The State Rents Its Mind
Public-sector AI procurement is where public authority can quietly become model dependence. The chatbot is the visible layer; the contract is the constitutional layer.
Here the state rents its mind when a public body attaches externally hosted, vendor-controlled, or subscription AI to public memory, casework, service delivery, enforcement, or procurement without retaining enough data rights, audit rights, update control, public-record access, and exit capacity to remain the accountable institution.
Adoption Becomes Infrastructure
The public conversation about government AI usually starts at the service window. Will the chatbot answer correctly? Will an automated system deny benefits? Will a risk score bias enforcement? Those questions matter, but they arrive late. By the time a citizen meets the interface, an older decision has already shaped the state: the agency has bought, licensed, integrated, or piloted a model system.
Procurement is where AI becomes government. It is where a model's terms of use, data rights, audit rights, pricing, security posture, model-update schedule, hosting arrangement, and exit path become part of public administration. The state does not merely use a tool. It rents a slice of someone else's cognitive infrastructure and attaches it to public authority.
The scale is no longer hypothetical. Public agencies are buying general-purpose assistants, domain systems, casework tools, cybersecurity tools, search interfaces, translation systems, analytics services, and model-enabled productivity suites. Many uses are routine: drafting, document search, translation, service support, data analysis, cybersecurity assistance, and internal workflow. But routine tools can still become institutional defaults.
The risk is not only a bad algorithmic decision. It is administrative habituation: the public agency learns to think, search, summarize, classify, and communicate through rented systems whose deeper incentives are not public.
Current Context
As of June 23, 2026, public-sector AI has moved from pilot rhetoric into procurement routes, agency inventories, executive guidance, and central buying programs. OMB's 2025 Federal Agency AI Use Case Inventory repository reports, in its April 13, 2026 summary, 3,611 individually reported AI use cases across all stages of development, 1,818 deployed or piloted use cases, and 445 high-impact use cases. Those are inventory counts, not proof that every listed system is deployed, mature, lawful, safe, or complete.
GAO's July 2025 generative-AI report found that across 11 selected federal agencies with AI inventories, reported AI use cases nearly doubled from 571 in 2023 to 1,110 in 2024, while generative AI use cases rose from 32 to 282. GAO's April 2026 acquisition review then examined 13 AI acquisitions at DOD, DHS, GSA, and VA and found that selected agencies were not yet systematically collecting lessons learned from AI acquisitions, even though those lessons could help future procurement.
The policy layer is now explicitly procurement-shaped. OMB Memorandum M-25-21 governs federal agency AI use, inventories, and high-impact risk practices. OMB Memorandum M-25-22 addresses AI acquisition, including competition, performance and risk management, privacy, testing, data rights, interoperability, and cross-functional procurement teams. OMB Memorandum M-26-04 later added federal LLM procurement principles around "truth-seeking" and "ideological neutrality." Whatever one thinks of those standards, they make LLM buying an evidence problem: agencies need scoped tests, dated records, vendor disclosures, and reviewable judgments rather than slogans.
GSA's current Buy AI page makes the purchasing channel visible by presenting OneGov agreements, procurement options, and best practices for agencies acquiring AI. GSA's February 2026 proposed government AI system terms and conditions are still draft material, but they show the direction of acquisition practice: procurement officers are being asked to contract for safeguards rather than rely on vendor assurances.
Outside the United States, the EU AI Act creates a parallel pressure on public buyers. Article 27 requires certain public bodies and private entities providing public services to perform a fundamental-rights impact assessment before deploying specified high-risk AI systems. A public agency buying AI therefore needs evidence it can reuse for deployer duties, public explanation, and post-deployment monitoring, not only a sales deck.
The Procurement Layer
The United States has already started writing procurement into AI governance. OMB Memorandum M-25-21, issued April 3, 2025, replaced the earlier M-24-10 framework and directed agencies to accelerate AI adoption while maintaining safeguards for privacy, civil rights, civil liberties, and public trust. It continued requirements around Chief AI Officers, AI strategies, inventories, governance, and minimum risk-management practices for high-impact AI.
