Overview
Severity: MEDIUM | Affected: EU AI Office | Category: policy
In a significant move to enhance transparency and security, the European Union's AI Office has invoked new powers under the AI Act to mandate an 'AI Bill of Materials' (AIBOM) for all systems classified as 'high-risk'. Effective from September 2025, developers deploying high-risk AI in the EU must provide a comprehensive AIBOM detailing the system's components. This includes the provenance of all training datasets, specifications of pre-trained models used, and a list of open-source libraries and their versions. The goal is to create a transparent supply chain, allowing regulators and customers to assess risks related to data bias, model poisoning, and software vulnerabilities. Non-compliance will result in substantial fines, mirroring the stringency of GDPR. This new requirement is expected to set a global standard for AI accountability and force organizations to meticulously document and vet their AI development lifecycle.