Industry Response to Proposed GSAR Clause 552.239-7001, Basic Safeguarding of Artificial Intelligence Systems

Dear Administrator,

The U.S. Chamber of Commerce appreciates the opportunity to provide feedback on the proposed General Services Acquisition Regulation (GSAR) Clause 552.239-7001, Basic Safeguarding of Artificial Intelligence Systems. We commend the General Services Administration’s (GSA) efforts to establish appropriate safeguards for the use of Artificial Intelligence (AI) systems in federal procurement. The Chamber shares the government’s commitment to responsible AI deployment, data protection, and ensuring the security and integrity of government information.

Upon careful review, the Chamber has identified several concerns regarding the proposed draft, which may inadvertently lead to unintended consequences. These include limiting competition, increasing costs to the government, creating duplicative or conflicting compliance obligations, and discouraging commercial AI providers from participating in the federal marketplace. Additionally, there is a lack of clarity regarding whether implementation will be immediate or phased, as well as how cost impacts to existing systems will be addressed, including whether equitable adjustment claims would be anticipated or permitted under this clause.

We respectfully submit the following observations for GSA’s consideration.

1. The Definitions of "AI System" and “AI Service Providers” Are Overly Broad and Require Narrowing

The Chamber believes that the current definitions of "AI System" and “AI Service Provider,” as outlined in the proposed clause, are overly broad and require refinement to ensure clarity and practicality. The definition of "AI System," which mirrors the statutory language from the Advancing American AI Act, extends beyond the intended scope of a mandatory Schedule-wide clause. Similarly, the definition of “AI Service Provider” encompasses service providers whose software includes AI features that may be used indirectly by a contractor in connection with a GSA contract, such as productivity, HR, or accounting software.

As currently drafted, these definitions capture not only generative AI and large language models but also back-end infrastructure, security monitoring tools, machine learning algorithms embedded in standard commercial software, and other technologies that are not central to the provision of AI services to the Government. This expansive scope introduces significant compliance uncertainty and risks unintentionally including a wide array of commercial offerings that fall outside the intended focus of this regulation. Moreover, the clause appears to require contractors to report and track AI within common off-the-shelf business tools, including incidental or embedded AI features that may not be readily identifiable by the contractor. Such requirements impose substantial new burdens on contractors—particularly small businesses—and risk delaying procurements.

To address these concerns, the Chamber recommends that GSA refine the scope of the clause to specifically target AI systems that directly deliver AI capabilities or process Government data, while excluding generally available commercial software that incorporates embedded or incidental AI functionality. Additionally, explicit guidance is needed regarding retroactive applications, including whether the 30-day notification requirements will apply to existing contracts if the clause is added mid-performance, rather than those that incidentally incorporate AI components.

The AI clause should also include clear instructions on when it should be added to solicitations and contracts. This should include a definition of “solicitations and contracts for Artificial Intelligence capabilities” that explicitly excludes:

• “Any common commercial product within which artificial intelligence is embedded, such as a word processor or map navigation system” (as defined in the Advancing American AI Act).
• “AI used incidentally by a contractor during performance of a contract (e.g., AI used at the option of a contractor when not directed or required to fulfill requirements)” (as outlined in OMB memo M-25-22).

These refinements will help ensure that the clause is appropriately tailored, minimizes unnecessary burdens, and supports the effective and efficient use of AI in federal procurement.

2. Intellectual Property Rights and the Definitions of 'Custom Development' and 'Government Data' Require Narrowing

The Chamber has substantial concerns with the clause's treatment of intellectual property, particularly the overly broad definitions of "Custom Development," "Data Inputs," "Data Outputs," and "Government Data." As drafted, the clause could be interpreted to grant the Government ownership over fine-tuned models, configurations, and enhancements derived from contractors' proprietary technology and pre-existing intellectual property.

Additionally, the expansive definitions of data risk encompassing contractor proprietary information, vendor documentation, metadata, telemetry, system logs, and other operational data that do not constitute substantive Government information. Asserting Government ownership over such data—and over all "Input Data"—is inconsistent with established commercial norms, disregards existing regulatory frameworks governing contractor intellectual property, and fails to reflect the Government's prior rights in contractor data, which are typically limited to license rights.

This approach risks discouraging private sector investment in AI innovation for the federal market. It could hinder contractors from leveraging general technical expertise and methodologies developed during Government engagements for other customers and deter companies from offering advanced AI capabilities critical to supporting national security missions. Furthermore, while the clause contemplates Government feedback, it restricts the use of such feedback and resulting updates to the specific contract. This diverges from commercial practices that allow feedback to be used freely to drive foundational improvements, thereby stifling innovation.

