Overview
Severity: MEDIUM | Affected: U.S. Department of Commerce | Category: policy
The U.S. Department of Commerce, through the National Institute of Standards and Technology (NIST), has finalized its 'AI Trustmark' framework, establishing mandatory safety and security standards for high-risk AI systems. Effective September 2025, companies deploying AI in critical sectors like healthcare, finance, and critical infrastructure must undergo rigorous third-party audits to certify their systems against the NIST AI Risk Management Framework. The certification, symbolized by a digital 'Trustmark,' will require proof of robust data privacy controls, adversarial attack resilience, bias mitigation, and model explainability. Failure to comply will result in significant fines and potential operational restrictions. This policy represents a major shift from voluntary guidelines to enforceable regulation, aiming to increase public trust and hold developers accountable for the safety and security of their AI products.