Overview
Severity: MEDIUM | Affected: EU AI Developers | Category: policy
The European Parliament has officially passed the AI Supply Chain Security Act (ASCSA), establishing a new regulatory framework for AI transparency and security. A key provision of the act mandates that developers of high-risk AI systems deployed in the EU must provide an 'AI Bill of Materials' (AIBOM). This document must detail the model’s architecture, training datasets (including data provenance), foundational models it was built upon, and all third-party libraries used in its development and operation. The goal is to create a transparent supply chain, enabling organizations to better assess risks, biases, and vulnerabilities within their AI systems. While major tech companies have praised the move towards standardization, privacy advocates and open-source developers have raised concerns about the compliance burden and the potential for revealing sensitive intellectual property. The act will enter into force following a 24-month implementation period.