Overview
Severity: LOW | Affected: NIST | Category: policy
The U.S. Department of Commerce, through NIST, has issued new binding regulations based on the AI Risk Management Framework 2.0, mandating robust AI watermarking and data provenance reporting for companies operating in critical infrastructure. The new rule requires that all generative AI systems used in sectors like finance, energy, and healthcare must embed a persistent, cryptographically signed watermark in their outputs to help track and authenticate AI-generated content. Furthermore, organizations deploying these systems must maintain and be able to produce detailed provenance logs for all training data used in models that make mission-critical decisions. The move is aimed at combating sophisticated AI-driven disinformation campaigns and ensuring the integrity of AI systems in sensitive applications. While lauded by security advocates, the policy has faced pushback from some industry groups citing concerns over high implementation costs and potential impacts on model performance.