, including return or destruction of agency data, deletion of fine-tunes or embeddings derived from agency data, and certification of destruction. This obligation often surprises vendors who assumed standard data deletion clauses were sufficient.
Practical preparation: extend the offering's data deletion procedure to cover model artefacts derived from agency data (fine-tune weights, embedding indexes, retrieval caches). Document the deletion timeline (typically 30 to 90 days) and the certification artefact.
Get your free AI Risk Score
Take our 2-minute assessment and get a personalised AI governance readiness report with specific recommendations for your organisation.
Start Free AssessmentThe contractor readiness checklist
Use the following checklist as a self-assessment before responding to any federal AI solicitation. A confident yes against each line should be achievable in advance; if any line is a no, treat the contract as conditional until the gap is closed.
| # | Readiness item | Owner | Evidence artefact |
|---|---|---|---|
| 1 | AI bill of materials maintained per offering | Product | AIBOM document, version-controlled |
| 2 | Rights and safety-impacting tagging rubric documented | Legal + Product | Tagging procedure + worked examples |
| 3 | Pre-deployment test pack assembled per offering | ML / Eng | Test plan, results, fairness analysis |
| 4 | Model card, system card, data card current | ML / Eng | Versioned cards in public or private repo |
| 5 | Federal data handling addendum drafted | Legal | Standard contract addendum |
| 6 | Human oversight workflow available | Product | Demo + reference architecture |
| 7 | Notice and appeal pattern documented | Product | Template language + integration guide |
| 8 | Monitoring + incident response procedure published | Security | IR runbook, 72-hour SLA |
| 9 | Subprocessor inventory + flow-down terms confirmed | Legal | Subprocessor register, contract clauses |
| 10 | AI Impact Assessment input pack pre-packaged | Compliance | Single PDF or zip, mapped to template |
| 11 | Decommissioning procedure covers derived artefacts | Eng + Legal | Procedure document + destruction cert |
At Areebi, we built the platform so that obligations 4 through 11 are largely satisfied as a byproduct of using the control plane: the audit log, policy engine, DLP, and inventory generate the artefacts the contracting officer asks for, and the federal data handling defaults are pre-configured. The remaining obligations (AIBOM, tagging, test pack) are the contractor's responsibility regardless of the platform choice.
Cross-references to NIST AI RMF and EO 14110
M-24-18 is explicit that vendor obligations should align with the NIST AI Risk Management Framework and Executive Order 14110. The mapping matters because evidence prepared for one framework usually satisfies several others.
NIST AI RMF alignment. The disclosure and inventory obligation (#1) maps to GOVERN 6 (third-party AI risk). The testing obligation (#3) maps to MEASURE. The monitoring obligation (#8) maps to MANAGE. The Impact Assessment obligation (#10) maps to MAP. Vendors with a mature AI RMF programme typically discover that M-24-18 readiness is 70 to 80 percent complete on day one. See our NIST AI RMF implementation guide for the deeper mapping.
EO 14110 alignment. Executive Order 14110 (issued 30 October 2023, currently amended by subsequent executive actions but its civilian acquisition guidance largely operationalised through M-24-10 and M-24-18) introduced the AI Use Case Inventory, the rights- and safety-impacting categories, and the Chief AI Officer role. Vendor obligations under M-24-18 are the operational mechanism for delivering on EO 14110's civilian agency commitments.
FedRAMP alignment. While M-24-18 does not mandate FedRAMP authorisation, vendors with current FedRAMP Moderate or High authorisation will satisfy a large portion of the security control requirements automatically. The FedRAMP 20x programme (covered in our FedRAMP 20x guide) is the path of least resistance for civilian agency AI procurement in 2026.
What to do next
If you sell to federal civilian agencies and have not yet run a M-24-18 readiness assessment, schedule it this quarter. The full readiness build typically takes 60 to 90 days for a vendor with a mature compliance posture and four to six months for a vendor starting from scratch.
- FedRAMP 20x and AI vendors - the security authorisation path that pairs with M-24-18.
- NIST AI RMF implementation guide - the foundational framework that M-24-18 operationalises.
