AI systems suffer from insufficient transparency and a lack of open, community-driven standards. Method: This study pioneers the systematic application of action research to AI standardization, extending the ISO/IEC 5962:2021 SPDX specification to develop the AI Bill of Materials (AIBOM) standard—explicitly covering AI-specific artifacts including datasets, models, and training outputs. A four-dimensional co-design approach integrates regulatory alignment, industry use-case mapping, practitioner interviews, and industrial case validation. Contribution/Results: The resulting AIBOM specification is rigorously validated across four dimensions—compliance, practicality, extensibility, and interoperability—and directly supports regulatory frameworks such as the EU AI Act. It establishes a reusable paradigm for standards development and provides both methodological guidance and practical implementation insights for open-source AI governance and software engineering standardization.

Modern software engineering increasingly relies on open, community-driven standards, yet how such standards are created in fast-evolving domains like AI-powered systems remains underexplored. This paper presents a detailed experience report on the development of the AI Bill of Materials AIBOM specification, an extension of the ISO/IEC 5962:2021 Software Package Data Exchange (SPDX) software bill of materials (SBOM) standard, which captures AI components such as datasets and iterative training artifacts. Framed through the lens of Action Research (AR), we document a global, multi-stakeholder effort involving over 90 contributors and structured AR cycles. The resulting specification was validated through four complementary approaches: alignment with major regulations and ethical standards (e.g., EU AI Act and IEEE 7000 standards), systematic mapping to six industry use cases, semi-structured practitioner interviews, and an industrial case study. Beyond delivering a validated artefact, our paper documents the process of building the AIBOM specification in the wild, and reflects on how it aligns with the AR cycle, and distills lessons that can inform future standardization efforts in the software engineering community.