To address these concerns, the Chamber strongly urges the General Services Administration (GSA) to clarify that contractors retain all rights to their pre-existing intellectual property and that Government ownership is appropriately limited to deliverables uniquely tailored to the Government's requirements. Specifically, we recommend the following refinements:

1. Refine "Custom Development": The definition should include only those designs, configurations, or deliverables expressly directed, funded, and specified by the Government under the contract—explicitly excluding modifications or optimizations derived from contractors’ commercial technology.

2. Narrow "Government Data" and Related Terms: The definitions of "Data Inputs," "Data Outputs," and "Government Data" (including the provisions in Section (c)(1)(iii) concerning derivative works) must be narrowed to focus specifically on data that is genuinely Government-owned or Government-furnished. The definitions should explicitly exclude contractor proprietary data, vendor operational metrics, and system-level information that does not contain Government content.

By implementing these refinements, the Government can foster a more balanced and collaborative environment that encourages private sector innovation while ensuring the Government’s needs are met effectively. The Chamber remains committed to working with GSA and other stakeholders to address these critical issues and advance policies that support innovation, economic growth, and national security.

3. Contractor Liability for Service Provider Compliance Is Misaligned with Commercial Practice

The Chamber is concerned that the proposed clause imposes sole responsibility on the prime contractor for ensuring the compliance of all Service Providers, including those whose AI systems the contractor neither owns nor operates. This approach significantly expands liability beyond established commercial practices and proven frameworks, such as the Federal Risk and Authorization Management Program (FedRAMP). Additionally, the clause’s broad applicability could extend to indirect service providers performing back-office functions entirely unrelated to the Government contract, creating disproportionate compliance burdens.

The definition of “Service Provider” further risks confusion regarding the application of requirements such as DFARS 252.204-7012 and other cybersecurity flow-down obligations when Government data flows through AI systems. Misalignment in these obligations could lead to duplicative or inconsistent reporting and security requirements, adding unnecessary complexity for contractors.

To address these concerns, the Chamber recommends that GSA align contractor responsibility provisions with existing commercial frameworks, narrow the clause’s applicability to AI systems that directly handle Government data or are delivered to the Government, and ensure that Service Providers are held appropriately accountable for their own AI systems. These adjustments will help maintain clarity, reduce undue burdens, and support effective compliance.

4. The "Any Lawful Government Purpose" License Language Is Overly Broad

The Chamber supports the intent behind this provision to ensure that U.S. Government agencies can execute their missions effectively without unnecessary constraints from industry. However, the Chamber is concerned that the license grant language permitting the use of AI systems for "any lawful Government purpose" introduces broader implications that pose significant risks for contractors. Such language could allow AI systems to be used in contexts for which they were neither designed, tested, nor intended, potentially exposing contractors to unforeseen liabilities for outcomes beyond their control.

Additionally, this provision may conflict with commercial license terms under which AI systems are provided and could be interpreted as requiring government purpose rights in AI systems developed exclusively at private expense. This would be inconsistent with applicable Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) provisions regarding data rights.

To address these concerns, the Chamber recommends that GSA refine this language to ensure that the use of AI systems is consistent with their documented capabilities and the terms under which they are commercially offered. For non-commercial systems, the terms should align with existing Government intellectual property acquisition practices. These refinements will help mitigate risks, preserve contractor rights, and maintain alignment with established regulatory frameworks.

5. The Clause, in Aggregate, Deviates Significantly from Commercial Practice

The Chamber underscores that the proposed clause introduces requirements that significantly deviate from standard commercial terms and practices for AI services. Such departures are likely to compel the Government to procure specialized, Government-unique AI solutions, rather than capitalizing on the best commercially available technologies. This approach risks driving up costs and potentially reducing the capabilities available to the Government.

Provisions such as maintaining detailed records of all processing activities, enforcing data segregation, requiring extensive documentation of decision-making processes, and granting broad audit rights based on undisclosed Government benchmarks go well beyond commercial norms. These requirements may also prove technically unfeasible for many providers, further limiting the pool of potential vendors.

To address these concerns, the Chamber strongly encourages GSA to align the clause with existing commercial practices and established frameworks. Doing so will ensure that the Government can access the full spectrum of commercial AI innovation while maintaining competitive pricing and fostering a robust marketplace.

6. The "American AI Systems" Requirement Needs Clarification

The Chamber supports the policy objective of promoting the use of American-made AI systems. However, the clause's prohibition on the use of foreign AI systems raises significant practical challenges. The current definition of "American AI Systems" lacks clarity and could unintentionally restrict the use of open-source AI technologies, globally developed components, and other widely adopted commercial tools. This includes tools used for research and development or internal processes not directly tied to systems used in federal contract performance. Additionally, the definition does not address how factors such as geographic development, ownership structure, training data location, corporate headquarters, or foreign investment influence eligibility.