OMB Memorandum M-25-22, issued the same day, addressed acquisition more directly. Its themes are revealing: a competitive AI marketplace, taxpayer-dollar protection through performance tracking and risk management, and cross-functional engagement in procurement. It explicitly warns agencies to pay attention to vendor sourcing, data portability, and long-term interoperability to avoid costly dependence on a single vendor.
GAO's 2026 review of federal AI acquisitions shows why that warning is practical rather than abstract. Agencies told GAO that traditional acquisition timelines can be poorly aligned with fast-moving AI markets. Officials also identified requirements definition and contract terms as persistent challenges. In one FEMA example, officials said that using an existing contract was faster but limited the AI terms they could include, including a post-award testing requirement.
The acquisition question is therefore not only whether a product can perform a task. It is whether the agency can produce transferable evidence: the test plan, model or service version, evaluation data, data-rights clause, training-use restriction, price and usage record, security authorization boundary, subprocessor list, incident contact, transition plan, and lesson learned. Without that evidence, each office repeats the same bargain in private while the vendor learns across government.
This is the governance hinge. Speed helps agencies experiment. Speed can also lock weak terms into consequential systems. A pilot that lacks audit rights, data rights, testing duties, model-change notice, or exit provisions may look cheap at the beginning and become expensive when the agency cannot govern the system it now relies on.
What the Vendor Gets
AI vendors do not only sell software. They can receive workflow knowledge, domain data, user feedback, institutional credibility, public-sector distribution, and a path into future contracts. A vendor that becomes familiar to an agency can shape what the agency later believes is easy, normal, measurable, or modern.
That is not necessarily corrupt. Governments need vendors. Public agencies cannot build every model, data pipeline, security system, user interface, and evaluation suite themselves. The issue is whether the agency keeps enough public capacity to remain a buyer with judgment rather than a dependent customer with legal authority.
GSA's current Buy AI page makes the acceleration visible. It points federal buyers toward OneGov agreements, other procurement options, and guidance that tells agencies to start with mission needs, scope and test solutions, use pilots or sandboxes before large purchases, manage data, engage officials, and monitor costs. That is sound advice. It also shows the shape of the new marketplace: public administration is becoming an AI sales channel.
The OneGov model deepens the tradeoff. GSA's September 2025 announcement with Meta described a streamlined approach that would make Llama models more accessible across federal departments and reduce repeated agency-by-agency negotiations. Standardization can save time and improve bargaining power. It can also make one central deal define the practical AI environment for many agencies at once.
Centralized buying is not automatically capture. But centralized buying raises the stakes of contract design. If the deal is good, public capacity scales. If the deal is weak, dependency scales.
Public Records, Private Models
Government AI is different from workplace AI because public agencies carry coercive and service obligations. They grant benefits, collect taxes, enforce rules, inspect facilities, manage records, answer the public, allocate resources, and decide who receives attention first. Even "internal productivity" tools can alter how public servants see the record.
That makes data rights central. M-25-21 advises agencies to retain sufficient rights to government data and improvements to that data, including cleaning and labeling, and to prevent vendor lock-in. It also says contract terms should protect federal information from unauthorized disclosure or use and from being used to train or improve a vendor's commercial offerings without agency permission.
Those clauses are not paperwork. They are public memory protections. A records-search assistant trained or tuned around agency documents may reshape how a public archive is navigated. A benefits-support tool may learn from casework patterns. A public-contact chatbot may accumulate a map of citizen confusion. A procurement assistant may learn the practical grammar of government buying. If the public does not retain rights, logs, explanations, and exit paths, administrative memory can migrate into private infrastructure.
The public also needs records of the AI layer itself. For high-impact uses, useful oversight may require model versions, prompts, retrieved sources, evaluation results, human-review traces, incident logs, vendor-change notices, and documentation of when AI output was used as a principal basis for action. A citizen cannot appeal a shadow.
That record has to survive vendor change. If the agency cannot export the relevant prompts, source references, audit logs, model-version evidence, evaluation files, error reports, and public-facing guidance history in a usable form, then the vendor is not only hosting a system. It is holding part of the administrative record.
