OMB’s AI Interoperability Guidance

Earlier this month, the Office of Management and Budget (OMB) issued new AI procurement guidance to ensure federal agencies promote competitive markets for acquisition, support the responsible usage of AI, and implement new acquisition governance models. Given that the federal government is the single largest buyer with over $750 billion in annual spending and recent expenditures in FY 2023 amounting to over $100 billion in IT products and services alone, such decisions by the government enables vendor diversity, technological development, and robust cybersecurity. 

Throughout this guidance, OMB emphasizes the significance of interoperability requiring vendors to adhere to procedures that promote the mobility of data and models. Given the breadth of technical specificities and complexities AI programs possess, it is critically important that systems can function within an interoperable and cloud-agnostic environment to fully capitalize on AI’s growing capabilities and hedge against malfunctions. Along with other transparency measures, OMB requires federal agencies to explicitly consider interoperability and transparency during market research, requirements development, and vendor evaluation to minimize risks like vendor lock-in and high switching costs. Overall, this guidance provides positive momentum that will enhance the government’s utilization of AI as well as foster innovation.

However, as the 119th Congress nears, both re-elected and new members must ensure these standards are incorporated into their appropriations work and oversight activities to maintain U.S. leadership in the development of the latest AI technologies. All agencies from the Small Business Administration (SBA) to the Department of Defense (DoD) should be asking themselves three questions throughout both the procurement process and when examining existing systems.

(1) Are systems interoperable, and if not, how can we work with vendors to minimize switching costs that enables a modular approach to IT and IT contracting?

(2) Is data portable and presented in a machine-readable format, and if not, how do we shift to a solution that supports critical features of an AI-ready IT environment?

(3) Of existing systems in operation, what exposure do they have to vulnerabilities identified in the National Vulnerability Database (NVD) by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) and how have those vulnerabilities been mitigated or internal processes improved to avoid future vulnerabilities?

These questions must be applied in the context of both small and large businesses and should be integrated into cyber procurement and cybersecurity infrastructure such as the CMMC, SEWP VI, GWAC, and small business set-asides, for example. In turn, this will expand contracting opportunities for small businesses, increase vendor pools that stoke greater competition, and increase national security by fostering secure and resilient cyber ecosystems.