8.4 Supply Chain Mapping
Original Problem in the Paper
Paper motivation/open problem: mapping AI supply chains can help policymakers understand the ecosystem involved in AI development and deployment, identify key actors and processes, and target interventions at suitable points in the supply chain. The paper links this to enforcement difficulties for chip export controls on Russia and China and to analyses suggesting that AI chips are likely targets for substantial smuggling operations. Its technical open problem asks for methods to create an auditable log of all actors and their contributions throughout AI development, from data collection to model deployment.
July 2026 Update & Trajectory
Supply-chain mapping is partly specified and operationalized in narrow digital layers: SPDX 3.0 AI/Dataset profiles and AI-SBOM concepts, C2PA AI/ML Content Credentials, model/system cards and training-data documentation, OECD HAIP reports, NIST value-chain actions, and BIS export-control due-diligence guidance. Hardware supply-chain mapping and enforcement remain only partially tractable: BIS guidance and licensing rules address some advanced-computing transactions and entity-parentage issues, but smuggling/diversion risks, data-center/customer due diligence, and multi-jurisdiction semiconductor chokepoints keep the governance problem open. The sources reviewed here do not establish a July 2026 end-to-end auditable log that covers all actors from raw data/minerals/chips through training, fine-tuning, deployment, and outputs.
Deployed / Operationalized
- SPDX 3.0.1 includes AI and Dataset profiles, and the SPDX AI area describes AI-SBOMs as machine-readable knowledge graphs covering software dependencies, models, data assets, prompt templates, agents, licenses/compliance, ethical/security attributes, and audit/lineage use cases.
- C2PA AI/ML guidance describes how Content Credentials can be used for datasets, software, models, training-data partitions, model outputs, hashes, signatures, ingredients, sidecar manifests, fine-tuning/base-model provenance, and model attestations.
- NIST GenAI Profile includes value-chain/component-integration risks and suggested actions for third-party datasets/models, supplier risk assessments, training-data/model documentation, transparency artifacts such as model or system cards, provenance, downstream-actor communication, and incident-response plans that account for the GAI value chain.
- OECD HAIP Reporting Framework invites organisations across the advanced-AI value chain, including developers, deployers, and providers, to report on practices for managing risks and advancing trustworthy AI; submitted reports are published.
- BIS 2026 advanced-computing guidance clarifies that a license is required for advanced-computing items for entities headquartered in, or whose ultimate parent company is headquartered in, Country Group D:5 or Macau even when the entities are located elsewhere; the BIS homepage also states that BIS extended the authorized IC designer timeline to December 31, 2026.
- CSET maps semiconductor chokepoints: U.S. firms dominate AI chip design and EDA; U.S., Taiwanese, and South Korean firms control most sufficiently advanced fabs; and U.S., Dutch, and Japanese firms control semiconductor manufacturing equipment.
New Tractable Vectors
- Build AI-SBOM graphs linking deployed agent outputs to prompt, model version, fine-tune data, base model, libraries, APIs/tools, licenses, vulnerabilities, and supplier attestations.
- Use C2PA manifests, hashes, signatures, ingredients, asset-reference assertions, and sidecar manifests for non-media files to bind assets to provenance claims and detect tampering, while separately validating the truth of asserted provenance.
- Use export-control due-diligence records, customer headquarters/ultimate-parentage, license history, data-center/customer context, and available shipment or device-identification records to prioritize diversion investigations; treat cloud-account telemetry and chip identifiers as research/prototype inputs needing separate legal and technical support.
- Standardize procurement questionnaires and audit trails around NIST value-chain risks, transparency artifacts, supplier risk assessments, and HAIP/OECD reporting fields.
- Trace harmful output root causes through prompt/model/data/agent graphs during incident response.
Key Open Questions
- Physical chip traceability: tamper-resistant identifiers, resale tracking, and privacy-preserving verification across distributors, data-center operators, and end users.
- End-to-end integration of hardware, energy, data, labor, model, software, prompt, agent, deployment, and downstream-output supply chains.
- Confidentiality versus auditability for proprietary training data, model weights, security controls, and customer identities.
- Detecting and preventing circumvention through smuggling, diversion, misrepresented customer or parent-entity information, and hard-to-audit data-center/customer relationships.
- Interoperability among C2PA manifests, SPDX AI/Dataset profiles, model/system cards, training-data documentation, incident-response records, and HAIP or other regulatory-reporting artifacts.