The U.S. General Services Administration (GSA) published a proposed rule today in the Federal Register—GSA Regulation 552.239‑7001, titled “Basic Safeguarding of Data Within Large Language Model Artificial Intelligence Systems.” This rule significantly tightens how government data may be used by contractors deploying or operating large language models (LLMs) under federal contracts. (hklaw.com)

Key provisions include:

  • Government retains full ownership of all data inputs, outputs, and custom developments; prohibited uses now explicitly include training or improving LLMs, using data for marketing or strategy, unauthorized retention, or transferring data outside the contract’s scope. (hklaw.com)
  • “Eyes‑off” data handling is replaced by detailed automated technical controls: encrypted processing, no human access to data, audit logging without exposing content, and secure automated ingestion and response generation. (hklaw.com)
  • The rule applies across the entire LLM supply chain, including subcontractors and service providers not party to the prime contract. (hklaw.com)
  • Contractors face potential termination for cause, suspension of AI system use, and liability for decommissioning costs if they fail to comply. (hklaw.com)

A public listening session is scheduled for July 14, 2026, at George Washington University Law School in Washington, D.C., and written comments are due by August 3, 2026. Contractors and vendors should assess their LLM architectures and compliance readiness immediately. (hklaw.com)