OMB's AI Compliance Deadline Just Passed. Several Federal Agencies Missed It.

The Office of Management and Budget set April 3, 2026 as the hard deadline for federal agencies to put real safeguards around their highest-risk artificial intelligence systems. Agencies had two choices: comply or shut the AI down. FedScoop reached out to 28 federal departments to check compliance status. Some passed. Several did not. For Washington DC's federal technology contractor community, the deadline's uneven outcome signals something important: a wave of remediation contracts, compliance audits, and risk management work is about to move through the market.

The rule at the center of this: OMB Memorandum M-25-22, which directed agencies to update their AI policies and implement minimum risk management practices for high-impact AI use cases by December 29, 2025, with the April 3 enforcement date as the operational compliance cutoff. High-impact use cases are those that meaningfully influence decisions affecting individual rights or safety, covering areas like law enforcement, benefits eligibility, healthcare delivery, housing determinations, and credit access. If an agency could not meet the requirements by April 3, it was required to terminate the AI use case entirely rather than continue operating it without safeguards.

What M-25-22 Actually Required

OMB Memorandum M-25-22 laid out a specific compliance checklist for agencies running high-impact AI systems. The requirements were not abstract policy goals. They were concrete operational mandates: pre-deployment testing, impact assessments before launch, ongoing monitoring for adverse outcomes, adequate human training for staff who work with or oversee AI decisions, fail-safes that minimize harm when systems malfunction, consistent appeal processes for individuals affected by AI-driven decisions, and publicly accessible feedback channels for end users. Agencies were also required to maintain an updated AI use case inventory and publish that inventory so the public could see what AI tools were in operation across government.

The policy reflected lessons from years of federal AI deployments that moved too fast without safety infrastructure. Predictive policing tools, benefits processing algorithms, and automated fraud detection systems have all generated controversy when deployed without adequate oversight. M-25-22 was designed to prevent the next round of those problems by forcing agencies to document and validate their systems before the April deadline arrived.

Who Passed, Who Didn't, and What It Means

Among the agencies that met the April 3 deadline: the Department of Labor, NASA, the Department of Veterans Affairs, the State Department, the General Services Administration, and the Environmental Protection Agency. These agencies confirmed compliance steps were completed within the required timeframe. Other agencies reclassified certain AI use cases, removing them from the high-impact category to reduce their compliance burden. A handful appear to have missed the deadline entirely, continuing to operate high-impact AI systems without the required safeguards in place.

That gap matters beyond optics. Agencies running non-compliant AI systems now face two paths. The first is retroactive remediation: bringing existing systems up to the M-25-22 standard as quickly as possible. That process requires external contractors with AI governance expertise to conduct the assessments, build monitoring frameworks, and document appeal processes. The second path is termination of the offending AI use cases, which creates a different kind of contract opportunity: agencies that shut systems down will need help replacing them with compliant alternatives.

Neither path is cheap or fast. Retroactive AI compliance audits for a large agency can run into the tens of millions of dollars when you factor in external assessors, legal review, technical remediation, staff retraining, and the documentation burden required to satisfy OMB's accountability requirements. For DC-area firms in the compliance and IT services space, the agencies that missed the deadline represent near-term revenue. For the longer term, the compliance market will expand because high-impact AI use cases are not going away. The federal government is adding more AI tools, not fewer, and each new deployment triggers the same M-25-22 requirements.

The $75.7 Billion Federal IT Budget and What It Funds

The M-25-22 compliance story lands against a backdrop of record federal technology spending. The Trump administration's FY2027 budget request asks for $75.7 billion in civilian agency IT spending, the highest such request in history. That number is $7.7 billion above projected 2026 spending, representing an 11.3 percent increase. The agencies seeing the largest jumps are exactly the ones most likely to carry significant high-impact AI inventories: VA, Treasury, and the Department of Justice.

The Department of Veterans Affairs is requesting $12.2 billion, a 62 percent increase driven largely by its Electronic Health Records Modernization program. That program is transitioning from a decades-old legacy system to a modern interoperable platform that connects VA records with Defense Department health data. When a system that size connects to DoD networks and affects healthcare decisions for millions of veterans, it falls squarely within the M-25-22 high-impact AI framework the moment any machine learning component is incorporated into clinical decision support or benefits processing.

