https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN44863-PPM_CIO-081-000-WEB-1.pdf
DEPARTMENT OF THE ARMY
CHIEF INFORMATION OFFICER
107 ARMY PENTAGON
WASHINGTON DC 20310-0107
ISES-GOV-RM-081
ISES-RMZ (25-1aaaaa1)
MEMORANDUM FOR SEE DISTRIBUTION
SUBJECT: Artificial Intelligence Compliance with Records Management, Privacy
Protection, and Freedom of Information Act
1. References. See enclosure.
2. Purpose. This memorandum emphasizes compliance with Records Management
(RM), Privacy Protections, and the Freedom of Information Act (FOIA) as it pertains to
Artificial Intelligence (AI) products within the Army.
3. Background.
a. AI has the potential to transform operations, optimize processes and procedures,
enhance productivity, and improve decision-making. The same capabilities that enable
swift and flexible workflows can also be utilized to circumvent records management
protocols, privacy safeguards, and compliance with FOIA regulations on a large scale.
b. AI users must comply with RM requirements; protect sensitive and classified
information; and uphold ethical, legal, and transparent AI practices that safeguard
individual rights and maintain public trust.
4. Applicability. This guidance applies to Headquarters Department of the Army
(HQDA) elements, Army Commands, Army Service Component Commands, Direct
Reporting Units, and Army National Guard and Reserve components.
5. Guidance.
a. System owners and application owners must capture, manage, and sustain
records generated through AI systems and low-code/no-code platforms. They must
ensure that all user interactions, including prompts and AI-generated content, are
properly identified, secured, and retained as official records. Interfaces that capture
these interactions must support traceability, auditability, and compliance with records
management standards as outlined in Reference 1a.
b. System and application owners must treat prompts as the foundation for
generating and refining content when using AI systems. They must capture and
ISES-RMZ (25-1aaaaa1)
SUBJECT: Artificial Intelligence Compliance with Records Management, Privacy
Protection, and Freedom of Information Act
manage all aspects of the AI interaction, including input, output, iteration, interaction,
feedback, and adaptation, to support efficient and compliant record management.
System and application owners must:
(1) Assess the purpose and scope of AI use to determine its impact on
recordkeeping requirements.
(2) Implement tools or processes to flag, capture, store, and manage prompts
and AI generated content as potential records.
(3) Identify which elements of the prompt response interaction qualify as official
records based on content, context, and purpose.
(4) Evaluate captured prompts and content against applicable records
management policies and retention schedules.
(5) Document the criteria, rationale, and decision-making process used to
classify prompts and content as records.
(6) Collaborate with records management staff to ensure full compliance with
legal, regulatory, and Army guidelines.
6. FOIA Requirements.
a. The public has the right to access government records under FOIA, including
AI prompts and content that qualify as public records. When personnel use AI prompts
and content on official government systems for public business, they must disclose that
information in response to FOIA requests.
b. System and application owners must provide access to AI prompts and
content classified as government records, retrieve them efficiently, and maintain them
properly to support timely and complete FOIA responses.
7. Privacy Requirements.
a. Personnel must:
(1) Follow existing privacy and data protection laws when creating AI prompts
and content.
(2) Lawfully and securely collect, use, access, modify, and store data to reduce
risks to privacy and confidentiality.
2
ISES-RMZ (25-1aaaaa1)
SUBJECT: Artificial Intelligence Compliance with Records Management, Privacy
Protection, and Freedom of Information Act
(3) Minimize data collection and design AI prompts and content to prevent the
generation or disclosure of sensitive information. These actions protect privacy and
promote responsible AI use.
(4) Ensure that accountability and transparency guide the responsible use of AI
by upholding ethical standards and meeting legal obligations.
8. Awareness and Training: All Army personnel must complete annual training
requirements on operations security, information security, controlled unclassified
information, information assurance/cyber awareness, and records management. These
training courses ensure compliance with regulations and reinforce the importance of
safeguarding data and records. As AI becomes integrated into operations, personnel
must develop awareness of its responsible use, as outlined in this guidance, to
safeguard data and uphold security standards.
9. Expiration and review. This guidance is effective immediately and remains in effect
until superseded or rescinded. The Office of the Chief Information Officer will review
this guidance annually or no later than 1 October of each calendar year.
