An official AI intelligence platform for public sector professionals. All content generated and verified by Astra.
policy-brief

Auditing federal AI for bias and discriminatory outcomes

Published: Mar 4, 2026 Verified 2026-05-07 MEDIUM All executive agencies deploying or procuring AI for decisions affecting safety, rights, benefits eligibility, hiring, law enforcement, health, and public services โฑ 7 min read

Bottom line

Federal policy now obligates agencies to evaluate, test, and continuously monitor AI systems for discriminatory outcomes wherever those systems could affect safety or rights, grounded in Executive Order 14110 and OMB M-24-10's mandatory governance and risk management requirements12. NIST's AI Risk Management Framework and bias guidance specify socio-technical practices to detect and mitigate harmful bias across the AI lifecycle, making formal audits of disparate impact and subgroup performance a necessary control for federal missions34. Civil rights enforcement agencies have stated they will vigorously enforce anti-discrimination laws against automated systems, further elevating audit expectations for government AI use and procurement567.

What federal directives require

  • Executive Order 14110 directs agencies to protect Americans from AI-enabled discrimination, including explicit mandates to advance equity and civil rights and to govern federal AI use through inventories, assessments, and oversight1.
  • OMB M-24-10 requires agencies to establish AI governance (including Chief AI Officers), maintain AI use case inventories, and implement minimum risk management practices for AI affecting safety or rights, including testing, evaluation, and ongoing monitoring to identify and mitigate harms such as discriminatory outcomes before use and throughout operation2.
  • NIST's AI Risk Management Framework (AI RMF 1.0) sets out Map, Measure, Manage functions, calling for valid, reliable measurement of harmful bias, documentation of metrics and methods, and continuous monitoring to address disparities across populations3.
  • OSTP's Blueprint for an AI Bill of Rights articulates Algorithmic Discrimination Protections, calling for proactive equity evaluations, representative data, and continuous monitoring with mitigations where disparate impacts are found8.
  • GAO's AI Accountability Framework guides federal entities to integrate governance, data quality, performance assessment, and monitoring, including documenting risk controls and outcomes relevant to fairness and non-discrimination9.

Why audits for discriminatory outcomes are mandatory in practice

  • Anti-discrimination statutes apply to federal programs and activities regardless of whether decisions are mediated by algorithms; Title VI prohibits discrimination based on race, color, or national origin in programs receiving federal financial assistance, requiring agencies to ensure their AI systems do not produce discriminatory effects6.
  • Section 504 of the Rehabilitation Act prohibits discrimination on the basis of disability in federal programs, requiring accessible, non-discriminatory AI-enabled services and decision processes7.
  • Civil rights enforcers (DOJ, CFPB, EEOC, FTC) have jointly warned that automated systems can perpetuate unlawful bias and that agencies will enforce existing laws against such systems, underscoring a need for audits to detect and mitigate discriminatory outcomes5.
  • EEOC technical assistance clarifies adverse impact analysis for AI-based selection tools under Title VII, reinforcing the expectation for statistical impact testing and documentation when algorithmic decision aids are used in employment contexts10.
  • DoD's AI Ethical Principles include a commitment to "equitable" AI, requiring steps to minimize unintended bias, which supports systematic testing and evaluation for fairness in defense AI deployments11.

What to audit: scope, metrics, and documentation

  • Lifecycle scope: audits must cover data collection, feature engineering, model training, evaluation, deployment, and post-deployment monitoring, consistent with AI RMF's socio-technical approach3.
  • Bias types: NIST SP 1270 identifies computational/statistical bias, human/cognitive bias, and systemic/social bias, requiring techniques that address each, not just model metrics4.
  • Fairness testing: evaluate error rates, calibration, and utility across protected classes and relevant subgroups; measure disparate impact (e.g., selection rate ratios consistent with the Uniform Guidelines) and document thresholds, rationale, and mitigations12.
  • Real-world monitoring: implement continuous performance and equity monitoring with mechanisms to detect distributional drift, emergent disparities, and context shifts; record incidents and corrective actions in governance artifacts per OMB M-24-10 and NIST AI RMF23.
  • Transparency artifacts: maintain AI impact assessments, data documentation, model cards, and decision policies aligned to OMB inventory and assessment requirements2.

