Overview
Severity: MEDIUM | Affected: U.S. Department of Commerce & European Commission | Category: policy
In a joint directive, the U.S. Department of Commerce and the European Commission have announced the 'Trans-Atlantic AI Secure Development Framework' (TAISDF). This new regulation mandates that developers of AI systems used in critical infrastructure sectors—including finance, energy, and healthcare—must adhere to strict security protocols. A key provision is the mandatory creation and maintenance of a comprehensive AI Bill of Materials (AIBOM). This AIBOM must detail all datasets used for training, including their origin and preprocessing steps, as well as the open-source libraries, models, and dependencies used in the system. The framework also requires continuous, automated vulnerability scanning and third-party red teaming prior to deployment. The goal is to create transparency and accountability in the AI supply chain, making it easier to track and mitigate vulnerabilities. Enforcement will begin in Q2 2026, with significant fines for non-compliance.