The Trump administration’s transition into the White House demonstrated “significant departures” from legal norms that ensure transparency, ethics, and security – and in some cases, put agency data and cybersecurity at risk, a new report unveiled.
The report, from the Center for Presidential Transition, a nonpartisan group run by the Partnership for Public Service, said the Trump administration’s deviation from standards set under the Presidential Transition Act of 1963 – which provides a framework for transition teams, administrations, and federal agencies to work together – created delays for the incoming administration and federal agencies, while driving security risks.
That framework includes memoranda of understanding (MOUs) with multiple federal agencies, including the General Services Administration (GSA), that detail transition support plans and establish the relationship between the outgoing administration and the incoming administration.
Because the Trump administration did not sign the MOU with GSA, the administration relied on “an external, private server instead of switching to government-secured IT infrastructure,” the report noted.
“Agency transition leaders reported an inability to share sensitive information through email because of agency security standards and struggled to verify digital communications from individuals claiming to be transition personnel,” the report stated, adding that instead transition staff would appear in virtual meetings using private domain names.
Not all of those domains – which included @transition47.com and @trumpvancetransition.com – belonged to legitimate staff, making it difficult for agency leaders to ensure they were sharing information with other transition members.
“It was unclear if the domain platforms met government security requirements to share sensitive, unclassified information and there were also concerns about an external server’s vulnerability to cyberthreats,” the report added.
In the future, the Center for Presidential Transition recommended that GSA create a required certification or approval structure that allows incoming teams to use an external platform if they demonstrate that it meets federal cybersecurity standards.
The center also suggested that GSA clarify the types of materials that agencies can share with the incoming administration and specify the appropriate communication channels for sharing that information.
The report also pointed to the use of artificial intelligence (AI) by the Trump administration after it first entered office, noting that “any use of AI by a transition team should comply with legal, IT, security and privacy rules and policies.”
If transition teams rely on external servers, additional protections may be required to keep federal data safe with AI use, the report stated. The center also urged clearer oversight of how AI is used, both by agencies and transition teams, while respecting the teams’ status as non-government entities.
While the Trump administration’s transition into the White House didn’t meet a “gold standard,” the center noted that its breaking of norms and denial of services “calls into significant question whether those norms can or should be reinstituted.”
“It is incumbent on Congress to ensure guardrails of ethics, transparency and security are solidified, while other aspects of transition practice are updated and modernized to encourage candidates to accept them,” the report said, noting that those guardrails will “be particularly essential to ensure a smooth transition in 2028 because of the vast amounts of expertise being lost from government as a result of this administration’s reductions of the federal workforce.”
The report also called for a review and possible revision of transition standards and policies to “keep pace with the ever-changing threats, technology and politics of our modern world” to “ensure security and stability for the American people.”