Mississippi has released a comprehensive AI governance framework designed to help state agencies adopt artificial intelligence responsibly while maintaining human control over consequential decisions. The template, published by the Mississippi Artificial Intelligence Network (MAIN), provides state agencies with a planning and governance structure rather than a one-size-fits-all policy, allowing each agency to adapt AI rules to its specific mission, legal environment, and risk profile.

What Makes This Different From Other AI Governance Efforts?

Unlike top-down mandates that often struggle to fit diverse government operations, Mississippi's approach recognizes that a state health agency faces different AI risks than a transportation department. The framework is built on the principle that durable rules should stay stable while tool-specific guidance evolves as technology changes. Agencies are encouraged to establish core values first, then translate those values into concrete operational controls rather than leaving them as abstract slogans.

The template covers 20 distinct areas of AI governance, from data classification and security to public records retention and workforce readiness. Rather than treating all AI as either banned or acceptable, the framework creates distinct lanes for different types of AI use. For example, state IT staff can experiment with open-source or self-hosted AI models on agency-controlled hardware for learning and evaluation without tool-by-tool approval, as long as no state data leaves the local system.

How Should State Agencies Implement This Framework?

• Establish Clear Governance Structure: Designate an accountable owner for AI governance and create a cross-functional review group that includes IT, information security, legal, privacy, records management, and program leadership to oversee enterprise decisions, approved tools, and exceptions.
• Define Acceptable and Prohibited Uses: Publish a short, plain-language list distinguishing which AI uses are encouraged, which require review, and which are prohibited outright, ensuring employees understand the rules before they act.
• Implement Data Protection Controls: Ensure employees do not enter confidential, regulated, or restricted state data into AI systems not approved for that data category, and maintain a restricted-technologies list that staff must follow.
• Require Human Review for Consequential Decisions: Mandate that human review occurs before AI output is used in any decision, record, communication, or public service that affects citizens or official operations.
• Maintain Central Inventory and Reporting: Keep a central inventory of approved tools, restricted uses, exceptions, and incidents, with periodic reporting to agency leadership on adoption, training, and compliance metrics.

The framework emphasizes that policy should set mandatory rules and authorities, while guidance explains how to apply those rules in practice, and procedures define specific operational steps. Where a rule is already set by state law or the Mississippi Department of Information Technology Services (ITS), agencies should point to it rather than restate or contradict it.

What Foundational Principles Should Guide AI Decisions?

Mississippi's ITS AI Acceptable Use Policy, which serves as the authoritative baseline for executive-branch agencies under Executive Order 1584, is built on nine core principles: fairness, innovation, privacy, security and safety, transparency, accountability, accessibility, validity, and reliability. The framework requires that employees keep human control over AI systems and remain responsible for final decisions. This human-in-the-loop requirement applies across all consequential uses, from hiring decisions to benefit determinations to public safety applications.

The template also addresses a common pitfall in government AI adoption: shadow AI use and fragmented adoption. By establishing clear governance, maintaining a central inventory of approved tools, and requiring periodic reporting, agencies can prevent informal automation of decisions that affect the public. The framework acknowledges that treating all AI as banned stifles legitimate efficiency gains, while treating all AI as acceptable creates unmanaged risk.

For agencies experimenting with locally hosted AI models, the framework sets specific technical requirements: the environment must be offline or configured so that no prompts, data, or outputs leave it, with telemetry, cloud sync, and auto-update features disabled. Model weights and datasets must come from reputable sources and be treated as executable code, since a downloaded model is a supply-chain item. Users must already be authorized to access and use any data involved, and regulated or restricted data follows its own rules regardless of where the model runs.

The Mississippi template arrives as state governments nationwide grapple with AI adoption. By providing a flexible framework rather than a rigid policy, Mississippi offers a model that other states may adapt to their own governance structures, legal environments, and risk tolerances. The emphasis on human oversight, transparency, and proportional controls reflects growing consensus among policymakers that effective AI governance requires balancing innovation with accountability.