Somewhere in your firm, someone has probably already pasted solicitation text into a chatbot. Maybe they asked it to summarize Section L. Maybe they asked it to draft a management-approach paragraph. Either way, the question lands on a principal’s desk sooner or later, and it lands in legal clothing: are we allowed to do this on a federal bid? And if it goes wrong, who is holding the liability?

The short answer to the first question is yes. No federal rule bans AI from proposal work, and as of this writing — June 2026 — there is no universal requirement to disclose AI use at proposal time. But that answer, on its own, is close to useless. A federal proposal is a stack of representations to the United States government, and the law attaches liability to the humans and the firm that sign those representations — never to the tool that drafted them. So the real question isn’t is AI allowed. It’s narrower and far more practical: which acts in a proposal are legally and professionally non-delegable?

That list turns out to be short, specific, and knowable. This article walks through it: what the law actually says, who holds the exposure when AI gets something wrong, what the government’s own AI is now doing to your proposal, and where the rules are heading.

Our stake, stated up front: Gridex operates proposal-preparation work for A&E and government-contracting firms, so we are an interested party in where this line gets drawn. That is exactly why we draw it conservatively — and cite the law by name so you can check it yourself.

There is no government-wide prohibition, and no government-wide proposal-time disclosure mandate. What exists instead, as of June 2026, are two narrower obligations worth checking on every pursuit:

Some solicitations now carry their own AI terms. OMB’s 2025 acquisition memorandum (M-25-22) directs agencies to consider whether a solicitation should require offerors to disclose AI use. That decision sits with each agency and contracting officer — which means the only reliable check is the solicitation in front of you. Read it. If it says nothing about AI, no disclosure duty attaches at submission. If it does, the clause governs.

One prohibition is already live. The FY2026 National Defense Authorization Act, signed in December 2025, bans AI from DeepSeek, its parent company, and other adversarial-nation sources from use in Department of Defense contract work — and that ban took effect in January 2026. It is not a disclosure rule; it is a flat prohibition, and the conservative reading covers proposal work on DoD pursuits. If anyone in your workflow is using an unvetted free tool, on a defense bid that is no longer a quality concern. It is a compliance violation.

So the legality answer is: yes, with two checks. But legality is the floor, not the standard. Everything that matters in this conversation lives above the floor — in the question of who certifies what.

The Short List No AI Can Sign

Strip a federal proposal down to its legal skeleton and you find a handful of acts that bind a specific human or the firm itself. These are the things that stay human not because a policy says so, but because the signature is the act:

  1. The bid decision. Whether to pursue at all is business judgment about your firm’s real capacity and odds. AI can assemble the qualification facts; it cannot own the call.
  2. The truth of every factual claim. Every project description, credential, and capability statement is your firm’s representation to the government. Whoever submits it asserts it.
  3. The past-performance selection. Which projects to claim — and whether each claim survives a cross-check against CPARS, the government’s own performance record — is a truthfulness decision, not a retrieval task. AI can surface candidates from your library; a person decides what the firm asserts.
  4. The pricing certification. When certified cost or pricing data are required, FAR 15.406-2 demands a signed Certificate of Current Cost or Pricing Data — executed by someone authorized to bind the firm. That signature creates personal and corporate liability. There is no version of it an AI can perform.
  5. Section K — representations and certifications. Under FAR subpart 4.12, the reps and certs an offeror makes (largely maintained in SAM.gov and incorporated into each offer) are made by an authorized official. A false certification is a false statement to the government, with everything that follows.
  6. The professional seal. For A&E firms, the National Society of Professional Engineers’ Board of Ethical Review put it directly in BER 24-2 (2024): using AI in engineering practice is not inherently unethical — but sealing AI-generated work without maintaining responsible charge is. The licensure rules behind that opinion are uniform across states: you may seal only work done by you or under your direct control and personal supervision. A seal applied to unsupervised output is a violation in every U.S. jurisdiction.

Everything upstream of those six acts — extracting requirements, building the compliance matrix, surfacing candidate projects and resumes, assembling volumes — is preparation. We drew that side of the line in detail, table and all, in the companion article on what AI can actually do in RFP work. The two lists are halves of one rule: AI prepares and assembles; a credentialed human authors the claims and signs.

Who Is Responsible When AI Gets It Wrong?

The False Claims Act (31 U.S.C. §3729) is the statute that gives this question its teeth. Three features matter for AI specifically:

It is civil, and it does not require intent to defraud. “Knowing,” under the statute, includes deliberate ignorance and reckless disregard of the truth. Submitting AI-drafted claims that nobody verified is the textbook shape of reckless disregard. “The AI wrote it” is not a defense; it is closer to an admission.

The numbers compound. Liability runs to three times the government’s damages plus a per-claim civil penalty — currently $14,308 to $28,619 per false claim, at current adjusted levels. Proposals contain many claims.

Enforcement is pointed this way. The Department of Justice named AI-related fraud an explicit False Claims Act enforcement priority for 2026. The liability chain it describes is exactly the proposal scenario: a fabricated or inflated claim, signed by an authorized official, relied on in an award.

Above the civil layer sits 18 U.S.C. §1001, the criminal false-statements statute: up to five years, no oath required, and it reaches statements made in proposals. The honest distinction between the two: criminal liability requires acting knowingly and willfully, a higher bar than the FCA’s recklessness. A firm that skips verification is much more likely to meet the civil standard than the criminal one. That is not comfort. It is a description of which courtroom.

