A Crash Program for 27,000 Sites
The federal web is a massive, sprawling archive of legacy systems, broken links, and outdated code. When the executive order launched the National Design Studio (NDS) in August 2025, the mandate sounded simple enough on paper. Update the federal web standards, leverage artificial intelligence to clean up "digital potholes," and completely overhaul all 27,000 federal dot-gov domains inside of three years. To lead this temporary, DOGE-like entity, the administration recruited Airbnb co-founder Joe Gebbia as chief design officer and Gregory Barbaccia as federal CIO. The agency reports directly to the president, bypassing traditional departmental oversight.
Federal IT modernization is where bright ideas go to die. Only thirty percent of federal websites had adopted the U.S. Web Design System (USWDS) by mid-2023. That design system was built back in 2015 to ensure that people with disabilities could actually use government digital services, and that those services would work on a standard mobile browser. But putting design standards into practice across hundreds of semi-independent agencies takes years of dull manual labor. Instead of funding that labor, the new administration dismantled the 18F technology unit and subsumed the U.S. Digital Service into DOGE. The core USWDS staff was gutted, leaving exactly one full-time employee to manage the entire system. In their place is the NDS, an elite design team armed with generative models and a mandate to move fast. It is a classic silicon-valley answer to a bureaucratic problem, and the cracks are already showing.
High Payloads and Six-Toed Graphic Design
The early returns from the NDS look more like a high-concept portfolio draft than working software. Their public-facing landing site, ndstudio.gov, is visually sleek but technically bloated. According to the Architect's Newspaper, the homepage ships close to three megabytes of code. That is an enormous payload for a simple page that contains little more than text and basic headers. For comparison, three megabytes is what you expect from an interactive map or a heavy multimedia feature, not a basic information sheet. Ethan Marcotte, a veteran web designer, pointed out that the site is heavily overbuilt. It completely fails basic ADA compliance. If you are trying to access a federal site on a spotty mobile connection in rural America, a three-megabyte page is a digital wall, not a solution.
When the studio does launch code, detail issues pile up fast. Take TrumpRX.gov, the administration's new drug price comparison tool. While the tool itself is one of the project's few useful offerings, its visual presentation was soured by low-rent generative imagery. One prominent illustration featured a child running toward an American flag. The child had six toes, and the flag was missing its stars. That is what happens when you let a prompt replace a designer. On CIO.gov, a redesign launched by the NDS had to be hastily retracted after hackers and developers on LinkedIn pointed out that the code exposed the site's underlying design system and broke accessibility rules. An NDS team member later boasted on social media that the site was almost entirely generated by internal AI agents. The result looked like it: inconsistent color labels and messy layouts. One critic joked that it looked like code written by "AI with a hangover."
There is also the matter of empty domains. Over the last year, the NDS has gone on a domain registration spree, snatching up live.gov, onlyfarms.gov, aliens.gov, and why.gov. All of these currently redirect to legacy sites, serving as little more than digital placeholders. Even worse, 250.gov—set up to commemorate the nation's semiquincentennial—redirects visitors to a dot-org site rather than a dot-gov domain. That breaks basic security rules for government communications. The NDS has also spent time building vanity projects like merrychristmas.gov, complete with twelve individual pages dedicated to the Twelve Days of Christmas. At one point, ndstudio.gov even hosted a commercial shop selling forty-seven-dollar health posters and four-hundred-dollar collector's edition autographed RFK memorabilia. The store vanished from the site shortly after reporters started asking questions, but it left a lingering question: why is a federal agency using public domains to sell campaign-style merchandise?
Commercial Trackers in the Shadows
The issues with the NDS go beyond bad AI art and bloated code. A recent investigation by The Guardian discovered that four major NDS websites—ndstudio.gov, trumprx.gov, realfood.gov, and trumpaccounts.gov—were running commercial visitor-tracking software. To make matters worse, these trackers were specifically configured to bypass privacy software and ad blockers. For a federal website to track citizens with commercial spyware is a massive breach of trust. It is also flatly illegal.
