VA M-25-21 and High-Impact AI: The Governance Layer Vendors Keep Missing
There are three separate gates between an AI tool and a production deployment at the VA, and vendors routinely conflate them. Procurement decides who can win the contract. The ATO and VAEC process decides how the system gets technically authorized. And OMB Memorandum M-25-21 decides how the AI itself is governed — whether it’s allowed to make, or shape, a decision that affects a veteran. This is the governance gate, and it’s the one that quietly kills tools after they’re built. If an AI tool’s output is the principal basis for a decision with legal, material, binding, or significant effect, it is “high-impact,” and the VA must document seven minimum risk-management practices for it — or discontinue the use case.
This is the AI-governance spoke under the VA AI modernization pillar, and the companion to the ATO/VAEC/FedRAMP mechanics. The three capability spokes each invoke “high-impact AI under M-25-21” and defer the full treatment here.
What is M-25-21, and what changed?
M-25-21, “Accelerating Federal Use of AI through Innovation, Governance, and Public Trust,” was issued April 3, 2025, replacing the Biden administration’s M-24-10. Its companion, M-25-22, issued the same day, governs AI acquisition; both implement Executive Order 14179, which revoked the prior EO 14110. The headline change for vendors: M-24-10 split AI into separate “rights-impacting” and “safety-impacting” tiers with extra obligations on the rights side; M-25-21 collapses those into a single high-impact category with a tighter “principal basis” test. The memo is framed as pro-innovation — it drops the explicit NIST AI Risk Management Framework references and M-24-10’s algorithmic-discrimination and opt-out mechanics — but it preserves the operational core: minimum practices, governance bodies, public inventories, and transparent waivers. The thing to internalize is that this isn’t a paperwork exercise the VA can defer. It has integrated the AI use-case review directly into its RMF/ATO, FITARA, and system-registry intakes, which means the governance evidence is now a gate to deployment.
What counts as “high-impact AI”?
The definition is precise, and worth reading as written: high-impact AI is “AI with an output that serves as a principal basis for decisions or actions with legal, material, binding, or significant effect” on civil rights or privacy, access to government programs and benefits, human health and safety, or critical infrastructure. The determination is a two-step test: does the use case fall within one of the memo’s presumed-high-impact categories, and does it independently meet that “principal basis” definition? For the VA, the categories that bite most often are the medical one — diagnosis, risk assessment, treatment, medical-device functions — and the benefits one: adjudication of requests for critical federal benefits and eligibility determinations. A presumption can be rebutted in writing if the AI isn’t actually the principal basis for the decision, which is exactly why agencies file “presumed high-impact but determined not” entries. The critical point for a vendor: the VA Chief AI Officer makes this determination, in writing, per use case — not the contracting officer (CO), and not you.
What are the seven minimum practices — and what do they require of a vendor?
For deployed high-impact AI, all seven had to be documented by April 3, 2026. Each maps cleanly to an artifact a vendor can deliver.
| Minimum practice | What the vendor produces |
|---|---|
| Pre-deployment testing | A test plan and results against representative VA data — for RAG, retrieval precision and hallucination rates; for claims AI, agreement rates with human adjudicators on a held-out set |
| AI impact assessment | The load-bearing document: intended purpose, expected benefit, data quality, privacy/rights impact and mitigations, reassessment schedule, cost analysis, independent review, signed risk acceptance |
| Ongoing monitoring | A monitoring/observability plan and live dashboards — drift detection, performance over time, scheduled human review, traceable mitigations |
| Human training and assessment | A curriculum for VA operators: what the model can and can’t do, failure modes, escalation paths, competency checks |
| Human oversight and intervention | A human-in-the-loop design doc: where a human reviews, approves, or overrides; the named accountable role; fail-safe behavior |
| Consistent remedies or appeals | An appeal pathway that hooks into the VA’s existing benefits or clinical appeal mechanisms, with audit trail |
| End-user and public feedback | A feedback mechanism and a documented loop back into design changes |
There’s a pilot exemption: a limited-scale, limited-duration pilot can proceed under a CAIO certification before the full regime attaches. That’s the right initial posture — but the moment a tool exits pilot, all seven apply. And the enforcement mechanism is blunt: a non-compliant high-impact system gets a Risk Management Framework Denial of Authority to Operate or is blocked at the VA boundary. The governance gate is enforced by killing the ATO.
How does the VA govern this internally?