Procurement and vendor obligations

  • OMB M-24-10 directs agencies to manage procurement to support AI risk management, including obtaining documentation and information necessary to conduct impact assessments, testing, and ongoing monitoring for AI that affects safety or rights2.
  • Contracts should include access to model documentation, performance data by subgroup, and the ability to test and monitor models and updates, consistent with OMB's minimum practices and NIST RMF measurement principles23.

Oversight, governance, and accountability

  • Agencies must designate Chief AI Officers and establish governance mechanisms to oversee AI risk management, including fairness testing and monitoring for AI that may impact safety or rights2.
  • GAO's framework recommends clear accountability, documentation of risk controls, and traceability to decisions, which supports auditability and Inspector General review9.
  • The OSTP Blueprint emphasizes public reporting and community engagement commensurate with risk, which can be met via OMB's AI inventories and agency transparency practices for significant use cases82.

Methods aligned to NIST guidance

  • Measurement plans: define fairness objectives, protected attributes, target metrics, and acceptance criteria; ensure methods are valid and reliable per AI RMF guidance3.
  • Data representativeness: assess and remediate sampling and labeling issues that drive systemic bias; document data lineage and governance decisions43.
  • Evaluation rigor: use stratified evaluation, counterfactual analysis where appropriate, and stress tests for subgroup robustness; record limitations and residual risks and obtain risk acceptance where applicable3.
  • Continuous monitoring: establish triggers for model retraining, thresholds for fairness metrics, and escalation pathways for governance boards when disparities arise32.

Microsoft platform context where applicable

  • Azure for US Government attests FedRAMP High and DoD SRG Impact Level authorizations for applicable services, supporting deployment of audited AI workloads within accredited environments for federal missions1314.
  • Azure Machine Learning's Responsible AI dashboard provides tooling for fairness assessment, error analysis, and explanation across subgroups, which agencies can use to implement NIST-aligned measurement and documentation in their audit workflows153.
  • Azure Policy enables enforcement of governance configurations, tagging, and compliance controls across AI resources, supporting auditable configurations and continuous monitoring requirements162.

Implementation checklist for agencies

  • Establish governance: appoint CAIO, define AI risk management roles, charters, and escalation pathways per OMB M-24-102.
  • Inventory and triage: catalog AI use cases, classify those that affect safety or rights, and prioritize impact assessments and audits accordingly2.
  • Adopt AI RMF practices: implement Map-Measure-Manage with explicit fairness objectives, metrics, and monitoring plans3.
  • Conduct bias audits: perform adverse impact and subgroup performance testing; document methods and findings; remediate and re-test before deployment1242.
  • Contract for auditability: require vendor disclosures, test interfaces, and update notifications; include terms enabling independent verification and continuous monitoring aligned to OMB guidance2.
  • Publish and report: update public AI inventories and internal governance records; track incidents and corrective actions; prepare for oversight reviews per GAO guidance29.

Areas of tension and uncertainty

  • Voluntary versus mandatory: NIST AI RMF is voluntary guidance, but OMB M-24-10 operationalizes its practices as expectations for federal agencies, creating a de facto requirement to adopt RMF-aligned processes for AI impacting safety or rights32.
  • Metric choice trade-offs: NIST SP 1270 cautions that fairness metrics can conflict and that socio-technical context matters; agencies should document rationale and acceptances where constraints prevent simultaneous optimization4.
  • External audits: OMB M-24-10 requires testing, evaluation, and monitoring but does not universally mandate third-party audits; agencies should determine the appropriate independence level case-by-case within governance processes2.

Mission implications

Rigorous audits for discriminatory outcomes are not optional for federal AI-they are necessary to comply with civil rights obligations, execute OMB's risk management directives, and meet NIST's measurement and monitoring practices623. Agencies that operationalize these audits reduce legal exposure, improve mission effectiveness, and uphold public trust in AI-enabled services29.

