Instructs the Secretary of Defense to develop a cybersecurity framework for Department of Defense AI and machine learning technologies. Requires tailoring of security requirements in consideration of costs versus benefits and encourages collaboration with private sector and academia.
Analysis summaries, actor details, and coverage mappings were LLM-classified and may contain errors.
This is a binding legislative instrument enacted by the United States Congress as part of the National Defense Authorization Act. It contains mandatory requirements with enforcement mechanisms through federal acquisition regulations.
The document has good coverage of approximately 5-6 subdomains, with strong focus on AI system security vulnerabilities (2.2), malicious actors and cyberattacks (4.2), competitive dynamics (6.4), and AI system robustness (7.3). Coverage is concentrated in security, supply chain risks, and system reliability domains.
This document primarily governs the National Security sector, specifically the Department of Defense's procurement and use of AI systems. It also has implications for Professional and Technical Services, Scientific Research and Development Services, and Information sectors through requirements on contractors that develop, deploy, store, or host AI/ML technologies for the DoD.
The document comprehensively covers multiple AI lifecycle stages with particular emphasis on Build and Use Model, Verify and Validate, Deploy, and Operate and Monitor stages. It addresses security throughout the development and deployment lifecycle, including supply chain risks, training requirements, and continuous monitoring.
The document explicitly covers AI systems and machine learning technologies broadly, with specific focus on highly capable AI systems. It does not distinguish between frontier AI, general purpose AI, or task-specific AI, but addresses AI/ML systems acquired by the Department of Defense comprehensively. No compute thresholds or open-weight model distinctions are mentioned.
United States Congress
The document is Section 1513 of the National Defense Authorization Act for Fiscal Year 2026, which is enacted by the United States Congress as the legislative authority.
Secretary of Defense; Department of Defense
The Secretary of Defense is explicitly designated as the enforcement authority who must develop the framework, amend acquisition regulations, and ensure compliance by covered entities through the Defense Federal Acquisition Regulation Supplement.
Secretary of Defense; congressional defense committees
The Secretary of Defense is responsible for continuous monitoring and incident reporting procedures. Congressional defense committees receive reports on implementation status, providing legislative oversight.
Department of Defense; covered entities (contractors developing, deploying, storing, or hosting AI/ML technologies for DoD)
The document explicitly targets 'covered entities' which are defined as entities that contract with the Department of Defense to develop, deploy, store, or host AI and machine learning technologies. The DoD itself is also a target as it must implement the framework.
6 subdomains (4 Good, 2 Minimal)