Overview
Severity: MEDIUM | Affected: U.S. Department of Commerce | Category: policy
In a landmark policy shift, the U.S. Department of Commerce, in collaboration with CISA, has issued a new binding directive for all AI models deployed within U.S. critical infrastructure sectors. Effective January 2026, providers must implement robust cryptographic watermarking techniques to ensure the provenance and integrity of their models' outputs. The directive, known as the AI Trust and Provenance Act (ATPA), also mandates the creation of a secure 'Model Bill of Materials' (MBOM) detailing training data sources and architectural details. This move aims to combat the rising threat of sophisticated deepfakes and AI-generated disinformation targeting energy, finance, and healthcare systems. Non-compliant organizations face significant fines and may be barred from federal contracts.