AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← News
Regulatory2026-05-05

Microsoft, Google DeepMind, and xAI Grant U.S. Government Pre-Release Access to Frontier AI Models

Via NIST / CAISI

What happened

On May 5, 2026, the Center for AI Standards and Innovation (CAISI), a division of the National Institute of Standards and Technology within the U.S. Department of Commerce, announced that Microsoft, Google DeepMind, and xAI had each signed formal agreements detailed in CAISI Signs Agreements Regarding Frontier AI National Security Testing With Google DeepMind, Microsoft and xAI granting U.S. government evaluators pre-release access to frontier AI models for national security assessment. Under the arrangements, participating companies provide model versions with safety guardrails partially or fully removed, enabling CAISI reviewers and the cross-agency TRAINS Taskforce to probe capabilities and risk profiles in classified testing environments. CAISI Director Chris Fall described independent measurement science as essential to understanding frontier AI's national security implications, and the agency reports having completed more than 40 such evaluations to date, including assessments of models not yet publicly released. The new agreements expand a program that previously covered only Anthropic and OpenAI, both of which renegotiated their CAISI arrangements to align with the AI Action Plan issued by President Trump in early 2025, which directed the Commerce Department to pursue structured engagement with frontier AI developers.

Why it matters

  • ·The rapid expansion of CAISI's pre-deployment review program signals intensifying federal scrutiny of frontier AI capabilities across national security, defense, and critical infrastructure dimensions, and participation may increasingly function as an informal condition of operating at scale in the U.S. market even where it remains formally voluntary.
  • ·Enterprises integrating frontier models from Microsoft, Google DeepMind, or xAI into regulated or sensitive use cases must account for government model access arrangements in their third-party AI risk assessments and vendor due diligence processes, as guardrail-removed model versions may expose capability and data handling risks not reflected in standard commercial terms.
  • ·If the current voluntary framework evolves toward mandatory pre-deployment notification requirements, procurement timelines, contractual obligations, and internal AI governance program design could be materially affected, aligning U.S. practice more closely with the EU AI Act's systemic-risk notification requirements for general-purpose AI models.

Governance controls affected

CHM-002Pre-Production Approval GateCMP-002International AI Standards Monitoring WorkflowCMP-005Regulatory Engagement Process for AI Standards DevelopmentHOC-001AI Risk ClassificationPRC-001Third-Party AI Risk AssessmentPRC-002AI Vendor Contract RequirementsSAF-005Red-Teaming and Adversarial Testing

What to do now

  • Update third-party AI risk assessments for Microsoft, Google DeepMind, and xAI to explicitly document the CAISI pre-deployment access arrangements and their implications for capability disclosure and data handling.
  • Review vendor contracts with frontier AI providers to determine whether government model access clauses require notification obligations or create new liability considerations under PRC-002 vendor contract requirements.
  • Incorporate the CAISI evaluation program into your AI risk classification process under HOC-001, particularly for use cases touching regulated sectors, critical infrastructure, or national security-adjacent functions.
  • Engage legal and procurement teams to assess whether future mandatory pre-deployment notification requirements would affect existing procurement timelines and trigger renegotiation of AI vendor agreements.
  • Flag frontier model integrations in your pre-production approval gate review process under CHM-002 to ensure governance sign-off accounts for government access arrangements and guardrail-removal scenarios.

What to watch next

Compliance teams should monitor whether the U.S. Commerce Department or NIST issues formal guidance converting the current voluntary CAISI pre-deployment review program into a mandatory notification requirement, which would represent a significant shift in U.S. AI governance practice. Teams should also track whether additional frontier AI developers beyond the current five sign CAISI agreements, as broader industry participation could accelerate regulatory expectations around pre-deployment government access. Developments in the EU AI Act's enforcement posture toward general-purpose AI models with systemic risk may provide an early signal of how mandatory pre-deployment evaluation frameworks are operationalized in peer jurisdictions.