AI Governance Tiered Model — Eskube Internal Brainstorm

Part I

The Three Layers of AI Usage

AI usage within an organization falls into three layers of increasing criticality. Each layer carries different risks, requires different controls, and activates different standards. The layers are not static — usage migrates between them over time.

Lower criticality Higher criticality

Layer 1 Individual Support Use

Drafting emails, documents, plans General Q&A and research Not directly influencing project outputs Includes ambient AI features (autocomplete, AI search)

Day-to-day activities where any employee uses AI for general support. The output is typically not a formal work product and has marginal or no influence on project-specific outcomes. The primary risk is data governance — what information (confidential, personal, NDA-protected) flows into external AI systems.

click to edit

Scope: This layer is cross-tool and cross-activity. It encompasses any use of AI for day-to-day support tasks — filling documents, helping create plans, answering questions, summarizing information. It is wide and perpendicular to the other layers: it touches every role and every department.

Includes ambient AI: Features embedded in existing tools (email auto-suggest, IDE autocomplete, AI-enhanced search engines) that employees may not consciously think of as "using AI" but which still involve data flowing to external systems. These should be identified in the organizational AI policy as part of the toolchain inventory.

Primary risks: Data leakage of confidential, personal, or NDA-protected information. Feeding proprietary data into third-party AI systems without awareness. Privacy violations (GDPR, personal data of employees or external parties). No direct safety impact on project work products, but organizational/legal exposure.

Key distinction from Layer 2: The output does not become a formal work product or directly influence project-specific technical decisions. The moment an AI-assisted draft becomes an actual deliverable with minimal modification, or the AI is used for technical judgment, it migrates to Layer 2.

Standards primarily involved: ISO/IEC 42001 (AI policy, roles, data governance), ISO/IEC 23894 (organizational risk management for AI), plus external privacy regulations (GDPR, etc.). ISO 26262 is not directly activated at this layer except through general organizational requirements in Part 2 (safety culture, competence).

42001 A.2, A.3, A.4 23894 + GDPR / Privacy

↓ Silent drift — often unnoticed

Layer 2 Individual Productive Use — "Shadow AI"

Technical work: engineering, design, safety analysis Output directly influences project quality / safety Self-built tools (scripts, prompt chains) — opaque, personal External AI tools used in personal workflows Often invisible to management

A qualified person (engineer, designer, project manager) uses AI as a personal productivity enhancer for their core technical work. The output directly influences project deliverables or organizational decisions. This is the highest-risk layer because it combines direct safety impact with low visibility.

click to edit

Two sub-categories:

2a — Self-developed tools: An employee creates their own AI-powered tool (a script, a prompt chain, a local application) that does specifically what they need in their own way. These tools are typically undocumented, not shareable, and incomprehensible in their intermediate steps without the creator's explanation. They are effectively personal black boxes that produce outputs consumed by the project.

2b — External tools in personal workflows: An employee uses a commercial AI tool (ChatGPT, Copilot, domain-specific tools) in a personal way — defining their own interaction patterns, deciding how the output should look, how the task should be executed. The tool itself may be known, but the specific usage pattern is personal and undocumented.

The "Shadow AI" problem: Both sub-categories share a critical property: they are very often invisible to responsible managers higher in the hierarchy. A team lead may not know that their senior engineer is using AI to draft software safety requirements. A project manager may not know that test cases were generated by an AI tool. This invisibility is the core risk — it means the organization's safety evidence chain is unknowingly dependent on unqualified, uncontrolled AI outputs.

Specific risks: Introduction of bias, hallucinated content, or subtly wrong technical information into safety-relevant work products. Error propagation through downstream V-cycle phases (a flawed AI-generated requirement leads to flawed design, implementation, and tests — all of which may "pass" because they're consistent with the flawed source). Breaking the traceability chain that ISO 26262 safety cases depend on. AI-generated errors are different from human errors: they tend to be plausible-sounding, internally consistent, and systematically biased rather than random.

Why detection is hard: Traditional tool qualification assumes someone declares a tool for qualification. Layer 2 tools are never declared because the user doesn't think of a prompt chain or personal workflow as a "tool." Detection requires a combination of governance controls (policy requiring declaration), process controls (work product traceability, AI usage questions in reviews), and IT controls (approved tool lists, network monitoring).

Standards primarily involved: ISO 26262 Part 8 Cl.11 (tool qualification — the tool is being used even if undeclared), Part 2 (confirmation measures, safety culture). ISO/IEC 5469 (AI-specific V&V challenges, systematic failure modes). ISO/IEC 42001 (reporting of concerns A.3.3, human oversight A.9.3). ISO/IEC 5338 (audit trail requirements for safety-related AI). ISO/IEC 23894 (risk identification for AI usage).