Through a named stack. The Chief AI Officer, inside the Office of the CTO, owns it — Charles Worthington authored the VA’s September 2025 M-25-21 compliance plan as CAIO and CTO, then announced his departure in March 2026, with Kimberly McManus stepping in as acting CAIO. (That transition is worth verifying before relying on a specific name.) Clinical AI runs through the VHA National AI Institute. Sitting underneath is the VA Trustworthy AI Framework (July 2023) and its six principles — purposeful, effective and safe, secure and private, fair and equitable, transparent and explainable, accountable and monitored — which the VA confirmed is consistent with M-25-21. The cleanest way to hold the three layers in your head: the Trustworthy AI Framework is the values layer, M-25-21’s minimum practices are the operations layer, and the ATO/VAEC/FedRAMP stack is the security layer — and the VA’s 60-day accelerated AI ATO is the technical onramp the governance evidence rides on top of.
The public accountability artifact is the AI use-case inventory. The VA’s 2025 inventory lists 367 individual use cases, 215 marked high-impact at submission — the most of any federal agency; at the April 2026 deadline the VA reported its deployed high-impact cases compliant, with a handful rolled back to pre-deployment or retired. Waivers are the pressure valve, and a tight one: only the CAIO can grant one, it must be reported to OMB within 30 days, recertified annually, and summarized publicly — and the VA has issued zero. A vendor should not assume a waiver is available to paper over a missing practice.
What does this mean for an SDVOSB AI vendor?
It reframes the sale. A VA program manager buying AI in 2026 is operating under a deadline that has already passed for existing systems, a public inventory that names their use case, an independent CAIO review, and an OMB-visible waiver process. A vendor who shows up with a working prototype and no governance artifacts adds risk to that buyer. A vendor who shows up with the artifacts already drafted removes it. That’s the whole differentiator, and it’s a genuine one — not a deck, but the actual document set the CAIO team reviews.
| Artifact | Why it’s load-bearing |
|---|---|
| Draft AI impact assessment | The CAIO sign-off document — intended use, benefit, mitigations, signed risk acceptance |
| Model card | Capabilities, limits, training data, evaluation results |
| Test / eval plan + results | Hallucination, citation-validity, agreement-with-human-rater on a held-out set |
| Monitoring plan | Drift detection, dashboards, scheduled review cadence |
| Human-in-the-loop design | Named accountable role, fail-safe behavior, override paths |
| Appeal / remedy pathway | Hooks into existing benefits or clinical appeals; audit trail |
| Drafted inventory entry | Ready for the public AI use-case inventory the day of go-live |
| Bias / fairness assessment | Trustworthy AI Framework alignment (not strictly required by M-25-21 but expected) |
The determination shapes which capability you’re selling:
- Claims automation / ADS → almost always high-impact, because the output bears on a benefits adjudication. Treat it as high-impact by default, do the full seven-practice package, and wire the appeal pathway into the existing claims-appeal process.
- Document automation → fact-dependent. Pure summarization or extraction for a human reviewer generally isn’t high-impact; the moment the output drives a coding decision or a determination, it crosses the line. Get the call in writing from the CAIO team.
- RAG policy assistants → typically not high-impact when the output is a retrieved, cited policy answer for a human reader — and high-impact only if that answer becomes the principal basis for an action.
One more layer that’s easy to miss: the procurement memo M-25-22 hard-wires these obligations into the contract. Solicitations issued on or after September 30, 2025 must include clauses requiring compliance with the minimum practices for high-impact uses, prohibiting training commercial models on non-public VA data, clarifying IP and data rights, and preventing vendor lock-in. If your standard agreement doesn’t already allow data restrictions, portability, and continuous government testing, fix it before you bid. (Security-framework positioning — why FedRAMP-aware and not CMMC — is its own argument, covered in the compliance positioning sibling; M-25-21 governance is separate from, and stacks on top of, that.)
Frequently asked
Is my use case high-impact?
Who decides?
What if we miss the deadline?
Can we deploy a generative AI tool that isn't VA-authorized?
Do the M-25-22 clauses hit my T4NG2 task order?
Working with Truvisory
Truvisory is an SBA-verified SDVOSB founded by a combat veteran. We have no prior VA past performance to claim — what we bring is a Cloudflare-native, FedRAMP-aware delivery method built M-25-21-aligned from the first sprint: the AI impact assessment, eval harness, human-in-the-loop design, and appeal pathway as standard deliverables, not afterthoughts.
If you’re a VA program owner or contracting officer facing a high-impact use case and a compliance clock, that drafted artifact kit is what gets you to deployment instead of a Denial of Authority to Operate. Book a scoping call — ideally before the solicitation drops, not after. For how the system gets authorized, see the ATO/VAEC/FedRAMP guide; for the capabilities this governs, document automation, the RAG policy assistant, and claims automation; and the VA AI modernization pillar for the whole picture.