Menu

Harden It or Ship It? What the AI Executive Order and NSPM-11 Mean for Government Contractors

Posted on June 10, 2026

Within three days in early June 2026, the White House issued two major artificial intelligence (“AI”) policy directives. On June 2, President Trump signed the Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security (the “EO”). On June 5, he signed National Security Presidential Memorandum/NSPM-11 (the “Memorandum”). Read together, the two actions are designed to achieve two goals at once: protect the government and critical infrastructure from AI-related cyber risk and speed up the adoption of advanced AI across the national security enterprise.

On paper, the EO and the Memorandum fit together. In practice, however, they hand companies and agencies competing instructions. The EO emphasizes security—hardening systems, protecting model intellectual property, and creating a process for reviewing the most capable models before broader release. The Memorandum emphasizes speed and adoption—getting advanced AI tools including, in some cases, open-source systems, into the hands of defense and intelligence personnel quickly.

For government contractors, especially frontier model developers, defense-technology vendors, systems integrators, and critical-infrastructure operators, the challenge will be managing the gap between “secure it first” and “deploy it fast.” This post explains what each directive does, where they create operational tension, and what contractors should expect next.

Two Competing Postures

Both documents contain concrete, deadline-driven assignments for specific agencies. The EO puts early emphasis on cyber defense and on a framework for reviewing the most capable AI models. The Memorandum focuses more heavily on adoption, procurement, computing infrastructure, and assurance. For contractors, the practical question is not just what the government ordered agencies to do, but which of these requirements will show up first in solicitations, contract clauses, security expectations, and technical review processes.

The Executive Order: Harden, Defend, and Review

The EO is primarily a cybersecurity directive, and most of its deadlines fall within 30 to 60 days. In practical terms, it directs agencies to strengthen defenses, coordinate with industry, and create a government process for identifying especially capable AI models that may warrant pre-release review. Its main requirements include:

  • Cyber defense of government systems (30 days): The EO directs the Committee on National Security Systems to prioritize the cyber defense of National Security Systems, and it requires the Secretary of War to do the same for Department of War information systems. In short, the order tells agencies to move quickly to harden sensitive federal systems against AI-enabled threats.
  • CISA Binding Operational Directives (30 days): The Department of Homeland Security, acting through the Cybersecurity and Infrastructure Security Agency (“CISA”), and in consultation with the Office of Management and Budget (“OMB”) must issue Binding Operational Directives and related guidance to accelerate cyber defense across civilian federal systems. The EO also contemplates broader federal support for facilitating access to AI-enabled defensive tools and cybersecurity services, including support for certain critical-infrastructure operators. For contractors, this is one of the clearest signals that near-term cyber requirements could tighten quickly.
  • AI cybersecurity clearinghouse (30 days): The Treasury Department, working with the National Cyber Director, the National Security Agency (“NSA”), and CISA, must establish a clearinghouse to coordinate with industry on vulnerability scanning, validation, remediation, and patching. The model is voluntary, but it points toward deeper government-industry coordination on AI-related cyber risk.
  • Funding and talent (30 to 60 days): OMB must identify federal funding sources that can support advanced AI vulnerability detection, while the Office of Personnel Management (“OPM”) must expand cybersecurity hiring pathways. This suggests the administration views AI security as both a technology problem and a workforce problem.
  • Covered-frontier-model framework (60 days): Treasury, NSA, and CISA—along with other national security and technical officials—must create a classified benchmarking process to determine whether a model qualifies as a “covered frontier model.” They also must design a voluntary process under which developers can give the government up to 30 days of pre-release access, subject to confidentiality, cybersecurity, insider-risk, and intellectual property protections. This is one of the EO’s most notable features because it creates a structured, though voluntary, review path for the most capable models and to help select the trusted partners who receive early access.
  • No mandatory licensing regime: The EO expressly says it does not create a mandatory licensing, preclearance, or permitting regime for developing, publishing, releasing, or distributing AI models. That limitation matters, but contractors should still expect the voluntary framework to carry practical weight in procurement and risk discussions.
  • Criminal enforcement: The Attorney General must prioritize enforcement of existing criminal laws against the use of AI to gain unauthorized access to systems or facilitate other crimes. The EO therefore pairs cybersecurity hardening with a law-enforcement message: misuse of AI will be treated as an enforcement priority.