Under the Privacy Act of 1974 and the E-Government Act of 2002, agencies must publish public filings detailing the data they collect, how long they keep it, and who has access to it. The NDS did none of this. No privacy impact assessments were ever conducted. When the publication contacted the White House for comment, the trackers were quietly removed from all four sites. White House spokesperson Liz Huston insisted that all NDS personnel comply with legal requirements, but she refused to address what happened to the data already collected by those commercial trackers, who has custody of it, or where it is stored.
This lack of transparency makes the studio's territorial expansions even more concerning. The NDS has quietly built alternative, unreleased versions of vote.gov and passport.gov. Under federal law, these domains are managed by separate, officially designated agencies. The NDS version of vote.gov, for example, required users to log in using Login.gov and run a citizenship check against a Department of Homeland Security database before they could even look at registration rules. The congressional commission officially charged with overseeing vote.gov has had no involvement with this mockup. Building shadow voting portals without congressional oversight or transparent privacy controls is an extraordinary overreach.
Silent Resistance and Missed Deadlines
The White House gave federal agencies a firm deadline of July 4, 2026, to share the initial results of their discussions with the NDS. That deadline has come and gone with almost no movement. Legally, the executive order initially required the NDS to work alongside existing agencies to update and deploy the USWDS design system. But that cooperative requirement was quietly dropped from the executive order after the studio ran into immediate bureaucratic resistance.
Agencies are simply refusing to talk to them. A quick look at the public GitHub repository where agencies coordinate on the design system shows a wall of silence. The NDS team sent repeated outreach messages to various departments, but not a single federal agency responded. Instead, developers on federal Slack channels and GitHub issues reported that they had been notified of a "change in direction" and were advised to hold off on connecting with the NDS or adopting their automated blueprints.
Agencies are risk-averse by design. They have to be. A security breach or an accessibility lawsuit can derail a department's budget for years. When a temporary White House unit tells them to scrap their tested design workflows and adopt AI-generated code that ships three megabytes of junk, civil servants do what they do best: they slow-walk the request. They know the NDS mandate only lasts for three years, and they are willing to wait them out.
The Risks of Dynamic Personalization
Despite the pushback, the studio's leadership is pressing forward with even more ambitious plans. Federal CIO Gregory Barbaccia has talked openly about building a unified "digital front door" for all taxpayers. As part of this push, the NDS is preparing to deploy Salesforce-backed AI tools to personalize government websites. The goal is to customize the web experience for individual users based on real-time and historical interaction data.
In a customer-relationship management system for a retail company, that makes sense. In public administration, it is a disaster waiting to happen. If a government website dynamically changes its layout and content based on who is logged in, two citizens looking for the same tax credit or veteran benefit info will see different things. That makes auditing agency guidance impossible. It also breaks the core expectation of public information: that the law, and the instructions for accessing public services, must be identical and predictable for everyone.
If this personalization engine is rolled out on highly trafficked public portals like Recreation.gov—which the NDS has reportedly targeted for its next major overhaul—it could lock out users who rely on stable, static pages. Relying on complex proprietary platforms and dynamic AI generation does not fill digital potholes. It just digs new ones. Without basic security audits, federal design compliance, and a willingness to work within the law, safety and usability will both suffer. Ars Technica has documented how quickly these automated attempts can fall apart under scrutiny, and unless the NDS changes course, the federal web will end up far more fragmented and fragile.
The broader question of how government should govern AI deployment remains unresolved. While the NDS pushes forward with untested personalization tools, experts like cognitive scientist Gary Marcus have called for an FDA-style gatekeeper to prevent unreliable AI systems from causing harm in critical public services. Meanwhile, states like California are forging their own paths with discounted AI procurement deals that prioritize cost efficiency and state-level digital sovereignty over federal restrictions—a model the NDS's top-down approach stands in stark contrast to.