The US General Services Administration published a proposed General Services Administration Acquisition Regulation (GSAR) clause on 17 June 2026, identified as FR Doc. 2026-12205, amending 48 CFR Parts 539 and 552. The clause is at the proposed rule stage. The public comment period closes on 3 August 2026. A public listening session is scheduled for 14 July 2026, with registration closing 3 July 2026. This is a substantially revised version of a January 12, 2026 draft.
The proposed clause amends 48 CFR Part 539 (Acquisition of Information Technology) and Part 552 (Solicitation Provisions and Contract Clauses). It applies specifically when a large language model processes Government data as part of contract performance. The clause addresses four areas: data protection standards for Government data processed by LLMs; intellectual property rights in AI-generated outputs; restrictions on using Government data to train or fine-tune AI models; and ethical AI development principles. The clause is expressly inapplicable where LLMs are embedded in standard commercial products or where LLM functionality is merely incidental to the contract deliverable. The proposed text is informed by OMB Memorandums and prior Executive Orders on federal AI governance.
Federal contractors and technology vendors who provide AI systems, AI-enabled services, or software-as-a-service incorporating LLMs that process Government data will face new contractual compliance requirements once the clause is finalised. Companies providing AI platforms, intelligent automation, AI-assisted analytics, or AI-enhanced professional services to the federal government should review their data handling architectures, subcontractor flow-down obligations, and Government data processing agreements against the proposed requirements. The "incidental use" exclusion provides a potential safe harbour for certain commercial off-the-shelf software providers, but the clause's definition of when LLM use is "incidental" is currently unsettled.
The January 2026 draft has been substantially revised, and organisations that commented on the earlier version should re-engage with the current text before the August 3 deadline. Key definitional questions remain open: what constitutes "Government data" for purposes of the clause, and when LLM processing is sufficiently incidental to fall outside the clause's scope. The proposed clause operates alongside NIST AI Risk Management Framework requirements already embedded in some federal technology contracts and will eventually interact with implementing guidance from the June 2026 Executive Order on AI cybersecurity.
Licentium advises on US federal AI procurement regulation, government contracting compliance, and AI data governance. We may be able to assist contractors in assessing exposure under the proposed clause, drafting public comment submissions, or connecting them with US federal acquisition law specialists in our partner network. Work we undertake includes federal AI procurement analysis, GSAR and FAR compliance review, AI data handling advisory, and government contracting regulatory strategy.