The Memorandum: Adopt, Procure, and Assure

NSPM-11 replaces the Biden-era National Security Memorandum, NSM-25, and works on longer timelines—mostly 90 to 120 days. It reaches more directly into procurement, operational use, testing, and workforce issues. Organized around four pillars (Adoption, Adaptation, Assurance, and Accountability), the Memorandum is best understood as an implementation document for using AI across defense and intelligence functions at scale. Its main taskings include:

  • Autonomous weapons directive (90 days): The Secretary of War must update Directive 3000.09 on autonomy in weapons systems to account for evolving AI capabilities while preserving the chain of command. This signals that the administration wants faster military AI adoption without abandoning formal human accountability.
  • Contract termination for non-conforming conduct: Agencies are directed, to the maximum extent permitted by law, to terminate contracts for default or convenience when a company shows a repeated pattern of conduct inconsistent with the Memorandum’s policies, including through subcontractor relationships. That makes this provision unusually consequential for industry: it turns broad policy language into a potentially serious contracting remedy, with only limited waiver authority.
  • AI governance policy for national security systems (90 days): The Committee on National Security Systems and OMB must issue an AI governance policy for national security systems, supported by a classified addendum. For contractors, this is a likely source of future compliance expectations for AI used in sensitive government environments.
  • Compute and test range (90 days): The science adviser and OMB must produce a roadmap for advanced computing access, including high-security AI computing facilities and a national security AI test range. This points to future investment in the infrastructure needed to develop, evaluate, and deploy advanced models in classified or otherwise sensitive settings.
  • Procurement overhaul (120 days): Defense and intelligence officials must review and update procurement processes to onboard advanced AI models from multiple vendors more quickly. This is one of the Memorandum’s clearest contractor-facing messages: the government wants faster buying pathways and less delay between commercial availability and government use.
  • Industry security partnerships (120 days): Defense, Energy, the DNI, and NSA must build partnerships with willing companies to protect innovative AI through threat-intelligence sharing, joint red-teaming, personnel vetting, security research, and data-center hardening. For industry, this suggests both new obligations and new opportunities for deeper security collaboration with the government.
  • Talent, curriculum, and an AI National Security Strategic Reserve (120 days): The Memorandum also addresses the workforce challenge. Agencies are encouraged to use special hiring and pay authorities; OPM must establish an AI National Security Strategic Reserve of outside experts; and the DNI and the Secretary of War must develop an AI curriculum for national security personnel.
  • Assurance and TEVV (120 days): Agencies must develop a joint AI risk-management and assurance strategy, along with standardized test, evaluation, verification, and validation (“TEVV”) procedures. This provision matters because it sets the stage for future contract language and program requirements aimed at ensuring that fielded AI systems remain controllable, reliable, and resistant to disruption or unauthorized modification.

Where the Two Pull Apart

  1. Hold It Back vs. Field It Now

The first tension is timing. The EO invites developers of a “covered frontier model” to give the government up to 30 days of pre-release access under confidentiality and security protections. NSPM-11, by contrast, pushes agencies to get the most advanced models into the hands of national security users quickly and to reduce the gap between what is available commercially and what is available inside government systems.

This creates a practical planning issue for companies that both develop frontier models and sell into defense or intelligence markets. The same model may be expected to go through a government review process before release while also being made available to national security users as fast as possible. For contractors, that tension is likely to show up in release schedules, delivery milestones, and customer expectations.

2. Lock It Down vs. Open It Up

The EO’s posture toward covered models is containment: confidentiality, insider risk controls, and protection against theft by adversaries. The Memorandum’s Adaptation pillar pushes outward, directing agencies to adapt commercial and open-source AI from “diverse suppliers across the private sector, large and small” and to stand up to joint AI data and model exchanges across multiple enclaves.

The second tension is between containment and distribution. The EO treats especially sensitive models as something to protect tightly through confidentiality, insider-risk controls, and anti-theft measures. NSPM-11, by contrast, encourages broader adaptation of commercial AI and open-source systems from multiple suppliers and across multiple operating environments. The contradiction becomes sharper in the Memorandum’s assurance language. It says the national security enterprise must ensure, “through contractual clauses or other means,” that no commercial entity or adversary can prevent a system’s use, disable or degrade it, or materially modify it without federal knowledge and approval. That requirement is relatively straightforward for tightly controlled proprietary systems, but much harder to square with open-weight or broadly shareable models, where modification and redistribution are often part of the design. Those goals are not impossible to reconcile, but they do create design and contracting challenges for any contractor offering open-source or open-weight AI into sensitive government environments. That tension is likely to surface through familiar compliance concepts—configuration control, access restriction, integrity protection, and supply-chain accountability—rather than through a standalone AI rulebook.

3. “No Mandatory Licensing” vs. Contract Termination

The EO goes out of its way to disclaim coercion: participation in the covered-model review is voluntary, and nothing authorizes mandatory licensing or preclearance. The regime’s reach is limited by design, with no binding commitments. The Memorandum carries a harder lever, termination for default or convenience for companies whose conduct strays from its policies, reaching down to subcontractors, with only narrow, time-limited waivers.

This is where the distinction between policy and procurement matters most. The EO says the government is not imposing a mandatory licensing or preclearance regime on AI development. But NSPM-11 uses a different vehicle: federal contracts. Because the Memorandum contemplates termination for repeated conduct inconsistent with policy and extends that logic to subcontractor relationships, contractors should expect tougher representations, flow-down terms, audit rights, and diligence requests across the supply chain.