The Department of Justice is requesting $4.3 billion, a 40.5 percent increase, with a significant portion allocated to zero-trust cybersecurity architecture. DOJ has also separately requested $149 million for its Justice Information Sharing Technology fund, with $110.3 million going to zero-trust migration for both unclassified and national security systems. The department currently operates over 275,000 endpoints and serves approximately 160,000 users. Any AI components within that infrastructure that support law enforcement decisions fall under the highest tier of M-25-22 scrutiny.

Treasury is requesting $6.2 billion, a 48 percent increase. The IRS alone is asking for $728 million for business systems modernization, up from $672 million this year. Tax processing and fraud detection algorithms have historically been among the most consequential AI deployments in the federal government. If any of those systems were classified as high-impact under M-25-22, they are subject to the same compliance requirements that tripped up other agencies in early April.

What This Means for DC Tech Workers and Contractors

The confluence of missed deadlines and record IT budgets creates a specific opportunity structure for Northern Virginia, Maryland, and DC-based technology firms. The immediate need is AI governance. Agencies scrambling to retroactively comply with M-25-22 need firms that can conduct AI impact assessments, build monitoring dashboards, design appeal processes, and document everything in a format that satisfies OMB auditors. This is not a niche skill set. It sits at the intersection of data science, legal compliance, user experience design, and federal contracting knowledge. Firms like Booz Allen Hamilton, Leidos, and SAIC have the scale to absorb large remediation contracts, but mid-size firms in Tysons Corner, Bethesda, and the Dulles corridor can compete on specialized expertise in specific AI platforms or specific agency environments.

Cleared professionals working in data science and machine learning roles at federal agencies face a different set of pressures. If their AI systems were flagged as high-impact and non-compliant, they may be working mandatory remediation timelines for the next several months. Engineers who have never had to write an impact assessment or build a monitoring framework will need to learn those skills quickly. Certifications in AI risk management, including those aligned with the NIST AI Risk Management Framework that M-25-22 frequently references, are gaining practical value for cleared professionals looking to differentiate themselves in a market where AI governance expertise is suddenly in demand.

The zero-trust cybersecurity spending surge at DOJ also creates near-term hiring pressure in the DC metro area. The department's request for $110.3 million in zero-trust migration funding for FY2027, compared to near-flat cybersecurity budgets in 2024 and 2025, represents a significant expansion of scope. That migration work requires security engineers, network architects, and identity management specialists with federal clearances. Firms currently staffed primarily for legacy network security work will need to retool their workforces or bring in specialist subcontractors to compete for the DOJ contracts that will flow from that budget request.

Practical Steps for DC Area Tech Firms

The agencies that missed the April 3 deadline are not going to publicly announce that they missed it. The signals will come through procurement channels: requests for information about AI governance services, sources-sought notices for compliance assessment support, and task order modifications on existing contracts that add AI risk management requirements. Firms tracking federal procurement data through USASpending.gov or GovWin should be watching for these signals now, not in six months when the remediation contracts become competitive and crowded.

Service lines to build immediately include AI use case inventory management (agencies need help cataloging what they have), impact assessment consulting (every high-impact system needs one), and continuous monitoring tooling (M-25-22 requires ongoing oversight, not just a one-time audit). Firms that already hold GSA Schedule contracts should review their approved services to determine whether AI governance work falls within their existing scope or requires a modification.

For individual professionals, the practical move is to get visible on the compliance side of AI work. Writing impact assessments, contributing to agency AI inventories, and documenting monitoring frameworks is less glamorous than building models, but it is where the budget is right now. The $75.7 billion IT request is enormous, and a meaningful slice of it will route through the compliance and governance infrastructure that M-25-22 made mandatory.

• FedScoop: OMB AI risk management deadline hits federal agencies
• Federal News Network: White House asks for record $75.7B for civilian agency IT
• FedScoop: DOJ requests $110.3M for zero-trust cybersecurity
• Nextgov: Agencies missing steps for better AI acquisition, GAO finds
• OMB: FY2027 Budget Analytical Perspectives