Such a strict prohibition risks undermining competition and may conflict with federal acquisition law and policy. To address these concerns, the Chamber urges GSA to provide greater clarity on the definition of "developed and produced" in the United States. The implementation of this requirement should maintain competition, avoid imposing obligations beyond systems used for federal contract performance, and ensure access to the most advanced AI technologies. A tiered, risk-based framework—aligned with 10 U.S.C. § 3252 and incorporating waiver or authorization procedures—would enable the Government to restrict foreign AI in sensitive use cases without unintentionally limiting access to cutting-edge capabilities.

Aligning the clause with this established statutory framework would ensure that AI-related safeguards remain focused on genuine national security risks rather than broadly restricting commercial technologies. This approach would address real supply chain threats while allowing vendors to continue using commercial AI tools and maintaining broader business relationships without undue restriction. It would also reduce administrative burdens, provide contractors with predictable and reasonable compliance requirements, and preserve the freedom to use or develop commercial AI tools. Ultimately, this approach supports faster innovation, enabling the Government to benefit from more advanced, commercially driven solutions.

7. The Portability Requirements Under Article (g) Are Unworkable and Would Undermine Commercial SaaS Procurement

The Chamber has significant concerns with the proposed Article (g), which, in its current form, fails to establish a workable portability standard and instead imposes an overly broad mandate that would materially undermine the commercial SaaS market available to the Government.

First, the requirement that all outputs and interfaces use "open and standard" formats and APIs is impractical and will inevitably lead to procurement disputes. Major enterprise platforms are designed with a mix of open and proprietary APIs. Rather than mandating that all pathways be open and "standard," the requirement should focus on ensuring that at least one open or standard export path is available, providing a practical and balanced approach.

Second, Article (g)(2) effectively operates as a de facto ban on modern SaaS and COTS solutions. Virtually all mature enterprise platforms rely on proprietary components—such as optimized data structures, platform services, SDKs, and licensing constructs—and inherently include some level of platform dependency to support sophisticated systems. This provision would disqualify most commercially available enterprise solutions from federal procurements, not because the Government cannot retrieve its data, but because these solutions necessarily include proprietary elements by design. Such an outcome would be counterproductive to the Government's stated goal of portability. Instead of enhancing portability through clear and implementable export requirements, this approach would reduce the pool of eligible providers, stifle competition, and hinder innovation. It also creates an unrealistic retrofit challenge for existing deployments, as large enterprise vendors maintain extensive portfolios of legacy interfaces critical to mission-specific integrations.

Third, for large-scale enterprise solutions, an "export all" function is not a simple one-click feature or a standard product capability. It requires a full-scale data migration effort involving upfront scoping of what "all" includes, planning, tooling, dedicated resources, and coordinated execution. The clause fails to account for the complexity and cost of such an undertaking, making it unfeasible for many providers.

Finally, the requirement to export data in a manner that "enables accurate and complete ingestion and reconstruction" would compel the disclosure of proprietary data models, architectures, and business logic—essentially demanding the architectural blueprints of the software itself. Database schemas and data models are the result of decades of research and development and are treated as core trade secrets. Mandating their disclosure would create significant technical, compliance, and competitive risks. From a technical perspective, this requirement is impractical, as relational integrity is enforced by millions of lines of application code and business logic that cannot be exported in a "standard" format for meaningful reconstruction by another system.

We strongly urge GSA to replace the current Article (g) framework with targeted, practical portability requirements that ensure the Government can retrieve its data without mandating the disclosure of proprietary architectures or effectively excluding the commercial platforms the Government relies on today. This approach will preserve competition, foster innovation, and maintain access to the best commercial solutions.

8. Additional Areas for Clarification:

· Incident Reporting: The clause may duplicate or conflict with existing reporting requirements under DFARS or CISA frameworks. We recommend explicitly harmonizing these obligations and providing clear guidance on handling AI-related incidents involving classified data.

· Change Management and Transition Risks: If contractors are required to replace AI products mid-performance, Government-directed transitions should include provisions for schedule adjustments to avoid disruptions.

· Bias and Ideological Content Requirements: The clause references "ideological dogmas," a term that is subjective and challenging to apply in contracting. We recommend establishing objective criteria or further limiting the language to ensure clarity and consistency.

Conclusion

The Chamber appreciates GSA's engagement with industry on these critical issues and acknowledges the challenges involved in crafting appropriate terms for AI procurement. We remain committed to collaborating with GSA to develop a final clause that safeguards Government interests while fostering a competitive and innovative commercial AI marketplace that supports the Government's mission. We welcome the opportunity to further discuss these concerns and provide additional input as the rulemaking process progresses.

Sincerely,

Michael Richards
Executive Director
Chamber Technology Engagement Center
U.S. Chamber of Commerce

About the author

Michael Richards

Michael Richards is the executive director of policy at the Chamber's Center for Technology Engagement.

Read more