COMPEL Glossary / ai-bill-of-materials-ai-bom
AI Bill of Materials (AI-BOM)
An AI Bill of Materials (AI-BOM) is a structured document that catalogs the components, data sources, models, infrastructure, known limitations, and licenses of an AI system.
What this means in practice
Analogous to a Software Bill of Materials (SBOM) for software supply chains, the AI-BOM provides transparency into what an AI system is made of, what data it was trained on, what dependencies it has, and what known risks or limitations exist. The EU AI Act requires supply chain transparency for high-risk AI systems, and AI-BOMs are increasingly expected in enterprise AI procurement as organizations demand visibility into the AI systems they consume. In the COMPEL framework, AI-BOMs are a mandatory artifact for systems assessed under D20 (AI Supply Chain Governance) and are required for all third-party AI procurement.
Why it matters
Without a structured inventory of AI system components, organizations cannot assess supply chain risks, verify compliance with data governance requirements, or respond effectively to incidents involving upstream model or data changes. AI-BOMs enable informed procurement decisions, support regulatory compliance under the EU AI Act and similar frameworks, and provide the foundation for continuous monitoring of third-party AI dependencies. Organizations without AI-BOM practices frequently discover undocumented dependencies only after a vendor change causes a production incident.
How COMPEL uses it
AI-BOMs are a core artifact of the D20 (AI Supply Chain Governance) domain. During Calibrate, organizations assess whether AI-BOMs exist for current third-party AI systems. The Model stage defines AI-BOM templates and procurement requirements. During Produce, AI-BOMs are collected from vendors and maintained as living documents. The Evaluate stage audits AI-BOM completeness and accuracy, and the Learn stage refines AI-BOM requirements based on incidents and regulatory evolution.