Across the EU, the United States, and financial-services supervision, the same obligation is arriving: account for what your model is, where it came from, and that it was not modified on the way in. Here is how Watchman's evidence maps to each, requirement by requirement.
Regulation (EU) 2024/1689 · Commission enforcement and fines from 2 August 2026
Providers of general-purpose AI models must maintain technical documentation; providers of high-risk systems (Annex III) must keep Article 11 technical documentation, enforceable from 2 August 2026 (models placed on the market before August 2025 have until August 2027). The documentation must account for the model's identity, the bases it was built on, and its known limitations.
If you built on a third-party open-weight base, or you ship a quantized derivative, you must be able to state, and stand behind, what that base was and what you changed. A self-declared lineage line in a document is not evidence.
Watchman independently verifies the lineage claim from the weights, records a hash-pinned identity for the model and its base, classifies any modification, and states the method's limitations in the same report. These are exactly the elements Article 11 documentation is expected to contain.
The Watchman audit report (chain of custody, verdict, classification, limitations appendix) filed in your technical documentation, plus the AI-BOM attestation as the machine-readable lineage record.
FY2026 NDAA → DFARS / CMMC · OMB M-26-04 · NSA AI supply-chain guidance (March 2026)
The FY2026 NDAA directs the Department of Defense to build an AI/ML security framework, flowing into DFARS and the CMMC program, that explicitly covers model weights: verified model registries, integrity checks before deployment, and signing across the model lifecycle. OMB M-26-04 requires federal agencies to move from one-time documentation to continuous accountability, including for supply-chain modifications. NSA's March 2026 guidance extends supply-chain controls to the model layer.
A cryptographic signature proves a file is unchanged since you signed it. It says nothing about whether an unsigned, re-quantized, or re-derived third-party model is what it claims to be, which is the actual intake risk. And "continuous accountability" needs a check you can re-run on a schedule and compare over time.
Watchman is the integrity check before deployment: a deterministic gate with exit codes (0 clean · 2 modified · 1 indeterminate) that runs in your pipeline and produces SHA-256 weight identifiers your registry can pin. Scheduled re-audits give the continuous, comparable record OMB M-26-04 asks for; the per-model intake audit covers NSA's model-layer control.
CI logs showing the integrity gate and its exit codes, the per-release AI-BOM attestation pinned in your verified registry, and the dated series of re-audit reports as the continuous-accountability record.
CycloneDX / SPDX · an enforceable procurement artifact in 2026
AI-BOMs are moving from optional security artifact to procurement requirement. A defensible model entry carries name, version, architecture, a weights identifier, license, and provenance. Registries are beginning to block models that arrive without adequate provenance.
The lineage and provenance fields of an AI-BOM are usually self-declared by the supplier. A procurement team needs a way to verify the entry, not just receive it.
Watchman emits a CycloneDX-style attestation fragment: the model component with its per-file SHA-256 weights identifier, a verified dependency edge to its claimed base, and the audit verdict as a provenance property. It drops straight into your AI-BOM as the verified model entry.
The attestation.cdx.json fragment merged into your model bill of materials. See a real one on the demo page.
OCC / Federal Reserve / FDIC interagency guidance (April 2026)
The April 2026 interagency model-risk guidance reaffirms sound practices for validating third-party and vendor models, including developing an understanding of the model and monitoring it over time. Generative-AI-specific expectations are carved out pending a forthcoming request for information. They are coming, not absent.
Watchman provides independent, reproducible validation evidence for vendor and open-weight models (what changed from the base, where, and of what kind) that slots into a third-party model validation file. It is the evidence pack you will want already on file the day the generative-AI guidance lands.
The full Watchman report with its validation record and limitations, as independent evidence supporting third-party model validation.
Each Watchman audit produces the same artifacts. This is which artifact answers which framework.
| Watchman artifact | EU AI Act | NDAA / DFARS | OMB M-26-04 | AI-BOM | Banking MRM |
|---|---|---|---|---|---|
| SHA-256 chain of custody | ✓ | ✓ | · | ✓ | · |
| Verdict + classification | ✓ | ✓ | ✓ | · | ✓ |
| Localization of the change | ✓ | · | · | · | ✓ |
| Thresholds + validation record | ✓ | · | · | · | ✓ |
| Limitations appendix | ✓ | · | · | · | ✓ |
| AI-BOM attestation (.cdx.json) | ✓ | ✓ | · | ✓ | · |
| CI exit codes (gate) | · | ✓ | ✓ | · | · |
| Scheduled re-audit history | · | ✓ | ✓ | · | ✓ |
Every Watchman report also embeds this mapping inline, so the evidence and the obligation it supports travel together.
Tell us which framework you're preparing for, and we'll show you exactly which Watchman artifacts close the gap.