\u201cWithout these kinds of measures in place, some of the riskiest tools used by federal agencies are left without real oversight or mechanisms for agencies to validate performance and efficacy,\u201d said Quinn Anex-Ries, a senior policy analyst focused on equity and civic tech at the Center for Democracy & Technology. \u201cIt\u2019s not only heightening the risk of failed AI projects and wasted taxpayer dollars, but it also opens the American public to a host of potential AI harms.\u201d<\/p>\n
The Department of Labor said it has implemented all the required risk management practices for high-impact use cases, consistent with the OMB memo. The agency posted an updated inventory earlier this week with the appended risk management categories.\u00a0<\/p>\n
\u201cAt this time, DOL has no active non\u2011compliant high\u2011risk AI use cases,\u201d a spokesperson told FedScoop. \u201cAny use case that did not meet federal standards has been paused or discontinued.\u201d<\/p>\n
While the agency did not identify risk levels of use cases in its prior inventory, a newly published version categorizes just one use case as high-impact: an AI-powered scrubber of personally identifiable information.\u00a0\u00a0\u00a0<\/p>\n
Last week, NASA also posted an updated AI inventory<\/a>. An agency spokesperson said in an email that AI use cases that don\u2019t meet requirements have been removed, and NASA\u2019s one high-impact AI use case has the proper guardrails in place. In the updated inventory, however, the agency said the development of monitoring protocols is still in-progress and an independent review of the AI use case has not been completed.\u00a0<\/p>\n Similarly, the Department of Veterans Affairs told FedScoop that it has complied with OMB\u2019s requirements. The agency quietly uploaded an updated version<\/a> of its AI inventory that featured new sections for the risk management practices. The VA filled in the nine compliance-related fields for its 90 deployed high-impact use cases, which include the technology assisting in reviews of results from colonoscopy procedures and breast exams. Four high-impact use cases were rolled back from deployed to pre-deployment or retired, making them exempt from the compliance requirements.\u00a0<\/p>\n While a Department of State spokesperson said none of its AI use cases were decommissioned, one of its high-impact use cases in the inventory uploaded this month has been retired after appearing in a pilot phase in the inventory post earlier this year. The agency\u2019s other two high-impact use cases had fulfilled some of the risk management requirements, but neither use case had information about an established appeal process in the updated inventory.\u00a0<\/p>\n The General Services Administration did not post an AI inventory when other agencies did earlier this year but has since published one<\/a>. A GSA spokesperson said it has thus far not had to terminate any AI use case for non-compliance with its requirements, although its inventory does not categorize use cases by risk level. <\/p>\n The Environmental Protection Agency said it is \u201ccoordinating across internal offices to confirm the status of existing AI use cases and apply the necessary oversight and risk\u2011management practices.\u201d The endeavor includes routine verification steps and ongoing monitoring to determine risk level.\u00a0<\/p>\n \u201cIn line with OMB guidance, EPA will take any necessary corrective actions as part of this standard process,\u201d a spokesperson told FedScoop. \u201cThis effort is underway and reflects the Agency\u2019s commitment to responsible and compliant use of emerging technologies.\u201d<\/p>\n The EPA posted an updated AI inventory<\/a> Tuesday. In it, the agency changed its designation of an AI-powered records management system from high-impact to not high-impact. The agency\u2019s one deployed high-impact use case has not yet met all the requirements.\u00a0<\/p>\n The Department of Energy also reclassified the two deployed high-impact use cases in its April inventory upload. Two use cases from the Oak Ridge National Laboratory, including Copilot Studio and Copilot for Microsoft 365, went from high-impact to not high-impact, thereby exempting them from risk management requirements. The Department of Energy did not respond to FedScoop\u2019s request for comment.\u00a0<\/p>\n Some agencies did not identify any high-impact use cases during its inventory process, including the National Science Foundation, the Nuclear Regulatory Commission and the Small Business Administration.\u00a0<\/p>\n Waivers<\/p>\n As part of the OMB memo, agencies must also publicly report determinations and waivers that they\u2019ve submitted for high-impact use cases.\u00a0<\/p>\n Waivers act as a system-specific and context-specific determination that fulfilling the risk management requirements would \u201ccreate an unacceptable impediment to critical agency operation,\u201d according to the memo.\u00a0<\/p>\n Most agencies don\u2019t mention waivers in their use cases, and a few include it as a possible option but never invoke it.\u00a0<\/p>\n The DOE is one of the only agencies with a waiver in use. The use case, deployed at Los Alamos National Lab, is described as a tool to gain lessons learned from searches of relevant documents. It is categorized as not high-impact, though the risk management requirements are filled out. For the independent review requirement section, DOE said: \u201cAgency CAIO has waived this minimum practice and reported such waiver to OMB.\u201d<\/p>\n While used minimally now, waivers could begin cropping up more often as agencies continue to hone their approach, according to Anex-Ries.\u00a0<\/p>\n \u201cWaivers are worth paying attention to,\u201d Anex-Ries said. \u201cThat could give an indication about how risk management implementation is really going.\u201d<\/p>\n Agencies without public updates<\/p>\n Some agencies did not respond to FedScoop\u2019s request for comment and have not posted updated AI inventories. The departments of Transportation, Commerce, Health and Human Services<\/a> and Justice<\/a> are part of this group of laggards, as is the Department of Homeland Security.\u00a0<\/p>\n \u201cEverybody is interested in how DHS is using AI,\u201d said Darrell West, senior fellow at the Brookings Institution\u2019s Center for Technology Innovation. \u201cThere have been a number of reports about contracts with vendors that use these tools in very intrusive ways \u2026 so people want to know how DHS is monitoring things.\u201d<\/p>\n One of the most controversial high-impact AI use cases<\/a> currently being deployed at DHS is an app called Mobile Fortify<\/a>, which is used for law enforcement operations where agents take photos of an individual and confirm their identity using biometric matching across a database. The agency is also using AI to sift through tips, review mobile device data relevant to investigations and flag intentional misidentification.<\/p>\n
![\"Lindsey](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/IMG_5250-e1764867083701.jpg\")
<\/p>\n