Who This Impacts: Mortgage lenders, independent mortgage companies (IMBs), banks, credit unions, and nonbank servicers that originate or service conventional loans sold to or guaranteed by Fannie Mae or Freddie Mac — including those using AI through third-party vendor tools.

Key Dates:

• March 3, 2026 — Freddie Mac's AI/ML governance requirements (Guide Bulletin 2025-16, Section 1302.8) are already in effect. Any mortgage with an application date on or after this date must comply.

• August 6, 2026 — Fannie Mae's AI/ML governance framework (Lender Letter LL-2026-04) takes effect. Less than two months away.

For lenders selling loans to Fannie Mae or Freddie Mac, these dates represent more than another compliance deadline. They mark a significant shift in how AI governance is expected to be operationalized across the mortgage lifecycle.

Artificial intelligence didn't sneak into mortgage lending. It walked in through the front door, embedded in loan origination systems, fraud detection tools, income verification platforms, pricing engines, and borrower communication workflows. Most lenders didn't think twice about it. Why would they? The tools worked, regulators hadn't drawn any hard lines, and the industry kept moving.

That era is over.

In the span of just a few months, both Fannie Mae and Freddie Mac have issued AI governance frameworks that establish enforceable requirements for approved sellers and servicers operating in the conventional mortgage market. This isn't guidance. It isn't a best practices checklist. It's a compliance obligation with hard deadlines, and for many organizations, a wake-up call that their AI risk programs haven't kept pace with their AI adoption.

What Happened and When

Freddie Mac moved first. In December 2025, it issued Guide Bulletin 2025-16, amending its Single Family Seller/Servicer Guide to include explicit, prescriptive AI governance requirements codified in Section 1302.8. That bulletin took effect March 3, 2026. Organizations that have not addressed these requirements should assess their compliance posture and identify any gaps immediately.

Fannie Mae followed in April 2026, issuing Lender Letter LL-2026-04, a formal governance framework for any approved seller or servicer using AI or machine learning in loan origination or servicing. The framework takes effect August 6, 2026.

Together, these frameworks represent some of the most significant sector-specific AI governance requirements issued to the U.S. mortgage industry to date. They will not be the last.

Who This Applies To

The short answer: nearly everyone operating in conventional mortgage lending.

Both frameworks apply to any approved Fannie Mae or Freddie Mac seller or servicer using AI or machine learning in connection with origination or servicing. That scope is deliberately broad, capturing large banks, independent mortgage companies, credit unions, and nonbank servicers alike.

Two points about scope deserve particular attention.

Vendor tools are your responsibility.

The frameworks do not distinguish between AI systems you built internally and those provided by third-party vendors. If your LOS uses an AI-powered workflow, if your fraud detection runs on a machine learning model, if your income verification platform uses automated analysis — all of it is in scope, and all of it must be governed. The fact that a vendor built the tool does not transfer accountability for governance and oversight.

It's not just underwriting.

These requirements extend to any AI-enabled function that touches the mortgage process, including document processing, borrower outreach, payment processing, loss mitigation, quality control, and fraud detection. If AI is anywhere in the process, it is covered.

One challenge many lenders are discovering is that their AI inventory is less complete than they expected. Over the past 18 months, numerous software providers have embedded AI capabilities into existing platforms without changing how those products are procured, reviewed, or governed. As a result, organizations often have more AI in production than they realize — and more exposure than they've accounted for.

What the Requirements Demand

The two frameworks are aligned in intent but differ in specificity. Fannie Mae's approach is principles-based, establishing the essential components of AI governance and leaving room for institutions to operationalize them. Freddie Mac's framework is more prescriptive, requiring specific operational controls, audit standards, and — as legal analysts reviewing Section 1302.8 have noted — indemnification obligations tied to the Seller/Servicer's use of AI.

For lenders selling to both institutions, which is most of the market, you will need to satisfy the more stringent elements of each. At a high level, both frameworks require written AI governance policies, designated internal ownership of AI risk, vendor accountability, bias mitigation and fair lending documentation, explainability, and audit readiness.

