Artificial Intelligence: OMB Action Needed to Address Privacy-Related Gaps in Federal Guidance

What GAO Found

GAO convened a panel of experts who identified privacy risks and challenges associated with the use of artificial intelligence (AI), which align with GAO’s prior reporting on AI use. For example, the experts noted that using AI may reveal sensitive information in raw data sets, potentially exposing personal and private information, among other privacy risks. At the same time, the experts identified several challenges that federal agencies face in addressing these risks. These include the lack of technology to implement AI with appropriate privacy protections and the potential performance tradeoff when adjusting or removing certain data for the sake of privacy.

The Office of Management and Budget (OMB)’s government-wide AI guidance does not fully address all the identified privacy-related risks and challenges. Specifically, OMB’s guidance does not specify the types of known privacy-related risks that agencies should consider when establishing policies to address privacy in AI. OMB’s guidance provides direction on addressing two challenges identified by the panelists: the need for enhanced skills among the federal workforce to effectively implement AI and the ability to accelerate and scale the implementation of AI systems with privacy protections. However, the guidance does not fully address the remaining eight challenges.

Extent to Which the Office of Management and Budget’s Government-wide Guidance Addressed 10 Selected Expert-identified Privacy-related Challenges When Using Artificial Intelligence (AI), as of January 2026

Given the risks and challenges, additional guidance from OMB could help ensure agencies take appropriate steps to protect the privacy of sensitive data when using AI. OMB could also use existing mechanisms, such as the Chief AI Officer Council or Federal Privacy Council, as forums for interagency information-sharing about strategies or best practices for addressing AI-related privacy challenges. Without this additional direction, risks are increased that agencies’ use of AI would disclose sensitive data, or compromise privacy in other ways.

Why GAO Did This Study

AI is rapidly evolving and has significant potential to transform society and people’s lives. Further, surges in AI capabilities have led to a wide range of innovations with substantial promise for improving the operations of government agencies. However, AI can also pose significant risks to individuals, groups, and organizations. As a result, when agencies use AI to carry out their missions, they need to consider privacy-related risks and challenges. They also need to ensure that they have implemented appropriate risk management and privacy controls to protect the private information of the American public.

In this report, GAO (1) describes the risks and challenges associated with protecting privacy when using AI and (2) examines the extent to which OMB addressed these risks and challenges in government-wide guidance.

To do so, GAO assembled a panel of experts and compiled a non-exhaustive list of privacy risks and challenges associated with AI. GAO also reviewed OMB’s AI-related guidance to determine if it highlighted the specific types of privacy risks identified by the experts. Further, GAO compared OMB’s AI-related government-wide guidance to 10 selected challenges to determine if they could be addressed by the contents of the guidance.