OMB’s AI risk management deadline hits federal agencies, but not all were ready - The Daily Scoop Podcast

Summary4 min read

The Daily Scoop Podcast — Episode Summary

Episode: OMB’s AI risk management deadline hits federal agencies, but not all were ready
Date: April 10, 2026
Host: Billy Mitchell

Overview

This episode focuses on the recent Office of Management and Budget (OMB) deadline requiring federal agencies to implement stringent risk management practices for high-impact uses of artificial intelligence (AI). Host Billy Mitchell details which agencies met the new standards on time, which lagged behind, and the broader implications for federal tech policy. The episode also explores the Department of Justice’s (DOJ) major funding request to bolster zero trust cybersecurity in response to evolving threats and prior breaches.

Key Topics & Insights

1. OMB’s AI Risk Management Deadline (00:33–03:14)

Deadline Details:
The OMB mandated that all federal agencies either implement minimum risk management practices for high-impact AI use cases by April 3rd or discontinue them. These practices include:
- Pre-deployment testing
- Impact assessments
- Ongoing adverse impact monitoring
- Adequate human training and assessment
- Fail safes to minimize harm
- Consistent appeal processes
- User feedback mechanisms
Agency Compliance:
Out of 28 queried federal agencies:
- Compliant: Department of Labor, NASA, VA, State Department, GSA, EPA.
- Others: Some reclassified use cases or had minor outstanding requirements.
- Laggards/Missed Deadline: Departments of Transportation, Commerce, Health and Human Services, Justice, and Homeland Security either missed the deadline, did not respond, or failed to post updated AI inventories.
  
  "Some agencies fulfilled the requirements... while others reclassified use cases or still have a couple boxes to check. A few appear to have missed the deadline entirely."
  — Billy Mitchell (00:54)
Waivers:
- Agencies could apply for waivers if compliance would impede critical operations.
- Most agencies did not mention waivers; where mentioned, they were not commonly used.
  
  "Waivers act as a system specific and context specific determination that fulfilling the risk management requirements would create an unacceptable impediment to critical agency operation."
  — Billy Mitchell quoting OMB memo (02:20)

2. DOJ’s Zero Trust Cybersecurity Funding Request (03:15–06:34)

Budget Request Summary:
DOJ is seeking a massive boost ($110 million increase, total of $149 million) in fiscal 2027 for its Justice Information Sharing Technology Fund, specifically earmarked for transitioning to a zero trust architecture for its unclassified and national security systems.
Historical Context:
- The SolarWinds cyberattack (2020) prompted a government-wide push for zero trust models, especially after DOJ itself was impacted.
- Despite the urgency, DOJ’s cyber funding was cut by $108 million in FY 2024 and has since remained flat.
Significance of the Request:
- DOJ supervises over 275,000 endpoints and 160,000 users.
- The current funding is insufficient to support modern, robust defenses.
- Without full zero trust implementation, DOJ remains highly vulnerable to breaches, jeopardizing sensitive law enforcement and national security systems.
  
  "Enacted funding levels over the past three years are below the level required to cover DOJ's over 275,000 endpoints and approximately 160,000 users, adding that the current funding levels impact the Department's current defenses and constrain its ability to adapt to evolving threats..."
  — Billy Mitchell quoting DOJ budget justification (05:13)
  
  "The Department's cyber risk exposure and its susceptibility to major breaches and catastrophic cyber incidents... increases."
  — DOJ budget document via Billy Mitchell (06:18)

Notable Quotes

On AI Risk Management Requirements:

"As outlined by an Office of Management and Budget memo, uses considered high impact are required to comply with minimum risk management practices..."
— Billy Mitchell (01:25)
On DOJ Cybersecurity Vulnerabilities:

"Justice was among the federal agencies impacted by the SolarWinds incident."
— Billy Mitchell (04:25)

Timestamps for Important Segments

00:33 — OMB’s AI risk management deadline recap
01:25 — Details of minimum risk management practices required
02:20 — Explanation of waivers and their context
03:15 — DOJ’s request for zero trust architecture funding
04:25 — Historical funding issues post-SolarWinds
05:13 — DOJ’s defense and risk posture challenges

Memorable Moments

The clear naming and shaming of lagging agencies highlights real challenges to federal tech modernization.
The poignant contrast between escalating threats and flat (or declining) federal cybersecurity funding gives urgency to the DOJ’s request.

This episode provides a thorough, timely look at two of the most pressing issues facing government IT leaders: the tension between ambitious policy mandates around emerging technology and the very real resource or organizational obstacles agencies face in execution. The host’s focus on specifics and agency responses gives listeners a sense of who’s keeping up—and who’s at risk.

Loading summary

Transcript1 lines

[00:00]
A
Today on the Daily Scoop Podcast from the Scoop News Group, OMB's AI risk management deadline hits federal agencies, but not all were ready and the Department of Justice wants $110 million to boost zero trust cybersecurity in fiscal 2027. It's Friday, April 10, 2026. Welcome to the Daily Scoop Podcast, where you hear the latest news and trends facing government leaders. I'm the host of the Daily Scoop Podcast, Billy Mitchell. Thanks so much for joining me. And now let's dive into the day's top headlines. The deadline for federal agencies to implement risk management practices for high impact AI use cases or to terminate them has come and gone, but a handful of departments are still working to complete their requirements. FedScoop reached out to 28 federal agencies to inquire about the steps they have taken to ensure compliance with the April 3rd timeframe. Some agencies fulfilled the requirements like the Department of Labor, NASA, the va, State Department, GSA and the epa, while others reclassified use cases or still have a couple boxes to check. A few appear to have missed the deadline entirely. As outlined by an Office of Management and Budget memo, use is considered high impact are required to comply with minimum risk management practices, which include pre deployment testing, impact assessments, adverse impact monitoring, adequate human training and assessments, appropriate fail safes that minimize harm, consistent appeal processes and options for end users to submit feedback. As part of the OMB memo, agencies must also publicly report determinations and waivers that they've submitted for high impact use cases. Waivers act as a system specific and context specific determination that fulfilling the risk management requirements would create an unacceptable impediment to critical agency operation, according to the memo. Most agencies don't mention waivers in their use cases, and a few include it as a possible option but never invoke it. Some agencies did not respond to FedScoop's request for comment and have not posted updated AI inventories by the April 3 deadline. The departments of Transportation, Commerce, Health and Human Services and Justice are part of this group of laggards and as is the Department of Homeland Security. In other news, the Department of Justice is asking Congress for a major Boost in fiscal 2027 to the fund it uses to support IT modernization and enterprise cybersecurity, with the entire increase going directly to the agency's Zero Trust cybersecurity architecture. DOJ has requested $149 million for its Justice Information Sharing Technology Fund as part of the Trump administration's fiscal 2027 budget requests. Congress appropriated $38.5 million for the program in the past two fiscal years. The primary difference between this request and the funding enacted in the most recent years prior is the $110.3 million that DOJ says it needs to support its migration to a zero trust architecture for its unclassified and national security systems. To put that into perspective, justice requested a more meager $11.8 million increase to the GIST funds top line in fiscal 2026 for cybersecurity posture, en which it did not get in its Congressional budget justification for 2027. Justice explains that despite an industry wide shift to zero trust as the cybersecurity model of choice in response to the SolarWinds attack on federal agencies in 2020, its funding for cyber was cut by $108 million in fiscal 2024 and has remained essentially flat since then. Justice was among the federal agencies impacted by the SolarWinds incident. The budget document states, quote, enacted funding levels over the past three years are below the level required to cover DOJ's over 275,000 endpoints in approximately 160,000 users, adding that the current funding levels impact the Department's current defenses and constrain its ability to adapt to evolving threats without a full move to zero trust, which the Biden administration mandated in its Cyber focused Executive Order 14028 in May 2021 in the wake of the SolarWinds breaches. Justice says in the justification that, quote, the Department's cyber risk exposure and its susceptibility to major breaches and catastrophic cyber incidents compromising DOJ's capacity to safeguard sensitive law enforcement, national security and mission critical systems or infrastructure increases. For more news at the intersection of the federal government and technology, make sure to visit fedscoop.com thanks so much for tuning in to another episode of the Daily Scoop Podcast, available on all podcast platforms. If you've already rated the podcast on your platform of choice, thanks so much. High ratings and good reviews of the show help more people to find it. The Daily Scoop Podcast is a production of the Scoop News Group in Washington, dc. Adam Butler and Carlin Fisher help put the show together and the entire Scoop News Group team contributes. We'll be back next week with more top headlines. Until then, I'm your host Billy Mitchell. Thanks so much for listening.