10. Points of contact.
a. CIO Policy Inbox: usarmy.pentagon.hqda-cio.mbx.policy-inbox@army.mil.
b. Ms. Joyce Luton, Director, Army Records Management Directorate at phone:
(520) 673-3981 and email: joyce.luton2.civ@army.mil.
Encl LEONEL T. GARCIGA
Chief Information Officer
DISTRIBUTION:
Principal Officials of Headquarters, Department of the Army
Commander
U.S. Army Forces Command
U.S. Army Training and Doctrine Command
U.S. Army Materiel Command
U.S. Army Futures Command
U.S. Army Pacific
U.S. Army Europe and Africa
U.S. Army Central
(CONT)
3
ISES-RMZ (25-1aaaaa1)
SUBJECT: Artificial Intelligence Compliance with Records Management, Privacy
Protection, and Freedom of Information Act
DISTRIBUTION: (CONT)
U.S. Army North
U.S. Army South
U.S. Army Special Operations Command
Military Surface Deployment and Distribution Command
U.S. Army Space and Missile Defense Command/Army Strategic Command
U.S. Army Cyber Command
U.S. Army Medical Command
U.S. Army Intelligence and Security Command
U.S. Army Corps of Engineers
U.S. Army Military District of Washington
U.S. Army Test and Evaluation Command
U.S. Army Human Resources Command
U.S. Army Corrections Command
U.S. Army Recruiting Command
Superintendent, U.S. Military Academy
Commandant, U.S. Army War College
Director, U.S. Army Civilian Human Resources Agency Executive Director, Military
Postal Service Agency Director, U.S. Army Criminal Investigation Division Director,
Civilian Protection Center of Excellence
Director, U.S. Army Joint Counter-Small Unmanned Aircraft Systems Office
Superintendent, Arlington National Cemetery
Director, U.S. Army Acquisition Support Center
CF:
Principal Cyber Advisor
Director, Office of Analytics Integration
Commander, Eighth Army
4
REFERENCES
a. DoDI 5015.02 (DoD Records Management Program). Available at:
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/501502p.pdf?ver=2019-
01-24-111201-200.
b. 44 U.S.C. Chapter 31 (Records Management by Federal Agencies). Available at:
https://uscode.house.gov/view.xhtml?req=granuleid%3AUSC-2000-title44-
chapter31&edition=2000//uscode.
c. 5 U.S.C. 552, as amended (Freedom of Information Act). Available at:
https://www.justice.gov/oip/freedom-information-act-5-usc-552.
d. 5 U.S.C 552a, as amended (Privacy Act of 1974). Available at:
https://www.govinfo.gov/content/pkg/USCODE-2018-title5/pdf/USCODE-2018-title5-partI-
chap5-subchapII-sec552a.pdf.
e. OMB M 24-18 (Advancing the Responsible Acquisition of Artificial intelligence in
Government). Available at: https://whitehouse.gov/wp-content/uploads/2024/10/M-24-18-
AI-Acquisition-Memorandum.pdf.
f. OMB M 24-10 (Advancing Governance, Innovation, and Risk Management for Agency
Use of Artificial Intelligence). Available at: https://www.whitehouse.gov/wp-
content/uploads/2024/03/M-24-10-Advancing-Governance-Innovation-and-Risk-
Management-for-Agency-Use-of-Artificial-Intelligence.pdf.
g. DoDD 5105.89 (Chief Digital and Artificial Intelligence Officer). Available at:
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodd/510589p.PDF?ver=Ikhn
-60VR-GpxO78wiYQZA%3d%3d.
h. DoDI 5400.11 (DoD Privacy and Civil Liberties Programs). Available at:
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/540011p.pdf?ver=gM7Q
U0FeRs8wMwzFXS8uSA%3d%3d.
i. DoD 5400-11-R (Department of Defense Privacy Program). Available at:
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/540011r.pdf
j. DoDM 5400.07 (DoD Freedom of Information Act (FOIA) Program). Available at:
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/540007_dodm_2017.p
df.
k. AR 25-22 (The Army Privacy and Civil Liberties Program). Available at:
https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN42925-AR_25-22-002-WEB-3.pdf.
l. AR 25-55 (The Department of The Army Freedom of Information Act Program). Available
at: https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN38447-AR_25-55-001-WEB-3.pdf.
Enclosure