1: Executive Order 14110 - https://www.whitehouse.gov/briefing-room/presidential-actions/2023/10/30/executive-order-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/ 2: OMB M-24-10 - https://www.whitehouse.gov/wp-content/uploads/2024/03/M-24-10.pdf 3: NIST AI Risk Management Framework 1.0 - https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf 4: NIST SP 1270 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1270.pdf 8: OSTP Blueprint for an AI Bill of Rights - https://www.whitehouse.gov/ostp/ai-bill-of-rights/ 9: GAO-21-519SP - https://www.gao.gov/products/gao-21-519sp 10: EEOC Technical Assistance (Adverse Impact and AI) - https://www.eeoc.gov/laws/guidance/technical-assistance-document-assessing-adverse-impact-software-algorithms-and-ai 5: Joint Statement on Automated Systems (DOJ, CFPB, EEOC, FTC) - https://www.ftc.gov/system/files/ftc_gov/pdf/Joint%20Statement%20of%20Enforcement%20Agencies%20on%20Automated%20Systems%20Final%20%28002%29.pdf 6: Title VI of the Civil Rights Act - https://www.justice.gov/crt/fcs/TitleVI 7: Section 504 of the Rehabilitation Act - https://www.hhs.gov/civil-rights/for-individuals/disability/rehabilitation-act/index.html 11: DoD AI Ethical Principles - https://www.defense.gov/News/Releases/Release/Article/2473313/dod-adopts-ethical-principles-for-artificial-intelligence/ 12: Uniform Guidelines on Employee Selection Procedures (29 CFR Part 1607) - https://www.ecfr.gov/current/title-29/subtitle-B/chapter-XIV/part-1607 13: Azure for US Government - Compliance overview - https://learn.microsoft.com/azure/azure-government/documentation-government-compliance 14: Azure Government - DoD CC SRG - https://learn.microsoft.com/azure/azure-government/compliance/azure-gov-dod-cc-srg 15: Azure Machine Learning - Responsible AI dashboard - https://learn.microsoft.com/azure/machine-learning/how-to-responsible-ai-dashboard 16: Azure Policy - Overview - https://learn.microsoft.com/azure/governance/policy/overview

References

  1. Executive Order 14110 - https://www.whitehouse.gov/briefing-room/presidential-actions/2023/10/30/executive-order-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/ โ†ฉ
  2. OMB M-24-10 - https://www.whitehouse.gov/wp-content/uploads/2024/03/M-24-10.pdf โ†ฉ
  3. NIST AI Risk Management Framework 1.0 - https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf โ†ฉ
  4. NIST SP 1270 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1270.pdf โ†ฉ
  5. Joint Statement on Automated Systems (DOJ, CFPB, EEOC, FTC) - https://www.ftc.gov/system/files/ftc_gov/pdf/Joint%20Statement%20of%20Enforcement%20Agencies%20on%20Automated%20Systems%20Final%20%28002%29.pdf โ†ฉ
  6. Title VI of the Civil Rights Act - https://www.justice.gov/crt/fcs/TitleVI โ†ฉ
  7. Section 504 of the Rehabilitation Act - https://www.hhs.gov/civil-rights/for-individuals/disability/rehabilitation-act/index.html โ†ฉ
  8. OSTP Blueprint for an AI Bill of Rights - https://www.whitehouse.gov/ostp/ai-bill-of-rights/ โ†ฉ
  9. GAO-21-519SP - https://www.gao.gov/products/gao-21-519sp โ†ฉ
  10. EEOC Technical Assistance (Adverse Impact and AI) - https://www.eeoc.gov/laws/guidance/technical-assistance-document-assessing-adverse-impact-software-algorithms-and-ai โ†ฉ
  11. DoD AI Ethical Principles - https://www.defense.gov/News/Releases/Release/Article/2473313/dod-adopts-ethical-principles-for-artificial-intelligence/ โ†ฉ
  12. Uniform Guidelines on Employee Selection Procedures (29 CFR Part 1607) - https://www.ecfr.gov/current/title-29/subtitle-B/chapter-XIV/part-1607 โ†ฉ
  13. Azure for US Government - Compliance overview - https://learn.microsoft.com/azure/azure-government/documentation-government-compliance โ†ฉ
  14. Azure Government - DoD CC SRG - https://learn.microsoft.com/azure/azure-government/compliance/azure-gov-dod-cc-srg โ†ฉ
  15. Azure Machine Learning - Responsible AI dashboard - https://learn.microsoft.com/azure/machine-learning/how-to-responsible-ai-dashboard โ†ฉ
  16. Azure Policy - Overview - https://learn.microsoft.com/azure/governance/policy/overview โ†ฉ

Was this helpful?

Related Articles

policy-brief Build 2026 AI announcements federal adoption checklist 2026-05-07 policy-brief Six month Copilot review framework for federal programs 2026-03-05 policy-brief OMB M-24-10 AI governance requirements for federal agencies 2026-03-04
Citations verified by Astra All content generated by Astra โ€” PubSecAI's AI research system