The Public Procurement File
The control object should be a procurement file, not only a contract award. A serious file names the use case, inventory identifier, public register entry where disclosure is lawful, vendor, subcontractors, model or service, data categories, training-use defaults, hosting boundary, retention rules, logging rules, evaluation evidence, risk classification, human oversight role, public notice, appeal path, incident contact, change history, renewal trigger, and exit plan.
For hosted generative AI and agent systems, the file should go further. It should record connectors, tool permissions, retrieval indexes, prompt templates, memory settings, embeddings, audit logs, approval gates, identity controls, and whether government prompts, files, outputs, traces, or feedback can be used to train or improve a vendor's commercial offerings. A chatbot, a search assistant, and an agent with production access are different procurement objects even if the same vendor sells them.
The public version of the file can be tiered. Some fields should be public; some belong to affected people, auditors, inspectors general, courts, or regulators; some security details should be protected. But secrecy should be a governed field, not a black hole. The record should explain what is withheld, why, who can inspect it, and when the withholding is reviewed.
This connects procurement to AI system inventories, audit trails, impact assessments, public registers, and vendor governance. The same stable identifier should travel through all of them. Otherwise each oversight process names a slightly different machine, and public memory breaks exactly where accountability needs continuity.
From Pilot to Dependence
AI adoption often begins with modest language: trial, sandbox, pilot, assistant, copilot, workflow support. Those words lower institutional resistance. They also hide the path by which a tool becomes ordinary.
A pilot changes habits. Staff learn a vendor's interface. Managers build process metrics around it. New hires are trained into it. Old workflows are allowed to decay. Documents are formatted for it. Integrations are added. Budget lines normalize. Public expectations adjust. After enough time, the agency can still "choose" another system on paper, but the cost of leaving has grown.
This is why AI procurement is not only about buying the best model today. GAO's 2026 acquisition review includes a GSA official's warning against committing to the AI equivalent of early search engines that later lost to stronger competitors. The point is not nostalgia for web history. It is institutional discipline: do not build public administration around a vendor just because that vendor is first, cheap, fashionable, or easy to buy this fiscal year.
Model markets change. Policies change. Capabilities change. Pricing changes. Safety behavior changes. A system that works acceptably in one release may drift under new data, new prompts, new tools, or new vendor priorities. A public agency needs contract language and internal skill that survive that volatility.
Failure Modes
Pilot drift. A small assistant becomes a default workflow before the agency has reviewed the data path, output reliance, accessibility burden, civil-rights risk, audit trail, or exit plan.
Contractual blackout. Trade-secret, security, or confidentiality language is written so broadly that auditors, affected people, journalists, courts, and even agency staff cannot see enough to test what the system did.
Data-improvement leakage. Public records, casework patterns, citizen questions, staff corrections, and agency-specific prompts improve a vendor's product without a clear public benefit, consent basis, retention limit, or compensation.
Inventory mismatch. The public inventory lists one generic use case while the real deployment contains several models, integrations, prompt templates, retrieval stores, subcontractors, and human-review rules. The public sees a row; the agency operates a stack.
COTS invisibility. A commercial off-the-shelf suite adds an assistant, summarizer, classifier, or agentic workflow under an existing license. Staff begin using it before the agency treats it as an AI use case, procurement object, records system, or risk-managed deployment.
Central-deal dependency. A government-wide agreement lowers price and negotiation cost, but also makes one vendor's interface, data format, policy defaults, and training path the easy option across many agencies at once.
Renewal amnesia. A contract extension treats the original pilot approval as still valid even though the model, terms, pricing, subprocessors, data use, usage scale, or affected population changed.
Metric capture. Procurement evidence narrows to deflection, speed, savings, or staff satisfaction while error correction, accessibility, appeal quality, public-record preservation, and excluded users remain unmeasured.
Capacity hollowing. The agency uses a vendor system to compensate for staff shortages, then loses the internal skill needed to evaluate the vendor, write requirements, review outputs, maintain records, or switch systems.
Democratic Procurement
A democratic AI procurement standard should be stricter than "the model is useful" and more practical than "never buy commercial AI." The useful standard is public control under real operating conditions.
First, define the public task before selecting the model. Agencies should not buy generic intelligence and then search for a mission. The problem, affected population, risk category, records involved, human-review path, and failure mode should be named before procurement language hardens.
Second, require data and model portability where feasible. The agency should know what data it can export, what improvements it owns, what logs it keeps, and what happens if it changes vendors. Portability is bargaining power.
Third, preserve audit and public-record rights. Trade secrets cannot become a universal shield around public authority. Contracts should anticipate audits, records requests, incident investigations, litigation holds, model-change notices, and public explanations where lawful.
Fourth, test before and after award. Pre-award demos are weak evidence. Systems need task-specific evaluation, subgroup analysis where relevant, security review, red-team testing for misuse or prompt injection, monitoring after deployment, and clear discontinuation triggers for high-impact uses.
Fifth, keep public servants competent. AI can support public work, but it should not hollow out the expertise needed to supervise it. Agencies need technical, legal, procurement, records, privacy, civil-rights, security, and frontline domain knowledge inside the institution.
Sixth, make inventories meaningful. A public AI inventory should not be a vague catalog of tools. It should help the public understand purpose, owner, vendor, status, affected population, risk level, and accountability path where disclosure is lawful. Inventories are the first defense against invisible automation.
Seventh, bind training and improvement terms. Government prompts, files, outputs, feedback, embeddings, logs, and corrections should not silently become commercial training material or reusable vendor analytics. If reuse is allowed, it should be explicit, limited, reviewed, and tied to public value.
Eighth, rehearse exit before renewal. A paper termination right is weak if the agency cannot export records, recreate indexes, preserve logs, maintain service, transfer workflows, or explain historical decisions after leaving the vendor.
Ninth, separate central deals from local deployments. A government-wide buying path may be efficient, but each agency use still needs a mission-specific risk classification, data review, human-oversight plan, accessibility check, and complaint route.
Tenth, turn renewal into evidence review. Renewal should ask what changed: model behavior, pricing, terms, subprocessors, incident history, usage scale, user reliance, appeal quality, and public complaints. A renewal that only asks whether staff like the tool is not governance.
Eleventh, make commercial-suite AI visible. Embedded assistants, copilots, search tools, summarizers, classifiers, and agents should not escape review because they arrive inside a platform the agency already licenses. The trigger should be function and authority, not whether a new contract line item says "AI."
Twelfth, collect lessons learned as a procurement asset. Agencies should record discontinued pilots, failed tests, vendor limitations, data-rights disputes, accessibility problems, prompt-injection findings, pricing surprises, and successful clauses in a form other buyers can reuse. Lessons learned are a public-capacity tool, not a private embarrassment.
Thirteenth, protect human fallback capacity. Public AI should not justify closing phone lines, desks, interpreters, disability accommodations, paper paths, or human review channels before the agency can prove the AI route is accurate, accessible, contestable, and reversible for the people most likely to be harmed by failure.
This standard is not anti-innovation. It is the condition for legitimate innovation in public service. A government that cannot explain, test, exit, or contest its AI systems has not modernized. It has outsourced part of its mind.
Source Discipline
Public-sector AI procurement claims need source separation. OMB memoranda are executive-branch guidance for covered federal agencies. GAO reports are audit evidence. GSA buying pages and announcements show acquisition pathways and government statements, not independent proof that a tool is safe, lawful, accurate, or appropriate for a specific mission. Draft acquisition clauses should be cited as draft. Agency inventories show reported use cases, not complete deployment reality.
Counts need dates and definitions. OMB's 3,611 individually reported use cases, 1,818 deployed or piloted use cases, and 445 high-impact uses are repository counts from the 2025 federal inventory summary, not a universal census of every AI feature available to federal staff. GAO's 571-to-1,110 comparison applies to 11 selected agencies with inventories, not every public body. A source-disciplined article keeps those scopes visible.
Contract claims should name the field at issue: data rights, training use, logging, retention, audit access, security, subcontractors, model-change notice, public-record treatment, human oversight, appeal, or exit. Saying "the vendor is compliant" is not evidence. A procurement file should show which obligation is contractual, which is policy, which is technical capability, which is self-attestation, and which has been independently tested.
