Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Building an Open AIBOM Standard in the Wild

Gopi Krishnan Rajbahadur, Keheliya Gallaba, Elyas Rashno, Arthit Suriyawongkul, Karen Bennet, Kate Stewart, Ahmed E. Hassan

TL;DR

AI software's reliance on datasets and iterative model lifecycles creates governance gaps for traditional SBOMs; this paper documents an Action Research-driven effort to extend SPDX with an AI Bill of Materials (AIBOM). It reports a global, multi-stakeholder process, defining 36 new fields across AI and Dataset profiles, and validating the artifact through regulatory alignment, industry use cases, practitioner interviews, and an industrial field study. The work provides a replicable blueprint for open standardization in fast-moving domains and outlines a roadmap toward FMware, tooling automation, and ISO/IEC alignment to broaden adoption and interoperability.

Abstract

Modern software engineering increasingly relies on open, community-driven standards, yet how such standards are created in fast-evolving domains like AI-powered systems remains underexplored. This paper presents a detailed experience report on the development of the AI Bill of Materials AIBOM specification, an extension of the ISO/IEC 5962:2021 Software Package Data Exchange (SPDX) software bill of materials (SBOM) standard, which captures AI components such as datasets and iterative training artifacts. Framed through the lens of Action Research (AR), we document a global, multi-stakeholder effort involving over 90 contributors and structured AR cycles. The resulting specification was validated through four complementary approaches: alignment with major regulations and ethical standards (e.g., EU AI Act and IEEE 7000 standards), systematic mapping to six industry use cases, semi-structured practitioner interviews, and an industrial case study. Beyond delivering a validated artefact, our paper documents the process of building the AIBOM specification in the wild, and reflects on how it aligns with the AR cycle, and distills lessons that can inform future standardization efforts in the software engineering community.

Building an Open AIBOM Standard in the Wild

TL;DR

AI software's reliance on datasets and iterative model lifecycles creates governance gaps for traditional SBOMs; this paper documents an Action Research-driven effort to extend SPDX with an AI Bill of Materials (AIBOM). It reports a global, multi-stakeholder process, defining 36 new fields across AI and Dataset profiles, and validating the artifact through regulatory alignment, industry use cases, practitioner interviews, and an industrial field study. The work provides a replicable blueprint for open standardization in fast-moving domains and outlines a roadmap toward FMware, tooling automation, and ISO/IEC alignment to broaden adoption and interoperability.

Abstract

Modern software engineering increasingly relies on open, community-driven standards, yet how such standards are created in fast-evolving domains like AI-powered systems remains underexplored. This paper presents a detailed experience report on the development of the AI Bill of Materials AIBOM specification, an extension of the ISO/IEC 5962:2021 Software Package Data Exchange (SPDX) software bill of materials (SBOM) standard, which captures AI components such as datasets and iterative training artifacts. Framed through the lens of Action Research (AR), we document a global, multi-stakeholder effort involving over 90 contributors and structured AR cycles. The resulting specification was validated through four complementary approaches: alignment with major regulations and ethical standards (e.g., EU AI Act and IEEE 7000 standards), systematic mapping to six industry use cases, semi-structured practitioner interviews, and an industrial case study. Beyond delivering a validated artefact, our paper documents the process of building the AIBOM specification in the wild, and reflects on how it aligns with the AR cycle, and distills lessons that can inform future standardization efforts in the software engineering community.

Paper Structure

This paper contains 20 sections, 2 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Development and Extension of Software Standards
  4. Software Bill of Materials (SBOMs)
  5. Methodology
  6. Working Group Formation
  7. Defining the AIBOM Specification
  8. External Feedback and Public Consultation
  9. AIBOM
  10. Validation
  11. Regulatory and Standards Alignment
  12. Validation against Key Industry Use Cases
  13. Validation based on Practitioner Interviews
  14. Field Validation in Industrial Setting
  15. Standards Development as Action Research
  16. ...and 5 more sections

Figures (2)

  • Figure 1: Overview of AIBOM standard creation process and multi-faceted validation.
  • Figure 2: Overview of SPDX profiles and their extensions for AI and Dataset.