📢 New post: A Deadline in 2030 That Starts in 2026: The Post-Quantum EO and the Crypto Nobody Inventoried · 📝 Also fresh: When the AI Itself Is the Thing That Isn't on the List: M-25-21 and High-Impact AI · 🚦 Beacon — the FedRAMP 20x KSI emitter — design partners open ✨ · 🆕 20x Hub: program reference, kept current · 🧪 Free tool: KSI Quick Check — paste, run, get the verdict
← Blog
AI GovernanceFedRAMPComplianceGRC

When the AI Itself Is the Thing That Isn't on the List: M-25-21 and High-Impact AI

Most of what we've written about AI has been from the inside of the system looking out — the blast radius of an agent, non-human identity, the MCP threat surface. Those are the controls that keep a capable, autonomous thing from becoming a liability. But there's a layer above the controls: governance — the question of which AI systems you're even accountable for, and who in the building owns that answer. For federal AI, that layer stopped being voluntary a while ago, and the deadlines have now mostly come due.

The instrument is OMB Memorandum M-25-21, "Accelerating Federal Use of AI through Innovation, Governance, and Public Trust." Its reputation is as a pro-adoption memo — it's explicitly about removing friction so agencies use more AI, not less. What's interesting, and easy to miss, is that the way it enables more adoption is by insisting on more visibility. You go faster because you can see what you've got.

What M-25-21 stands up

The structural requirements are concrete and personal — they land on named roles, not committees-in-the-abstract:

  • A Chief AI Officer at each agency, designated within 60 days, who actually owns the portfolio.
  • An AI Governance Board convened within 90 days to steer it.
  • An enterprise AI strategy, so adoption is deliberate rather than incidental.
  • A public AI use-case inventory, maintained and refreshed — the running list of where AI is actually deployed.
  • Minimum risk-management practices for any use the agency designates high-impact.

"High-impact" is the load-bearing term. M-25-21 folds the older "rights-impacting" and "safety-impacting" buckets into one category: AI whose output could have a significant consequence for people's rights, safety, civil liberties, or a critical mission outcome. Designate a use high-impact and a floor of obligations switches on — pre-deployment testing, an AI impact assessment, ongoing monitoring, and meaningful human oversight, among them.

The numbers, and the clock

This isn't theoretical anymore. As of April 2026, 56 agencies had submitted inventories covering 3,611 individual AI use cases, of which 445 were classified high-impact. Operational high-impact uses were expected to meet the minimum practices by April 3, 2026, and agencies must report those minimum practices to OMB by September 22, 2026. The scaffolding is built; the obligations are live; the reporting date is this fall.

Sit with that 445 for a second. Those are the federal AI systems whose decisions touch a benefit determination, a screening, a safety call — the ones where being wrong, or being unaccountable, costs someone something real. The memo's bet is that you manage that risk by first knowing the 445 exist, as a maintained list rather than tribal knowledge.

The inventory is the quiet center of all of it

Every requirement in M-25-21 secretly depends on one that sounds like paperwork: the use-case inventory. You can't apply minimum practices to a high-impact system you haven't identified as high-impact. You can't oversee what you haven't enumerated. The CAIO can't govern a portfolio they can't see. The whole apparatus rests on an honest, current list — and an honest list of AI is genuinely hard to keep, harder than most asset inventories.

The reason is that AI doesn't arrive as "an AI system" you procure and rack. It arrives as a feature inside a tool you already bought, a model endpoint a team wired into an existing workflow, a copilot enabled org-wide in a SaaS suite, an agent a platform group stood up to "automate a few tickets." It's the same shadow-IT dynamic we've watched with the gateway nobody scoped and the network gear nobody inventoried — except now the thing hiding from the inventory is the decision-making system itself. "Is it even on the list?" is the first governance question, and for AI it's a surprisingly hard one to answer truthfully.

Where governance meets the agent work

Here's the part that ties back to everything else we write about. The minimum practices M-25-21 asks for — ongoing monitoring, human oversight, pre-deployment testing — are governance language for the engineering controls we've been describing all along. "Ongoing monitoring" of an autonomous system is, in practice, the audit trail at machine scale and the session logs that make its behavior reconstructable. "Meaningful human oversight" is separation of duties and the approval gates that keep a person in the loop where it counts. "Risk management" for an agent is knowing its identity and its blast radius.

So the governance memo and the security posts are describing the same animal from two ends. M-25-21 tells you what you must be able to attest; the controls are how you actually make it true. An agency — or any organization adopting this framework as a model, which plenty outside government will — that has only the policy half ends up writing assessments by hand about systems it can't really observe. The ones who built the observability first find the governance reporting is mostly a matter of querying what they already collect.

The unglamorous capability, again

What makes the September reporting date calm instead of a scramble is, once more, the boring foundation: a real inventory of the AI in your environment, the high-impact ones flagged because the context travels with them, and the monitoring-and-oversight evidence accumulating as a byproduct of running the systems rather than reconstructed before a deadline.

That's the shape of work the Novaprospect audit engine is built around — discovery that surfaces the systems nobody wrote down, context attached so the consequential ones sort themselves, and an evidence trail that turns "report your minimum practices to OMB" into an export instead of an ordeal. Governing AI well starts exactly where securing it does: with an honest answer to what do we actually have running? The list is the hard part. It's also the part everything else stands on.

Reference