Risk frameworks can help structure that review, but they do not govern a system unless they are translated into requirements, tests, owners, logs, and remedies. A voluntary framework citation is not a substitute for contract language, public notice, or a working appeal path.
Commercial-suite claims need special caution. A tool may be reported as a consolidated commercial off-the-shelf use, a separate agency use case, a productivity feature, a security service, or a high-impact system depending on context. Source discipline should ask which reporting channel was used, what agency data the feature touches, whether outputs materially affect public work, and whether the deployment can be reconciled with procurement, inventory, records, and incident files.
What This Changes
The state is not only a set of laws. It is a memory system. It stores names, cases, benefits, records, maps, histories, obligations, exceptions, complaints, permissions, and reasons. When AI enters that memory system, it changes how the state remembers and how it answers.
That is why procurement matters. The interface may look like a helpful assistant, but the contract decides whether the assistant is inspectable, portable, contestable, and subordinate to public duty. A model-mediated agency can become faster while becoming less answerable. It can sound clearer while hiding more of the path between record and decision.
The danger is not that every government chatbot becomes a tyrant. The danger is quieter: public authority learns to speak through private systems until the public can no longer tell where the state ends and the vendor begins.
The answer is institutional design. Public AI should leave trails. It should have owners. It should preserve appeal. It should protect public data from silent reuse. It should keep exits open. It should make procurement officers, technologists, lawyers, auditors, frontline workers, and affected communities part of the same loop before the system becomes normal.
The state may use models. It must not rent away the conditions of its own judgment.
Related Pages
- AI in Government and Public Services
- AI Procurement
- AI System Inventory
- Algorithmic Impact Assessments
- AI Audit Trails
- AI Audits and Assurance
- Human Oversight of AI Systems
- Notice and Appeal
- Sovereign AI
- U.S. AI Policy
- The AI Bill of Materials Becomes the Supply Chain Map
- The AI Audit Becomes the Compliance Interface
- The AI Register Becomes Public Memory
- The Government Chatbot Becomes the Front Desk
- The Public Comment Bot Enters Rulemaking
- The Redaction Model Becomes the Public Records Clerk
- Vendor and Platform Governance
- Transparency and Public Registers
- Privacy and Data Stewardship
Sources
- Office of Management and Budget, 2025 Federal Agency AI Use Case Inventory, repository summary as of April 13, 2026; reviewed June 23, 2026.
- U.S. Government Accountability Office, Artificial Intelligence: Generative AI Use and Management at Federal Agencies, July 29, 2025; reviewed June 23, 2026.
- U.S. Government Accountability Office, Artificial Intelligence Acquisitions: Agencies Should Collect and Apply Lessons Learned to Improve Future Procurements, April 13, 2026; reviewed June 23, 2026.
- Office of Management and Budget, M-25-21: Accelerating Federal Use of AI through Innovation, Governance, and Public Trust, April 3, 2025; reviewed June 23, 2026.
- Office of Management and Budget, M-25-22: Driving Efficient Acquisition of Artificial Intelligence in Government, April 3, 2025; reviewed June 23, 2026.
- Office of Management and Budget, M-26-04: Increasing Public Trust in Artificial Intelligence Through Unbiased AI Principles, December 11, 2025; reviewed June 23, 2026.
- U.S. General Services Administration, Buy AI, last updated May 11, 2026; reviewed June 23, 2026.
- U.S. General Services Administration Federal Acquisition Service, Proposed Government AI System Terms and Conditions, draft, February 2026; reviewed June 23, 2026.
- U.S. General Services Administration, GSA, Meta Collaborate to Accelerate AI Adoption Across the Government, September 22, 2025; reviewed June 23, 2026.
- European Union, Regulation (EU) 2024/1689 Artificial Intelligence Act, Official Journal text, 2024; reviewed June 23, 2026.
- European Commission AI Act Service Desk, Article 27: Fundamental rights impact assessment for high-risk AI systems, reviewed June 23, 2026.
- NIST, AI Risk Management Framework, reviewed June 23, 2026.