What OMB Actually Built
OMB's M-24-10, issued in March 2024, is the foundational document for federal AI governance. It's worth reading rather than summarizing, because the summaries tend to flatten what's actually a deliberate architectural choice. The memo creates the CAIO role with real authority — coordinating AI governance, approving high-impact AI use cases, overseeing AI risk management across the agency. It also explicitly preserves the CISO's authority over security risk, including AI-related security risk. And it leaves the CIO's authority over IT infrastructure and systems acquisition intact.
Three legitimate authority claims. No stated hierarchy among them. No forcing function.
The distribution was deliberate. OMB spread AI governance authority across all three roles because AI governance genuinely touches all three domains. An AI system that processes personally identifiable information is simultaneously an IT system (CIO), a security risk (CISO), and an AI deployment requiring risk assessment (CAIO). The policy architecture reflects that reality. The problem is that "this touches everyone" and "someone has to decide" are two different problems, and M-24-10 solved the first one without fully solving the second.
The result, visible in agency after agency, is a governance structure that looks complete on paper and operates as a negotiation in practice.
The Three Claims, Stated Plainly
The CAIO's claim is the most recent and, in some agencies, the most contested. CAIOs were largely stood up in 2024 in response to M-24-10's mandate. Many came from policy or program backgrounds rather than technology backgrounds, which means their authority is real but their technical leverage is limited. They own the AI governance framework. They don't always own the infrastructure the AI runs on or the security controls that govern it. When a CAIO says "we're moving forward with this deployment," the CISO can still say "not until the ATO is complete," and the CIO can still say "not until it's on the approved systems list."
The CISO's claim is the oldest and the most operationally grounded. CISOs have been saying yes or no to technology deployments for decades, and they have the Authority to Operate process as their instrument. Every AI system that touches federal data needs an ATO. The CISO doesn't have to claim AI governance authority explicitly — they exercise it through the security review process, which nothing bypasses. This gives CISOs a structural veto that doesn't require them to win any governance argument. They just have to be slow.
The CIO's claim is the broadest and the most diffuse. CIOs own the enterprise architecture, the approved products list, the cloud contracts, the data infrastructure. An AI system that needs to connect to agency data has to go through systems the CIO controls. Like the CISO, the CIO doesn't need to win a governance argument to exercise authority — they exercise it through procurement and architecture review. The AI initiative that can't get on the approved cloud platform isn't going anywhere regardless of what the CAIO approved.
Three legitimate claims, three different instruments of authority, and no structural requirement that any of them concede.
Why the IDAM Resolution Mechanism Doesn't Transfer
In contested IAM ownership, the resolution usually comes from a technical dependency. Someone controls the certificate authority, or the MFA enrollment flow, or the SCIM provisioning endpoint. That control is real and immediate; it can't be abstracted away by a governance memo. The person who holds the dependency holds the conversation.
AI governance has no equivalent chokepoint. The CAIO can't revoke the CISO's ATO authority. The CISO can't revoke the CAIO's mandate. The CIO can't unilaterally approve a deployment the CISO hasn't cleared. The authorities are parallel, not nested. There's no technical dependency that forces one of them to defer to the others.
This is the break point where IAM intuition becomes actively misleading. If you've navigated contested ownership before by finding the person who controls the dependency, you'll spend a long time in federal AI accounts looking for a lever that isn't there. The vacuum isn't organizational dysfunction you can route around. It's structural ambiguity that the policy architecture created and that no agency org chart has fully resolved.
Some agencies have tried. GSA published an AI governance framework in 2024 that explicitly assigns decision rights across the CAIO, CISO, and CIO for different categories of AI use cases. It's a reasonable document and a genuine attempt at resolution. It also requires all three executives to agree on which category a given deployment falls into before the decision rights even apply. The framework solves the governance question one level up from where the actual disputes occur.
DHS has a similar structure, with a CAIO who coordinates across components that each have their own CISOs and CIOs. The coordination layer is real. The authority hierarchy is still negotiated case by case.
What This Looks Like in a Meeting
The seller who walks in and asks "so who owns AI here?" has already made a mistake. The question itself is right. Asking it in the room is the problem, because it triggers a specific and predictable dynamic. Each executive will assert their authority, or defer to the others in a way that signals the question is contested, or both. You'll leave the meeting with three business cards and no clearer sense of who can say yes than when you arrived.
The seller who maps the ownership landscape before the meeting is in a different position entirely.
Most agencies have published enough to let you do this. The CAIO's public statements — in trade press like Nextgov, FCW, GovCIO Media — usually reveal their governance priorities and where they feel their authority is strongest. The CISO's public posture on AI security risk tells you how they're framing their role. The agency's published AI strategy or governance framework, if one exists, shows you where the decision rights are formally assigned and, more usefully, where they're conspicuously absent. The gaps in the published framework are the governance disputes that haven't been resolved yet.
Walk in knowing which decisions each executive owns, which decisions are genuinely shared, and which decisions are nominally assigned but practically contested. You don't need to know who wins the contested ones — you need to know they're contested.
The Discovery Approach That Doesn't Trigger Defensiveness
Skip "so who owns AI?" Ask each stakeholder separately: "what does a successful deployment look like from your perspective?"
The CAIO will describe success in terms of risk management, responsible use, and governance compliance. The CISO will describe success in terms of security controls, ATO completion, and continuous monitoring. The CIO will describe success in terms of integration with existing infrastructure, approved acquisition vehicles, and enterprise architecture alignment.
These answers aren't contradictory. They're parallel. And the delta between them — what one executive considers essential that another doesn't mention — is your ownership map.
The seller who can synthesize those three answers into a coherent picture has done something none of the three executives has done for each other: mapped the full governance landscape across all three authority domains. That synthesis is the credibility move. Not a product demo, not a reference customer, not a white paper. The ability to say, accurately, "here's what governance success looks like across all three of your stakeholder groups, and here's where your current framework has a gap." That's the conversation that earns the next meeting.
One practical note on sequencing: start with the CISO. The ATO process is the structural veto, and understanding the CISO's AI security posture before you talk to the CAIO or CIO tells you which governance questions are already resolved and which are still open. A CISO who has developed a clear AI security framework is a CISO who has already negotiated some of the authority questions with the CAIO. A CISO who's still developing their AI security posture is a CISO who hasn't. That difference tells you more about the governance maturity of the account than any org chart.
The Structural Difference
The contested IAM ownership you've navigated before was usually organizational dysfunction — a gap in the org chart that someone eventually filled. The federal AI governance situation is different in kind, not just degree. OMB built a governance structure that distributes authority intentionally, because AI genuinely requires all three domains. The agencies that have tried to resolve the ambiguity have mostly added coordination mechanisms on top of parallel authority structures, not replaced the parallel structure with a hierarchy.
The seller's job, then, isn't to find the single buyer who can say yes. It's to understand the governance landscape well enough to help the agency's three authority holders reach a shared yes. That's a longer sale. It's also a more defensible one, because the vendor who helped the agency navigate its own governance structure is not easily displaced by a competitor who shows up with a better demo.
The ownership vacuum that OMB built isn't going away. The agencies that have figured out how to govern AI have done it through negotiation among the three roles, not by eliminating two of them. Your job, before Tuesday's meeting, is to understand which stage of that negotiation the account is in — and to walk in with a map of the territory that none of the three executives has drawn for themselves yet.
That map is your differentiator. Everything else is a feature comparison.