Overview
Severity: MEDIUM | Affected: EU-based AI Developers | Category: policy
The European Parliament has passed the 'AI Model Provenance Act' (AMPA), a landmark piece of legislation aimed at enhancing the transparency and security of high-risk AI systems deployed within the EU. Effective January 1, 2026, the act will require developers of AI systems used in critical sectors like finance, healthcare, and infrastructure to maintain and provide a comprehensive AI Bill of Materials (AI-BOM). This includes detailed information about training data, model architecture, and upstream libraries. Furthermore, the act mandates regular, independent third-party security audits focused on robustness against adversarial attacks, data poisoning, and privacy vulnerabilities. Non-compliance will result in significant fines, potentially up to 4% of a company's global annual turnover. This policy is expected to set a new global standard for AI accountability and force organizations to prioritize security throughout the model lifecycle.