An AI Bill of Materials in 2026 is the audit-ready inventory of every model, dataset, training source, evaluation method, and deployment dependency in a production AI system. Most enterprises do not yet ship one; the EU AI Act Article 16 deployer-documentation obligations make it mandatory in scope by 2 August 2026. Six layers belong on the BOM: foundation model + version + provider, training datasets + provenance + opt-out signals, fine-tuning data, evaluation methodology + scores, system prompts + guardrails, deployment dependencies (vector DB, RAG sources, MCP servers, agent orchestrator). CycloneDX-AI is the emerging machine-readable format; SBOM under Executive Order 14028 is the precedent.

Procurement-compliance pillar. Captures 'ai bom' / 'aibom' search volume currently at GSC positions 80-95 (~21 imp/month combined). Cadence 60-day. Trigger conditions: EU AI Act 2 August 2026 enforcement window opening; NIST AI RMF v2 publication; CycloneDX-AI specification milestones; first major enterprise AI vendor publishing an audit-ready AI BOM that resets vendor expectations. Sister claims: AM-018 (EU AI Act compliance scope), AM-038 (Article 12 audit evidence), AM-064 (supply-chain disclosure existing piece). External sources cited inline: artificialintelligenceact.eu, EO 14028 archives, NIST AI RMF site, cyclonedx.org, Datenschutzkonferenz Muss-Liste.