The rise of Artificial Intelligence (AI) in the Federal Government presents both unprecedented opportunities and profound risks. From improving benefits processing at the VA to detecting fraud in Medicare claims, AI can help agencies become faster, smarter, and more citizen-centric. But realizing this potential hinges on robust, agile, and accountable governance frameworks.
Unfortunately, many agencies still struggle with outdated, heavyweight governance models that slow innovation and fail to adapt to the pace of modern technology. Enter Minimum Viable Governance (MVG)—an adaptive, lightweight, and automation-driven approach that offers a way forward.
The Federal Government has long grappled with the complexities of technology governance:
- Heavyweight Processes and Bureaucratic Bottlenecks
Federal IT governance was historically rooted in control-centric models—lengthy checklists, manual reviews, and rigid gatekeeping. Frameworks like Capital Planning and Investment Control (CPIC), the Federal Enterprise Architecture Framework (FEAF), and even parts of the Federal Risk and Authorization Management Program (FedRAMP) have become infamous for slowing delivery.
- Waterfall-Style Oversight in Agile Environments
Even as agencies began adopting agile development, their governance structures often remained tied to outdated waterfall approaches. This disconnect led to “compliance theater,” where innovation was feigned but processes were still rigid and sequential.
- Lack of Flexibility and Proportionality
Traditional governance failed to differentiate between low-risk and high-risk systems. A simple chatbot might endure the same review process as a mission-critical health system—wasting resources and time.
- Siloed and Manual Compliance Reviews
Governance documentation, audits, and approvals were often performed manually, isolated from actual development environments. This made it hard to enforce policies consistently or respond quickly to emerging risks.
These issues not only caused delays and cost overruns but also eroded trust in government IT’s ability to deliver value.
What is MVG?
Minimum Viable Governance is a modern, risk-based approach to governance. Rather than enforcing every control at maximum strength from day one, MVG establishes a lightweight, modular, and iterative governance foundation that evolves with system maturity, mission criticality, and real-world usage.
Key Advantages Over Traditional Governance
| Traditional Governance | MVG Approach |
| Rigid, one-size-fits-all | Contextual and risk-based |
| Manual reviews and artifacts | Automated checks and dashboards |
| Compliance-first | Mission-first, with built-in accountability |
| Waterfall-style checkpoints | Embedded into agile workflows |
| Static documents | Live, versioned documentation (e.g., model cards, lineage graphs) |
MVG operates across the AI system lifecycle—from ideation to post-deployment—and emphasizes “just enough” governance to manage risk without stifling innovation.
- During AI Ideation
- Risk assessment matrix assigns governance tiers.
- Ethical and legal considerations are documented early.
- Data Acquisition
- Automated scans for sensitive data (PII/PHI).
- Metadata tracking and provenance logs established.
- Model Development & Testing
- Lightweight model cards generated.
- Bias and fairness tests scaled based on impact.
- Explainability thresholds tailored to use case.
- Deployment
- Governance-as-code pipelines ensure policies are enforced in CI/CD.
- Deployment registries capture purpose, ownership, and versioning.
- Monitoring & Auditing
- Automated drift detection, alerting, and audit logging.
- Integrated dashboards expose performance, risk, and compliance in real-time.
Governance-as-a-Service (GaaS): The Engine Behind MVG
Governance-as-a-Service is the operational backbone of MVG. It involves codifying governance policies into automated tools and services that teams can use as self-service or integrate directly into their workflows.
Examples:
- Bias Testing APIs: Standardized scripts test models for demographic parity or disparate impact.
- PII Scanning Services: Auto-flag data quality or compliance issues in pipelines.
- Model Registry Portals: Centralized place to manage model lineage, risk tiers, approvals, and metadata.
GaaS makes MVG repeatable, scalable, and traceable—key features for any enterprise-wide AI strategy.
MVG in Action: Hypothetical Federal Example
Imagine the Department of Labor wants to deploy an AI model to detect anomalies in unemployment insurance claims.
With Traditional Governance:
- Long procurement and compliance delays
- Separate compliance teams manually review documentation
- AI takes 18 months to get into production
With MVG:
- Risk is assessed early—model categorized as medium-risk
- PII scanning and model documentation built into dev pipelines
- Bias testing triggered at each model retraining
- Human approval required only for significant updates
- Live dashboards track accuracy, bias, and drift in production
Outcome:
- Model is deployed safely within 3 months
- Trust is built through transparency and traceability
- Future models reuse the same MVG framework, reducing lift
As the Federal Government scales its AI investments, governance must evolve. Minimum Viable Governance provides a pragmatic, forward-thinking model that acknowledges the pace of innovation while upholding public sector responsibilities. Instead of repeating the past’s mistakes—rigid rules, slow delivery, and overburdened compliance teams—agencies can use MVG to accelerate mission delivery, build internal and public trust, reduce the compliance burden through automation, and enable responsible, scalable, and repeatable AI development.
About Greg Godbout
Greg Godbout is the CEO of Flamelit – a Data Science and AI/ML consultancy. He was the former Chief Growth Officer at Fearless. Formally the Chief Technology Officer (CTO) and U.S. Digital Services Lead at the EPA. Greg was the first Executive Director and Co-Founder of 18F, a 2013 Presidential Innovation Fellow, Day One Accelerator Fellow, GSA Administrator’s Award Recipient, and a The Federal 100 and Fedscoop 50 award recipient. He received a Masters in Management of IT from the University of Virginia, and a Masters in Business Analytics and AI from NYU.