- NIST AI RMF GOVERN deep dive - the function that owns third-party AI risk.
- Enterprise AI compliance checklist - the broader compliance checklist M-24-18 fits into.
- Build an AI governance programme - the operating model that turns checklists into a sustainable programme.
External sources
- Office of Management and Budget, M-24-18: Advancing the Responsible Acquisition of Artificial Intelligence in Government (October 2024): whitehouse.gov/wp-content/uploads/2024/10/M-24-18-AI-Acquisition-Memorandum.pdf.
- Office of Management and Budget, M-24-10: Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (March 2024): whitehouse.gov/wp-content/uploads/2024/03/M-24-10-Advancing-Governance-Innovation-and-Risk-Management-for-Agency-Use-of-Artificial-Intelligence.pdf.
- Executive Order 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (October 2023): federalregister.gov/documents/2023/11/01/2023-24283.
- AI.gov, federal AI use case inventories and guidance: ai.gov.
- GSA, Responsible AI Acquisition Guide: gsa.gov/governmentwide-initiatives/artificial-intelligence.
- NIST AI 100-1, AI Risk Management Framework 1.0: nist.gov/itl/ai-risk-management-framework.
Frequently Asked Questions
Does M-24-18 apply to commercial off-the-shelf AI features?
Yes, if the AI is the subject of the acquisition or will be used by the agency in performance of the contract. A commercial SaaS product with AI features that touch agency data is in scope, even if the AI is not the primary marketing claim of the product. The contracting officer applies the covered AI definition based on actual use, not how the product is marketed.
What is the difference between rights-impacting and safety-impacting AI?
Rights-impacting AI affects individual civil rights, civil liberties, privacy, equal opportunity, or access to critical resources, including benefits, housing, employment, healthcare, education, and law enforcement contexts. Safety-impacting AI affects human safety, critical infrastructure, or strategic assets, including transportation, energy, water, defense, and emergency services contexts. A single AI use can be both; both trigger the heaviest contractor obligations under M-24-10 Appendix I and M-24-18.
Does the AI Use Case Inventory get published?
Yes. Each civilian agency publishes its AI Use Case Inventory publicly, with limited exemptions for national security or law enforcement sensitive entries. Vendor information appears in the inventory where the AI is contractor-provided. This means contractor naming, AI purpose, and rights or safety-impacting tags are typically public records, which raises the stakes for accurate tagging and documentation.
How does M-24-18 interact with the DoD and Intelligence Community?
M-24-18 covers civilian agencies. The Department of Defense and Intelligence Community follow parallel guidance, including DoD's Responsible AI Strategy and Implementation Pathway and IC-specific directives. Most contractor controls (model cards, testing, monitoring, incident reporting) are common across all three, but the contracting and disclosure mechanisms differ. Vendors selling across civilian, DoD, and IC should treat M-24-18 as the civilian baseline and layer DoD or IC-specific requirements on top.
What happens if a vendor cannot meet an obligation?
The contracting officer has discretion. Common outcomes include: contract award conditional on remediation by a specified date; a more restrictive scope (no rights-impacting AI use, no agency data ingest); a partial flow-down to a more compliant subcontractor; or contract non-award. Vendors who proactively disclose gaps and present a remediation plan generally fare better than vendors whose gaps are discovered during agency review.
Is FedRAMP required for M-24-18 compliance?
FedRAMP is not formally required by M-24-18 itself, but agencies almost always require FedRAMP authorisation (Moderate or High depending on data sensitivity) for any AI offering that hosts agency data in the cloud. The FedRAMP authorisation typically satisfies the security control requirements in obligations 5 (data handling) and 8 (monitoring) automatically. The FedRAMP 20x programme accelerates the path for AI-native vendors; see our FedRAMP 20x guide for details.
Related Resources
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and governance best practices.
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and best practices.
About the Author
Areebi Research
The Areebi research team combines hands-on enterprise security work with deep AI governance research. Our analysis is informed by primary sources (NIST, ISO, OECD, federal registers, IAPP) and the operational realities of CISOs running AI programs in regulated industries today.
Ready to govern your AI?
See how Areebi can help your organization adopt AI securely and compliantly.