That last item matters more than it might appear. The GSEs aren't just asking for policies on paper. They expect lenders to demonstrate their governance program on demand. A static policy document and a spreadsheet inventory may technically check a box, but they won't hold up under real scrutiny. Increasingly, organizations need a repeatable process for identifying AI, documenting controls, monitoring changes, and demonstrating oversight over time.

What To Do Now

If the Freddie Mac deadline has already passed and you haven't addressed it, the priority is to move quickly and document your remediation efforts. Regulators generally respond better to organizations that can demonstrate awareness, a clear plan, and measurable progress.

For organizations focused on the Fannie Mae deadline of August 6, here is a practical starting point:

1. Build your AI inventory. You cannot govern what you haven't identified. Catalog every AI or ML system in use across origination and servicing, including vendor tools. For each system, document the provider, the use case, the data inputs, who owns it internally, and what oversight currently exists.

2. Assign ownership. Designate someone at an appropriate level to own AI risk across the organization. This doesn't need to be a new hire. It needs to be a named owner with defined responsibilities and a path to escalate issues.

3. Review your vendor contracts. Assess whether agreements for key AI-enabled vendors include provisions for audit rights, AI disclosure, and model change notifications. Many won't. That is a gap to close, either through contract amendments or updated onboarding standards going forward.

4. Document your policies. If you don't have written AI governance policies, build them. If you have legacy model risk policies built around SR 26-2 (which superseded SR 11-7 in April 2026), assess whether they need to be expanded to cover the broader AI scope these frameworks require.

5. Assess your fair lending exposure. Review AI systems that touch credit decisions, pricing, or borrower communications with fair lending considerations in mind, particularly given the continued availability of disparate impact claims under the Fair Housing Act.

Questions You Should Be Able to Answer

Mortgage executives find it useful to translate requirements into the questions an examiner or GSE reviewer is likely to ask. Here is a working list:

• What AI systems are currently used in origination and servicing?

• Which vendors provide those capabilities?

• What AI capabilities have been introduced by vendors since their initial onboarding or approval?

• Who internally owns each AI system from a risk and governance perspective?

• How are model changes by vendors monitored and reviewed?

• How is bias assessed and documented across AI-enabled processes?

• What controls exist for third-party AI providers?

• How would you demonstrate your governance program to Fannie Mae or Freddie Mac upon request?

If your team can answer these questions clearly and consistently, your program is in reasonable shape. If the answers are unclear, inconsistent, or dependent on a single person's knowledge, that is where to focus.

The Bigger Picture

These GSE frameworks don't exist in isolation. State-level AI regulations are also emerging across the United States, and the EU AI Act's high-risk provisions, which classify credit scoring as a high-risk use case, take effect in August 2026. The regulatory environment around AI is consolidating, and mortgage lending sits at the intersection of several of the most active vectors.

What Fannie Mae and Freddie Mac have done is translate years of regulatory expectation into a concrete, enforceable obligation. The question now isn't whether AI governance matters in mortgage lending. It clearly does. The question is whether your organization has the infrastructure to demonstrate it.

The Fannie Mae deadline is August 6. That is enough time to make meaningful progress, but not enough time to wait.

The organizations that move now will have time to build a sustainable governance program. Those that wait may find themselves scrambling to inventory and govern AI under a regulatory deadline.

Whether you build internally or leverage third-party tools, the next 60 days are a good opportunity to validate that your AI inventory, governance framework, and vendor oversight processes are aligned with the new GSE expectations. If you're working toward the August 6 deadline and would like to compare notes on approaches we're seeing across the industry, feel free to reach out.

Sources

• Freddie Mac Guide Bulletin 2025-16 — Section 1302.8, effective March 3, 2026

• Fannie Mae Lender Letter LL-2026-04 — Governance Framework for Use of AI and ML, effective August 6, 2026

• Federal Reserve SR 26-2 — Revised Guidance on Model Risk Management (April 2026, supersedes SR 11-7)

• Fair Housing Act — U.S. Department of Justice

• EU AI Act — Official EU AI Act Resource