Source: ai-research/claude-blog-claude-for-government.md — Anthropic first-party blog post, claude.com/blog/bringing-claude-code-and-claude-cowork-to-government.
Claude Code and Claude Cowork are now available in public beta inside Claude for Government Desktop — the same application commercial customers use, run inside a FedRAMP High authorized environment. This is the wiki’s first article on Anthropic’s government product line: it covers what launched, the appropriations-friendly billing model, department-level administration, and the security/oversight documentation Anthropic is publishing alongside it.
Key Takeaways
- Same app, same cadence, higher-assurance environment. Agencies get Claude Code and Claude Cowork “on the same cadence as our commercial users” — not a stripped-down or lagging government build. Conversation history stays local on the agency-managed device; inference itself runs inside the FedRAMP High authorized environment.
- Claude Code is pitched at legacy modernization; Cowork at desk work. Claude Code: “build and modernize the software systems that underpin public services.” Claude Cowork: works directly with desktop files so agency staff can delegate memo creation, RFP reviews, casework, and decks.
- Billing is designed around appropriated funds, not standard SaaS seats. Program offices can use standard seats or define custom seat tiers with their own spend and model limits. Usage is purchased in fixed increments with a hard not-to-exceed cap — a mechanic built specifically for how government budgets are appropriated and cannot silently overrun.
- Administration mirrors how agencies are actually structured. Department-level admins allocate seats and prepaid usage down to sub-agencies, each of which manages its own users. SCIM group mappings set rate limits, dollar caps, and allowed models per seat tier; layered configuration sets sub-agency defaults for connectors, feature availability, and steering instructions.
- Oversight is structural, not policy-only. Every administrative action lands in a hash-chained (tamper-evident) audit log reviewable directly in the product. Sensitive operations on Anthropic’s side require two-person approval. Usage exports are metering data only, so agencies can answer ATO (Authorization to Operate) and Inspector General requests without moving sensitive material off their own systems.
- Anthropic is publishing compliance artifacts, not just claiming compliance. A FedRAMP Secure Configuration Guide is public-facing. A formal FedRAMP change notification and a penetration-test summary for the new desktop client are available under NDA through Anthropic’s trust center, with follow-up pentest summaries promised as they become available.
- No separate cloud-provider relationship required. Anthropic remains the contracted and billing party directly — agencies don’t need to route the relationship through a separate cloud vendor to get started.
What launched
| Capability | Detail |
|---|---|
| Claude Code | Build/modernize public-sector software systems, same cadence as commercial |
| Claude Cowork | Desktop file access for memo creation, RFP reviews, casework, decks |
| Data residency | Conversation history stored locally on the agency-managed device |
| Inference environment | FedRAMP High authorized environment |
| Deployment | Standard agency MDM platforms |
Billing and administration model
- Appropriation-aligned spend. Standard seats, or custom seat tiers with agency-defined spend/model limits; usage bought in fixed increments with a hard cap — no ability to silently exceed an appropriated budget.
- Usage visibility. Admin console tracks usage per user and per model; automatic burndown alerts fire before a balance runs low.
- Department-level delegation. Admins allocate seats/prepaid usage to sub-agencies; each sub-agency manages its own users within that allocation.
- SCIM-driven policy. Group mappings set rate limits, dollar caps, and allowed models per seat tier. Layered configuration sets sub-agency defaults for what Claude can connect to, which features are on, and the instructions guiding how Claude interacts with users.
Security and oversight documentation
- Hash-chained audit log for every administrative action, reviewable in-product by org admins.
- Two-person approval required for sensitive operations on Anthropic’s side.
- Metering-only usage exports — agencies can satisfy ATO/IG documentation requests without exporting sensitive material.
- Public FedRAMP Secure Configuration Guide for security teams configuring the desktop deployment.
- Formal FedRAMP change notification (required by FedRAMP for this kind of change) and a penetration-test summary for the new desktop client, both available under NDA through Anthropic’s trust center; further pentest summaries promised as available.
Why it matters
This is the compliance/governance side of the same Cowork product the rest of the wiki covers from a commercial-user angle. The structural details worth noting for any governance-minded reader, even outside government:
- The hash-chained audit log + two-person approval + metering-only exports pattern is a concrete, shipped example of “oversight by design” rather than oversight-as-policy-document — relevant to any enterprise buyer asking what Anthropic-side guardrails actually exist, not just customer-side ones.
- The appropriation-aligned billing (fixed increments, hard cap, burndown alerts) is a generalizable pattern for any organization that needs a spend ceiling that cannot be silently exceeded, not just federal agencies operating under appropriations law.
- SCIM-driven, layered, sub-agency-scoped configuration is the same shape as enterprise identity-provider integration patterns generally — a preview of what “AI governance at department scale” looks like once it’s productized.
Try It
- If evaluating Claude for an agency or a regulated enterprise with similar oversight requirements: request access at
claude.com/solutions/government, and separately request the FedRAMP Secure Configuration Guide and the pentest summary/change notification via Anthropic’s trust center (NDA required for the latter two). - If designing internal AI governance for any organization (not just government): use the appropriation-aligned billing model and the SCIM-driven layered configuration as reference patterns even outside a literal government deployment — both solve the general problem of “spend cannot silently exceed X” and “sub-unit policy should inherit from parent policy but allow overrides.”
Related
- Claude Cowork (Product Overview) — the commercial product this government offering is built on top of; see its enterprise-tier row for the closest commercial analog to this launch
- Getting Started with Claude Cowork — onboarding for the commercial product
- How We Contain Claude — Anthropic’s own containment/oversight practices, a useful comparison point for the audit-log/two-person-approval mechanics here
- Agent Guardrails: Hooks, Permissions, and Sandboxing Patterns — the general guardrail taxonomy this launch’s oversight features are a productized instance of
- Claude for Open Source — another Anthropic access-tier expansion (individual OSS maintainers) launched the same general period, useful contrast in who each program targets
- Claude Partner Network — the channel through which systems integrators (several with public-sector practices) engage Anthropic commercially
- WEO AI Governance — the wiki’s internal governance-program stub; this article’s audit-log and spend-control mechanics are directly relevant reference material
Open Questions
- No pricing is published. The post describes the billing mechanism (fixed increments, hard cap, custom seat tiers) but no dollar figures, unlike the commercial Cowork pricing ladder documented in the product overview.
- Model availability isn’t specified. The post doesn’t name which Claude models (Sonnet 5, Fable 5, etc.) are available inside the FedRAMP High environment, or whether there’s a lag versus commercial model availability.
- Relationship to prior Claude Gov / government offerings is unstated. The post doesn’t reference or reconcile this launch against any earlier Anthropic government-specific product (if one existed) — unclear whether this is a first launch or an expansion of an existing one.
- “Public beta” duration and GA timeline are not given.