How Do CERT-In’s AIBOM Guidelines Affect AI Procurement?

This includes hardware (such as servers, sensors, and GPUs), software (AI models, frameworks, and development tools), data sources, and any other essential elements needed for AI implementation. As part of its technical guidelines, CERT-In suggests that every government, public sector, and essential services organisation must ensure that they maintain an AIBOM for all the systems they use, procure, and develop. 

The nodal agency believes that, at a minimum, an AIBOM should include the origins and sources of the data that an AI company used to train its models. They should also include information about the dataset, such as formats, limitations, and whether the dataset is compliant with privacy and licensing regulations. Further, it should include the specific use cases/scenarios that the AI model is intended for, and also the use cases that the procuring organisation should avoid to prevent misuse or unintended consequences. Other key elements include details of the model’s license, security requirements necessary to protect the model data and user information, and known vulnerabilities or weaknesses.

Potential impact of the AIBOM on procurement processes:

If the government ends up mandating the AIBOM into its procurement process, it could set the tone for similar procurement requirements across the industry, explained Archana Iyer, who is a technology and data protection lawyer. Iyer argued that these AIBOMs could have a range of benefits for the procuring party, one of which could be mitigating the risk of intellectual property (IP)/copyright infringement violations, because they will be able to ensure that the supplier is following through with data licensing requirements on their end.

“From a contractual standpoint, it can help the procuring party implement protections for liability for such violations through their contract. If the supplier does not disclose licensing information in their AIBOM, and a violation happens, you could have grounds to seek indemnity,” she explained. This can help users/deployers ensure that they have done their due diligence by seeking adequate information. 

How much liability the procuring organisation will actually be able to save itself from – be it from copyright/IP violations or the after-effects of cybersecurity incidents – varies based on the contracts they have with the supplier. Iyer explained that based on what sort of disclosures a supplier is willing to make at the time of signing the contract and post that, the procuring organisation can tie those pieces of information to indemnity or other contractual remedies.

Key recommendations on AIBOM implementation:

• The format for the AIBOM should adhere to established standards such as Software Package Data Exchange (SPDX) or CycloneDX, ensuring compatibility and uniformity across the industry.
• All AI suppliers catering to government/public sector should create a vulnerability exploitability exchange (VEX) document after they discover a vulnerability. This document should tell the entity procuring the AI product exactly how the vulnerability affects their system.
• AI developers should integrate their AIBOM data with vulnerability datasets, CERT-In vulnerability notes, threat intelligence platforms, and vendor-specific advisories. This integration ensures real-time visibility into AI system security. 
• Besides the vendor’s AIBOM, CERT-In suggests that the procuring organisations (especially the public sector) should create their own internal version of AIBOMs that match their system components and dependencies.
• Procuring organisations’ cybersecurity teams should use the AIBOM in vulnerability management workflows to proactively mitigate system vulnerabilities. These organisations should also regularly audit the AIBOM process to make sure that it’s accurate and compliant with organisational/regulatory standards.

Besides the recommendations, CERT-In also suggests a series of best practices. This includes encouraging AI companies to foster reproducibility in their AIBOMs by ensuring that others can replicate results and verify AI models, model weights, and configuration settings. Furthermore, an organisation’s initial AIBOM efforts should be focused on high-risk/high-priority models within their AI system. This has the effect of ensuring that the system is secure and compliant. Companies should also keep clear logs of model development, such as tracking model versions, re-training activities, and modifications. 

Advertisements

Why it matters:

As CERT-In says in its guidelines, AIBOMs can help identify potential vulnerabilities within an AI model, enabling procuring organisations to pinpoint weak spots, implement appropriate safeguards, and proactively address potential risks before they can be exploited. They can provide real-time insights into the status of components and materials in the supply chain. Besides this, AIBOMs provide transparency and ensure that stakeholders understand the decision-making processes behind the AI and the data used to train the models. They also allow stakeholders to demonstrate compliance with regulations, industry standards, and ethical guidelines. 

While these are just guidelines, they help set the tone for how the government may think about AI procurement regulation. Previously, the Ministry of Electronics and Information Technology (MeitY) released an AI Competency Framework, which said that government agencies and officials can promote responsible AI by outlining clear requirements and ensuring its implementation. The framework says that government officials should ensure that procured AI systems are unbiased, align with ethical guidelines, and avoid unintended consequences.