And the honest boundary, stated plainly: as of June 2026, no contractor has been suspended or debarred over AI-hallucinated proposal content. The closest precedent sits one filing-type away — in 2025 the Government Accountability Office began sanctioning bid-protest filers whose briefs contained AI-fabricated citations, and identified the hallmarks of generative-AI misuse in multiple protest decisions that year. Different document, identical mechanism: fabricated material in a federal filing, traced back to an unverified tool. The first proposal case has not happened yet. Nobody in this market should want to be it.

The Part Nobody Mentions: The Government’s AI Reads It First

While contractors debate whether to use AI, agencies have already started. GSA, the Army, and the IRS have all stood up AI-assisted screening that reads proposals for compliance before a human evaluator sees them — a shift reported in federal acquisition press in spring 2026. Two consequences follow.

First, generic AI output is now visible to the evaluator. Proposal consultants have a name for it — “AI speak”: fluent, vague, unsubstantiated text that pattern-matches to every other tool’s output. In one vendor’s account, a program office received five nearly identical proposals from five different bidders, all leaning on the same generic tooling. In a qualifications-based market where differentiation is the entire game, that is not a style problem.

Second, hallucination risk runs both directions — an agency’s AI mischaracterizing your proposal is now an emerging bid-protest theory, and your AI’s errors are caught faster by screening built to flag unsupported claims. In a December 2025 poll of 275 proposal professionals, hallucinated facts ranked as the top AI concern in the field, cited by 42%. The practitioners closest to the work worry most about exactly the failure mode the law prices highest.

The net of both: the question has quietly inverted. It is no longer “will anyone notice if we use AI?” It is “will our AI-touched proposal survive contact with theirs?” Proposals built on verified, traceable claims will. Proposals assembled by an unsupervised chatbot will not.

The line is not “AI versus no AI.” It is verified versus unverified. Every claim in a federal proposal needs a human who checked it and a record of where it came from — because the signature on Section K asserts all of it, and the government’s own screening now reads for exactly the kind of text that nobody checked.

Where the Rules Are Heading

None of today’s guidance imposes a universal proposal-time disclosure mandate. But the direction of travel is unambiguous, and it is worth naming the documents rather than predicting their final form:

  • OMB M-25-21 and M-25-22 (2025) govern how agencies adopt and buy AI, and push agencies to consider AI-use disclosure provisions in solicitations.
  • OMB M-26-04 (December 2025) imposes documentation and disclosure duties on vendors selling LLM products to agencies — a different obligation than contractors using AI in proposals, and worth not conflating.
  • GSA’s draft AI safeguarding clause (GSAR 552.239-7001, released for comment in March 2026) would require Schedule contractors to disclose, within 30 days of award, the AI systems used in performance — along with data-handling, incident-reporting, and foreign-AI restrictions. It is still a draft, expected to land in a future Schedule refresh.
  • The FY2026 NDAA, beyond the live tool prohibition, directs DoD to build an AI security framework and write it into defense acquisition regulation — a pipeline that ends in contract clauses.

Read together, the documents describe a procurement system being assembled around one expectation: the government will increasingly know, and increasingly ask, where AI sits in your process. A workflow built on human certification with a traceable record behind every claim doesn’t need to scramble when each of these lands — it is already shaped like the requirement. An “AI writes it, we skim it” workflow is on the wrong side of every one of them.

How We Run This Line in Practice

Gridex’s answer to all of the above is structural, not aspirational. The preparation layer — solicitation shredding, the compliance matrix, past-performance and resume surfacing, volume assembly — runs as an operated service with the controls this work demands: defined data boundaries, human review gates on every output, and an audit trail that ties each prepared claim back to its source document. That control layer is its own discipline — governed AI deployment — and in government work it is not a premium feature. It is the price of admission.

What your firm keeps is everything on the short list: the bid decision, the win strategy, the truth of the claims, the pricing certificate, Section K, and the seal. Nothing we prepare is submission-ready until your people have decided it is. That is the design, for the reasons this article just spent two thousand words on. The same logic drives our broader AI governance framework — the rules above are the govcon edge of a pattern that now runs through every regulated industry.

Five Questions to Ask Before AI Touches a Federal Proposal

Run any tool, vendor, or internal workflow against these. Each maps to one of the red lines above.

  1. Can any AI output reach a submission without a person reviewing it? If yes, stop there — that is the reckless-disregard pattern the False Claims Act prices at treble damages.
  2. Can every factual claim be traced to a verifiable source document? Your firm asserts what it submits. Past performance in particular gets checked against the government’s own records.
  3. Who signs Section K and the pricing certification — and do they know what AI touched? The signer is personally certifying accuracy. They should be able to say what was prepared, by what, and who verified it.
  4. If a seal goes on it: did a licensed professional maintain responsible charge? Per BER 24-2 and uniform state licensure law, the stamp covers only work done under that person’s direction and supervision.
  5. What tools are actually in the workflow — and does this solicitation say anything about AI? The two live legal checks: no prohibited-source AI on defense work, and no solicitation-specific AI clause left unread.

If a vendor can’t answer all five crisply, the problem isn’t that they use AI. It’s that they haven’t decided where the line is. The firms that get durable value out of AI in proposal work are the ones that drew it first — and built the workflow on the correct side.

Bring us one live RFP and we’ll show you what the prepared side of the line looks like — a review-ready compliance matrix and proposal brief, every claim traced to its source, nothing submission-ready until your people sign. See how governed AI deployment keeps the judgment line intact.

Gridex turns work demand into AI capacity. For A&E and government-contracting firms, that means operating the preparation side of proposal work — under data boundaries, human review gates, and a per-claim audit trail — while your firm keeps every decision the law says is yours. You decide. You certify. You sign. See how it fits A&E and govcon firms or tell us where your team is buried.