AI Governance Briefing — March 28, 2024
OMB Memorandum M-24-10 now requires U.S. federal agencies to inventory AI systems, conduct impact assessments, implement human oversight, and report serious incidents within 24 hours.
Executive briefing: The Office of Management and Budget finalized Memorandum M-24-10, Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence, on March 28, 2024. Agencies must publish AI use case inventories by December 1, 2024, certify safety-impact assessments, and notify OMB of serious incidents within 24 hours while alerting affected individuals within seven business days.
Control checkpoints
- Inventory preparation. Vendors supporting agencies should prepare documentation packets that align offerings to the public inventory format—system purpose, data inputs, safeguards, and human oversight.
- Impact assessments. Safety-impacting AI requires Algorithmic Impact Assessments before deployment; align red-team reports, bias testing, and assurance evidence to the memorandum’s annex.
- Incident escalation. Wire telemetry, support desks, and legal counsel to meet 24-hour OMB notifications and seven-day individual outreach requirements.
- Human oversight. Systems materially affecting rights or safety need advance approval and documented override controls; ensure interfaces expose human-in-the-loop checkpoints.
Action plan
- Update capture playbooks and federal account plans so proposals speak directly to M-24-10 evidence requests.
- Map memorandum controls to NIST AI RMF, NIST SP 800-53, and ISO/IEC 42001 safeguards to simplify compliance reporting.
- Run quarterly tabletop exercises with agency partners covering incident escalation and public communications.