4. Diversify Suppliers vs. Concentrate Among the Trusted Few

The Memorandum’s rationale for Adaptation is explicitly anti-concentration; the companion fact sheet faults the prior administration for “dangerous single-vendor dependencies.” Yet several mechanisms pull toward concentration. In particular, the EO’s early access runs through curated, trusted partners. Recent government AI partnership activity also suggests that the most sensitive opportunities may initially flow to a relatively small group of established providers.

NSPM-11 repeatedly emphasizes the need to avoid overreliance on a single vendor and to expand access to multiple suppliers. At the same time, the EO’s “covered frontier model” process and trusted-partner structure may advantage a relatively small group of frontier providers. That does not eliminate opportunity for smaller companies, especially if procurement reforms reduce onboarding barriers, but it does suggest that the market may continue to favor firms with the most advanced models and the deepest government relationships.

5. Accelerate vs. Assure

This tension lives inside the Memorandum and is amplified by the EO. The Adoption pillar prizes speed and “rapid experimentation and validation.” The Assurance and Accountability pillars demand rigorous TEVV, controllability, and human accountability layered atop the EO’s hardening and pre-release review.

This is the tension a program office will feel most directly because both halves are mandatory and they trade against each other. Neither document offers a formula for resolving the trade, so a program manager told to field faster and test more must choose where to spend a fixed budget of time and money. In practice, the resolution will come from the implementation artifacts, such as the joint assurance strategy, the standardized TEVV methodologies, and the national security systems governance policy, which will set the real floor for how much testing is enough before a capability is fielded. Until that guidance lands, contractors should expect inconsistency across program offices: some will lean toward speed and others toward assurance, and acceptance criteria, contract terms, and documentation demands will vary accordingly.

What This Means for Government Contractors

The tensions above will affect contractors in different ways, but three cross-cutting points stand out regardless of business model or market segment.

  • “Voluntary” participation may still matter in practice: The EO’s covered-model review is optional on paper, but a developer that declines to participate may still face questions from customers, contracting officials, or the public if a later incident raises concerns about safety or security.
  • IP and data protections should be addressed early and explicitly: Before providing a covered model for pre-release review, contractors should make sure confidentiality, cybersecurity, insider-risk, and intellectual property protections are clearly addressed in writing. The same discipline should apply to government data, custom development work, and training-data restrictions.
  • These policies also create opportunities: Data-center hardening, joint red-teaming, threat-intelligence sharing, and other security-support activities could generate new work for contractors. The AI National Security Strategic Reserve may also open new pathways for companies and individuals with advanced AI expertise.

Where AI assurance meets existing compliance frameworks

For defense and national security contractors, the most likely path from policy to enforcement will not be a brand-new AI compliance regime. It will be the incorporation of AI-specific security and assurance expectations into familiar frameworks, especially CMMC, NIST, and related controls. In practice, this means requirements around access control, configuration management, system integrity, logging, supply-chain risk, and change control may become the mechanisms through which agencies operationalize these directives.

The Bigger Picture: Deregulation in Name, Relocation in Practice

It is worth reading the Memorandum against what it replaces. NSM-25’s framework was control-forward with categorical prohibitions, a “high-impact” tier with extensive safeguards, mandatory AI inventories, and Chief AI Officers. NSPM-11 leads instead with speed and adoption, and the fact sheet sells it as cutting “ideological mandates” and bureaucracy.

But the new framework does not eliminate control so much as relocate it. Some guardrails that used to appear as centralized policy restrictions now reappear through assurance requirements, operational governance, and contract remedies. In that sense, the administration’s message may be deregulatory, but the operational burden for contractors may not be lighter—it may simply be structured differently.

Practical Takeaways

Contractors operating at the intersection of these two policies should consider the following steps now:

  • Plan the dual release path: Build the EO’s 30-day review window into model-release planning so a security hold does not blindside delivery milestones.
  • Pressure test open-source claims against the Assurance pillar: If you offer open-weight models, have a defensible answer for how the “no unauthorized modification” guarantee can hold.
  • Map AI assurance to existing compliance controls: Contractors should begin translating AI-specific obligations into existing control frameworks, including CMMC and NIST-based requirements governing access, modification, system integrity, supply chain oversight, and incident response.
  • Map and police supply-chain exposure: Assess upstream model providers, treat censorship, bias, and surveillance provisions as live termination risks (subcontractors included), and secure the flow-down rights and waiver options before you need them.
  • Track the implementation artifacts: The classified covered-frontier-model benchmark, CISA’s Binding Operational Directives, the Treasury Clearinghouse, the updated DoD Directive 3000.09, the national security systems governance policy, and the Memorandum’s classified annex are where these tensions will get resolved.

These two directives are best understood as complementary parts of a single strategy: protect sensitive systems and accelerate national security adoption of AI. But even if the policy direction is unified, the operational path will not be seamless. For contractors and industry, the next phase will turn less on rhetoric and more on how agencies translate these directives into procurement terms, security requirements, and implementation guidance.

Links: