Scope and obligations

Binding on covered federal agencies. Three pillars: (I) strengthen AI governance through agency Chief AI Officers + AI Governance Boards; (II) advance responsible AI innovation including authorized use, talent, and infrastructure; (III) manage risks from agency AI use with mandatory minimum practices for safety- and rights-impacting AI by December 1, 2024. Agencies must publicly inventory their AI uses annually (continuing the EO 13960 + EO 14110 inventory tradition) and report AI procurements quarterly. Attachment 1 sets the operative risk-management minimum practices (AI impact assessment, real-world performance testing, independent evaluation, ongoing monitoring, public notice + plain-language explanation, human oversight + opt-out for rights-impacting uses).

OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI) addresses 3 contested AI-governance topics explicitly, 3 via general principles,.

Topics governed

• implicit
  Foundation Models / GPAI— §5 + Attachment 1 — minimum practices apply to safety- + rights-impacting AI regardless of foundation-model classification; no compute-threshold trigger

  §§5(c)paraphrase

  Before agencies use new or existing safety-impacting or rights-impacting AI, they must implement the minimum practices in this section; if they cannot, they must cease using the AI until compliance is achieved.

  source ↗
• implicit
  AI in Employment— Attachment 1 examples include employment + benefits decisions as rights-impacting; minimum practices apply
• implicit
  AI in Healthcare— Attachment 1 examples include healthcare access decisions as rights-impacting; minimum practices apply
• governs
  Compute-Threshold Reporting— §3(a)(iv)–(v) annual public AI use-case inventory + quarterly AI procurement reporting to OMB

  §§3(a)(v)paraphrase

  Agencies must report to OMB and, as appropriate, publicly release aggregate metrics about their AI use cases that are determined to be safety-impacting or rights-impacting.

  source ↗
• governs
  Transparency Obligations— §3(a)(iv) public AI use-case inventory; Attachment 1 §5(c)(v) plain-language public notice + explanation for rights-impacting AI

  §§3(a)(iv)paraphrase

  Agencies must individually inventory each of their AI use cases at least annually, submit the inventory to OMB, and post a public version of the inventory on the agency website.

  source ↗
• governs
  Individual Redress— Attachment 1 §5(c)(v)(D) human consideration + remedy for rights-impacting AI; opt-out where practicable

  §§5(c)(v)(D)paraphrase

  For rights-impacting AI, agencies must provide timely human consideration and potential remedy through a fallback and escalation process where individuals can appeal or contest adverse decisions.

  source ↗

Cross-jurisdiction comparison

How peer instruments treat the topics OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI) governs.

°= industry self-imposed voluntary framework. Comparing a voluntary code's "governs" tint with a binding regulation's "governs" tint flattens the legal-force distinction; use the instrument-page banner for the operative status of each.

How to cite this article

Policy Window. (2024). OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI) [Wiki article — Instrument]. https://policywindow.org/wiki/omb-m-24-10

Policy Window. 2024. "OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI)." Wiki article (Instrument). https://policywindow.org/wiki/omb-m-24-10.

@misc{policywindow-omb-m-24-10,
  title  = {OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI)},
  author = {Policy Window},
  year   = {2024},
  howpublished = {OMB Memorandum M-24-10 (Mar. 28, 2024), Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence},
  url    = {https://policywindow.org/wiki/omb-m-24-10},
  note   = {Primary source: https://www.whitehouse.gov/wp-content/uploads/2024/03/M-24-10-Advancing-Governance-Innovation-and-Risk-Management-for-Agency-Use-of-Artificial-Intelligence.pdf}
}

Related instruments

• EU AI Act · EU
• OECD AI Principles (Recommendation) · OECD
• Council of Europe Framework Convention on AI · council_of_europe
• Brazil AI Bill (PL 2338/2023) · BR
• General Data Protection Regulation (GDPR) · EU
• GSA Generative AI and Specialized Computing Infrastructure Acquisition Resource Guide · US

Evidence base

Academic & grey-literature sources on the topics this instrument addresses (not commentary on the instrument itself) — catalogued metadata with a primary link, no LLM summaries (charter §7). Browse the full literature index.

• Model Card ↗PreprintMitchell et al. (2019), 'Model Cards for Model Reporting,' FAccT '19
• Deceptive Alignment ↗PreprintHubinger, E., et al. (2019), 'Risks from Learned Optimization in Advanced Machine Learning Systems.'
• Mesa-Optimization ↗PreprintHubinger, E., et al. (2019), 'Risks from Learned Optimization in Advanced Machine Learning Systems.'
• Scalable Oversight ↗PreprintChristiano, P., Shlegeris, B., Amodei, D. (2018), 'Supervising Strong Learners by Amplifying Weak Experts.'
• Capability Elicitation ↗PreprintQi, X., Zeng, Y., Xie, T., Chen, P.-Y., Jia, R., Mittal, P., Henderson, P. (2023), 'Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To!'
• Dual-Use Research Norms (DURC for AI) ↗PreprintSolaiman, I., et al. (2019), 'Release Strategies and the Social Impacts of Language Models' — the canonical articulation of structured-access norms for foundation models.
• Policy Instrument ↗Peer-reviewedLascoumes, P. & Le Galès, P. (2007). Introduction: Understanding Public Policy through Its Instruments — From the Nature of Instruments to the Sociology of Public Policy Instrumentation. Governance 20(1): 1-21. See also Hood (1983) The Tools of Government, ch. 1-2; Salamon (2002) The Tools of Government: A Guide to the New Governance, pp. 1-47; Howlett (2011) Designing Public Policies, ch. 3-5.
• Training-Data Attribution ↗PreprintGrosse, R., et al. (2023), 'Studying Large Language Model Generalization with Influence Functions' (Anthropic) — the canonical articulation of scalable influence-function-based attribution for foundation models.
• Prompt Injection ↗PreprintGreshake, K., Abdelnabi, S., Mishra, S., Endres, C., Holz, T., Fritz, M. (2023), 'Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection.'
• Agentic AI System ↗PreprintYao, S., Zhao, J., Yu, D., Du, N., Shafran, I., Narasimhan, K., Cao, Y. (2022), 'ReAct: Synergizing Reasoning and Acting in Language Models.'
• Tool-Use Safety ↗PreprintWallace, E., et al. (2024), 'The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions' (OpenAI) — the canonical industry articulation of instruction-channel hierarchy as a tool-use-safety defence.
• Multi-Turn Evaluation ↗PreprintZheng, L., et al. (2023), 'Judging LLM-as-a-Judge with MT-Bench and Chatbot Arena' — operationalises the multi-turn evaluation protocol for foundation models.
• Data Poisoning ↗PreprintCarlini, N., et al. (2024), 'Poisoning Web-Scale Training Datasets is Practical' — establishes practical feasibility of poisoning frontier-model training corpora.
• Model Distillation Risk ↗PreprintHinton, G., Vinyals, O., Dean, J. (2015), 'Distilling the Knowledge in a Neural Network' — the foundational distillation paper; the governance-relevant adaptation runs through Alpaca/Vicuna (2023) and DeepSeek-R1 (2025).
• Jailbreak Resistance ↗PreprintZou, A., Wang, Z., Kolter, J. Z., Fredrikson, M. (2023), 'Universal and Transferable Adversarial Attacks on Aligned Language Models' — the canonical demonstration that gradient-based suffix attacks transfer across aligned LLMs.
• Model-Merging Risk ↗PreprintBhardwaj, R., et al. (2024), 'Language Models are Homer Simpson! Safety Re-Alignment of Fine-tuned Language Models through Task Arithmetic' — canonical demonstration that safety training is not preserved under task arithmetic / merging.
• Inference-Time Compute ↗PreprintSnell, C., Lee, J., Xu, K., Kumar, A. (2024), 'Scaling LLM Test-Time Compute Optimally can be More Effective than Scaling Model Parameters' — establishes inference-time-compute scaling as a first-class capability lever.
• Sandbagging ↗Preprintvan der Weij, T., Hofstätter, F., Jaffe, O., Brown, S., Ward, F. (2024), 'AI Sandbagging: Language Models can Strategically Underperform on Evaluations.'
• Hallucination ↗PreprintJi, Z., et al. (2023), 'Survey of Hallucination in Natural Language Generation,' ACM Computing Surveys 55(12): 1-38.
• In-Context Learning ↗PreprintBrown, T., et al. (2020), 'Language Models are Few-Shot Learners' (GPT-3 paper) — the canonical articulation of in-context learning as an emergent capability.
• Retrieval-Augmented Generation (RAG) ↗PreprintLewis, P., et al. (2020), 'Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks,' NeurIPS — the canonical articulation of RAG.
• AI Risk Management Framework | NIST ↗Standards body✦ AIUS voluntary AI risk-management framework (Govern/Map/Measure/Manage).
• ISO/IEC JTC 1/SC 42 - Artificial intelligence ↗Standards body✦ AIInternational committee developing AI standards.
• OECD AI Incidents Monitor, an evidence base for trustworthy AI - OECD.AI ↗Incident database✦ AIOECD tracker of real-world AI incidents and hazards.
• AI Index | Stanford HAI ↗Research institute✦ AIStanford HAI's annual data report on the state of AI.
• Regulation, Policy, Governance | Stanford HAI ↗Research institute✦ AIStanford HAI's regulation & governance research hub.
• Papers & Reports | Epoch AI ↗Research institute✦ AIEpoch AI research on compute, scaling trends & frontier models.
• Artificial Intelligence ↗Research institute✦ AIUS National Academies' AI consensus-study hub.
• Capturing the Potential of Generative AI’s Use in Health and Medicine Requires Collaboration and Oversight, Consideration of Risks, Says NAM Special Publication ↗Research institute✦ AINAM special publication on generative AI in health & medicine.
• One Hundred Year Study on Artificial Intelligence (AI100) ↗Research institute✦ AIStanford's standing century-long study of AI's societal impact.
• Measuring up | Ada Lovelace Institute ↗Civil society✦ AIAda Lovelace Institute policy briefing.
• Anthropomorphic AI terms create gaps in accountability | Brookings ↗Think tank✦ AICommentary on how anthropomorphic AI language obscures accountability.

References

1. OMB Memorandum M-24-10 (Mar. 28, 2024), Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence
2. §5 + Attachment 1 — minimum practices apply to safety- + rights-impacting AI regardless of foundation-model classification; no compute-threshold trigger
3. Attachment 1 examples include employment + benefits decisions as rights-impacting; minimum practices apply
4. Attachment 1 examples include healthcare access decisions as rights-impacting; minimum practices apply
5. §3(a)(iv)–(v) annual public AI use-case inventory + quarterly AI procurement reporting to OMB
6. §3(a)(iv) public AI use-case inventory; Attachment 1 §5(c)(v) plain-language public notice + explanation for rights-impacting AI
7. Attachment 1 §5(c)(v)(D) human consideration + remedy for rights-impacting AI; opt-out where practicable