An AI Bill of Materials in 2026 is the audit-ready inventory of every model, dataset, training source, evaluation method, and deployment dependency in a production AI system. Most enterprises do not yet ship one; the EU AI Act Article 16 deployer-documentation obligations make it mandatory in scope by 2 August 2026. Six layers belong on the BOM: foundation model + version + provider, training datasets + provenance + opt-out signals, fine-tuning data, evaluation methodology + scores, system prompts + guardrails, deployment dependencies (vector DB, RAG sources, MCP servers, agent orchestrator). CycloneDX-AI is the emerging machine-readable format; SBOM under Executive Order 14028 is the precedent.
Procurement-compliance pillar. Captures 'ai bom' / 'aibom' search volume currently at GSC positions 80-95 (~21 imp/month combined). Cadence 60-day. Trigger conditions: EU AI Act 2 August 2026 enforcement window opening; NIST AI RMF v2 publication; CycloneDX-AI specification milestones; first major enterprise AI vendor publishing an audit-ready AI BOM that resets vendor expectations. Sister claims: AM-018 (EU AI Act compliance scope), AM-038 (Article 12 audit evidence), AM-064 (supply-chain disclosure existing piece). External sources cited inline: artificialintelligenceact.eu, EO 14028 archives, NIST AI RMF site, cyclonedx.org, Datenschutzkonferenz Muss-Liste.
/holding/AM-143/Embed this claimiframe + oEmbed
The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.
Email-me when AM-143's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.
The claim: An AI Bill of Materials in 2026 is the audit-ready inventory of every model, dataset, training source, evaluation method, and deployment dependency in a production AI system. Most enterprises do not yet ship one; the EU AI Act Article 16 deployer-documentation obligations make it mandatory in scope by 2 August 2026. Six layers belong on the BOM: foundation model + version + provider, training datasets + provenance + opt-out signals, fine-tuning data, evaluation methodology + scores, system prompts + guardrails, deployment dependencies (vector DB, RAG sources, MCP servers, agent orchestrator). CycloneDX-AI is the emerging machine-readable format; SBOM under Executive Order 14028 is the precedent.
About this register
The Reporting register tracks claims published from articles addressed to senior enterprise IT leaders — CIOs, IT directors, heads of platform. Claims are reviewed on a 30–90 day cadence; each review either reaffirms the claim, marks one substantive part as Partial, or marks it Not holding once the underlying evidence has been overtaken.
Recent corrections in Reporting
- AM-008 · Partial · 17 Jun 2026
Source-text figure re-review: Google's 2024 Environmental Report reports a 28% year-over-year increase to 8.1 billion gallons, not the 33% (from a 6.1 billion 2023 base) asserted at publish. The 8.1B 2024 figure and the Microsoft WUE 0.30 L/kWh / 39%-improvement figure are unchanged and verified. Article corrected to 28% and the unsupported 6.1B base removed; the claim text retains the original figure with this correction per the Holding-up protocol.
- AM-132 · Partial · 10 Jun 2026
One of four legs unanchored on re-review. The claim text attributes '12% of deployments clearing 300%+ ROI with 88% at or below break-even at 12-18 months' to the Stanford DEL 2026 Enterprise AI Playbook. Full-text verification on 10 Jun 2026 found no such figure in that source: the playbook (Pereira, Graylin, Brynjolfsson, Apr 2026) studies 51 successful deployments by design and contains no ROI distribution, no 300%-plus cohort, and no break-even measurement point (full finding at AM-029, correction of 10 Jun 2026). The only verified figure carrying the same 12/88 numerals is IDC research with Lenovo (via CIO.com, Mar 2025): roughly 88% of AI proof-of-concepts never reach production and roughly 12% graduate — a pilot-to-production graduation metric, not an ROI distribution. The Gartner 28%, McKinsey 23%/17%, and MIT NANDA 95% legs verify; they support a small high-performing tail and a large struggling body, but none documents the two-peak bimodal shape the claim asserts. Status Up -> Partial.
- AM-129 · Partial · 10 Jun 2026
One of three read-against anchors unanchored on re-review. The claim text cites 'Stanford Digital Economy Lab Enterprise AI Playbook (12/88 bimodal ROI distribution at 12-18 months)' and frames the realistic ROI band around 'the highest-discipline 12% cohort'. Full-text verification on 10 Jun 2026 found the playbook contains no 12/88 distribution, no bimodal ROI shape, and no 12-18-month ROI measurement point (full finding at AM-029, correction of 10 Jun 2026). The claim's core negative finding — no mid-market enterprise has produced a documented +240% ROI in 90 days under audited conditions — is unaffected; the McKinsey State of AI 2025 and MIT NANDA legs verify and continue to support it. The '12% cohort' framing has no verifiable referent. The only verified figure carrying the 12/88 numerals is IDC's pilot-graduation finding (roughly 88% of AI proof-of-concepts never reach production; via CIO.com, Mar 2025), a different metric. Status Up -> Partial.
Reviews coming up in Reporting
- AM-063 · Holding · next +9d (27 Jun 2026)
AI agents executing financial transactions need a four-control bundle (action-approval gates by blast radius, kill-swit…
- AM-061 · Holding · next +9d (27 Jun 2026)
Production agentic-AI costs at scale routinely run multiples of POC projections, and a layered optimisation programme c…
- AM-003 · Partial · next +9d (27 Jun 2026)
GPT-5 Pro's tiered-subscription model forces enterprises to classify problems by computational difficulty — $200/month…