?asOf= parameter to see the current catalog state.AI Supply Chain
ai-supply-chain · Frontier safety
The end-to-end pipeline of inputs, intermediate artefacts, and downstream applications by which an AI system is built and deployed — typically decomposed as training data → compute → model weights → fine-tuning → deployment → downstream applications.
Definition & scope
The AI supply-chain framing treats AI development as an industrial value chain in which each upstream stage constrains what the downstream stage can do, and each stage raises distinct governance questions. Training data raises copyright, consent, and bias questions (NYT v. OpenAI, GEMA v. OpenAI, Andersen v. Stability AI). Compute raises export-control and concentration questions (US BIS rules on advanced GPUs to China, the CHIPS Act, the 2024 EU Chips Act). Model weights raise open-vs-closed governance questions (Meta Llama, Mistral, DeepSeek vs. closed frontier labs). Fine-tuning raises capability-elicitation questions (Qi et al. 2023 'Fine-tuning Aligned LLMs Compromises Safety'). Deployment raises monitoring and incident-reporting questions. Downstream applications raise sectoral-liability questions (medical-device AI, automated decision-making in employment). Governance treatment is fragmented across the chain. EU AI Act Recital 60 + Art. 25 introduces explicit value-chain obligations: the GPAI provider and the downstream deployer have different obligations, and contracts must allocate them. US EO 14110 §4.2 targeted the compute stage (Defense Production Act reporting for foundation-model training above the threshold). NIST AI RMF GenAI Profile (NIST AI 600-1, 2024) names 'Value Chain and Component Integration' as one of twelve GenAI risk categories. ASEAN AI Guide §3 treats the supply chain as a 'shared responsibility' across actors. The supply-chain framing is increasingly the unit of governance analysis because chokepoints (compute access, training-data legality, weight distribution) determine where policy levers have purchase.
Use in governance
How instruments operationalise this concept
| Instrument | Jurisdiction | Status |
|---|---|---|
| EU AI Act | EU | in force |
| NIST AI RMF Generative AI Profile | US | in force |
| ASEAN Guide on AI Governance and Ethics | ASEAN | in force |
Appears in topic articles
Editorial note
When citing 'AI supply chain' in policy contexts, name the stage of interest (data / compute / weights / deployment) because governance levers are stage-specific. Confusing stage-level interventions (e.g. export controls on GPUs) with end-to-end claims is one of the most common policy-analysis errors in this domain.
See also
Further reading
Sources on the broader topics this concept relates to — complementing, not standing in for, the primary sources cited inline above. 78 academic & grey-literature sources; catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- Open Foundation Models and TDM Exceptions to Copyright – Building Blocks for an AI Ecosystem Peer-reviewed✦ AIArgues Art. 3 CDSM Directive's scientific-research TDM exception 'does not grant rightsholders any control' and can be a 'safe harbor' for training openly released foundation models without licensing data.
- Geopolitical ecologies of cloud capitalism: Territorial restructuring and the making of national computing power in the U.S. and China Peer-reviewed✦ AIUS and Chinese drives for sovereign AI/cloud dominance depend on reorganizing land, energy and regulatory systems to sustain large-scale national computing power.
- An interdisciplinary account of the terminological choices by EU policymakers ahead of the final agreement on the AI Act: AI system, general purpose AI system, foundation model, and generative AI Peer-reviewed✦ AITraces how the AI Act's legal text shifted across versions among the terms 'AI system, general purpose AI system, foundation model, and generative AI', exposing definitional instability in the regime.
- The EU model of AI governance: regulating artificial intelligence through law and policy Peer-reviewed✦ AIAnalyses how the AI Act's risk-based model handles general-purpose and foundation models whose 'autonomous content generation challenges legal categories of authorship, accountability, and control'.
- Generative AI and data protection Peer-reviewed✦ AIExamines friction between foundation-model training and the GDPR, noting models that 'memorize and leak pieces of training data' cannot be treated as anonymous.
- Defending Compute Thresholds Against Legal Loopholes Preprint✦ AIIdentifies 'enhancement techniques that are capable of decreasing training compute usage while preserving... model capabilities', exposing loopholes in compute-reporting thresholds.
- Copyright and AI in the UK: Opting-In or Opting-Out? Peer-reviewed✦ AIContends the UK opt-in/opt-out framing is a 'missed opportunity'; a broadened research exception plus market-entry transparency and creator remuneration would better serve both innovation and rightsholders.
- Technical Challenges of Rightsholders' Opt-out From Gen AI Training after Robert Kneschke v. LAION Peer-reviewed✦ AIExamines post-LAION practical obstacles to the EU TDM opt-out (robots.txt, machine-readability, memorisation): 'While the TDM exceptions may seem workable in theory, implementing them in practice presents a variety of practical…
- Digital Disintegration: Techno-Blocs and Strategic Sovereignty in the AI Era Peer-reviewed✦ AIArgues states increasingly assert 'strategic digital sovereignty...through selective alliances with firms and other governments,' fragmenting global AI infrastructure into techno-blocs rather than multilateral order.
- GPTs are GPTs: Labor market impact potential of LLMs Peer-reviewed✦ AIFinds around 80% of the U.S. workforce "could have at least 10% of their work tasks affected" by LLMs, which exhibit "traits of general-purpose technologies".
- Computing Power and the Governance of Artificial Intelligence Preprint✦ AIArgues compute is a uniquely governable lever because it is "detectable, excludable, and quantifiable, and is produced via an extremely concentrated supply chain".
- Training Compute Thresholds: Features and Functions in AI Regulation Preprint✦ AIFinds "training compute currently is the most suitable metric to identify GPAI models", but thresholds should only trigger further scrutiny, not determine risk measures alone.
+ 66 more across this concept's topics — see the literature index.
References
The primary instrument sources behind the article's classifications.
Cite this article 8 formats · BibTeX, RIS, APA, Chicago, … · 1-click copy
Persistent identifier: https://policywindow.org/wiki/ai-supply-chain — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here