26262 Pt.8 Cl.11, Pt.2 TR 5469 Cl.6, 9 42001 A.3.3, A.9.3 5338 §6.3 23894

↕ Deliberate promotion — requires qualification

Layer 3 Shared / Organizational AI Tools

Shared within team, across teams, or organization-wide Requires validation, IT integration, access management Internal or external (vendor-provided) tools Distinction: built-with-AI vs. operates-with-AI at runtime May need tool qualification per ISO 26262 Part 8

A tool that is officially deployed and shared. It requires proper development rigor, validation, user training, IT integration, and cybersecurity controls. A critical sub-distinction exists between tools that were built using AI but produce deterministic outputs, versus tools that use AI at runtime to generate outputs — the latter triggers significantly stricter requirements.

click to edit

Deployment scope options: Team-level (shared within a development team for specific project activities), cross-team (shared between teams, e.g., a requirements management AI tool), organization-wide (enterprise deployment for supporting activities, management decisions, HR, etc.).

Origin options: Internally developed (created/refined using AI, tested, validated, and deployed to users) or externally provided (vendor tool deployed in the organization/project). Both must meet the same governance requirements, but external tools introduce additional vendor dependency challenges.

Critical sub-distinction — nature of AI involvement:

3a — Built-with-AI, operates deterministically: The tool was developed using AI assistance (e.g., code generation, architecture suggestions) but once deployed, each step produces deterministic output from given inputs. The AI was a development tool, not a runtime component. Tool qualification follows a more traditional path — focus is on validating the final deterministic behavior.

3b — Operates-with-AI at runtime: The tool uses AI models during execution to generate outputs from inputs. This is fundamentally different because: output is non-deterministic, the AI model may be updated by the vendor, the internal reasoning is not fully transparent. This triggers the most restrictive regime: explainability is required, step-by-step understanding of what the tool does must be achievable, AI parameters and outputs must be controllable. Either a qualified human must review/verify every output (confirmation measures per ISO 26262), or the tool itself must be qualified to ensure output reliability meets a sufficient confidence level with acceptably low risk of wrong/unexpected outputs.

Requirements for all Layer 3 tools: Stable, validated, documented. Usage must be intuitive or supported by proper instructions/training. IT integration with cybersecurity controls, access management, version control. Compliance with organizational AI policy. Proper user training. Change management for updates.

Specific risks vs. Layer 2: Gained: visibility, controllability, documentation, consistent behavior. New risks: training burden (users must learn to use the tool correctly — incorrect use of a qualified tool can still produce wrong results), maintenance obligation (the tool must be kept current, patched, monitored), broader impact scope (a defect in a shared tool affects all users/projects simultaneously), integration complexity, and for 3b tools: the ongoing qualification challenge when models update.

Standards primarily involved: ISO 26262 Part 8 Cl.11 (tool qualification — full framework: TI, TD, TCL classification, qualification methods), Part 2 (confirmation measures for outputs). ISO/IEC 42001 (A.4.4 tooling resources, A.6 AI system lifecycle, A.9 use documentation, A.10 supplier management). ISO/IEC 5338 (full AI lifecycle processes). ISO/IEC TR 5469 (AI tool qualification for functional safety, V&V techniques, explainability, usage levels). ISO/IEC 23894 (risk management for AI tools). ISO/PAS 8800 (boundary reference for automotive AI).

26262 Pt.8 Cl.11, Pt.2, Pt.10 TR 5469 Cl.6–9 42001 A.4, A.6, A.9, A.10 5338 full lifecycle 23894 PAS 8800

Standards color key

ISO 26262

ISO/IEC 42001

ISO/IEC 5338

ISO/IEC TR 5469

ISO/IEC 23894

ISO/PAS 8800

Part II

Discussion Topics & Open Work Items

Ten interconnected topics identified during brainstorming. Each requires further development — depth priority indicates where to focus first. All editable text sections can be clicked to modify directly.

01 Layer Definition & Classification Criteria Depth: High

Formal definitions for Layers 1, 2, 3 and their sub-categories Concrete criteria to classify any AI usage instance into a layer Sub-distinctions: ambient AI in L1; self-built vs. external in L2; built-with vs. operates-with AI in L3 Foundation for the entire governance framework — everything else depends on this

42001 A.2.2, A.3.2, A.4.2–A.4.4, A.9.3 5338 Fig.2 lifecycle stages TR 5469 Cl.6 Table 1 usage levels

click to edit

ISO/IEC 42001 provides the organizational scaffolding for classifying AI usage: AI policy requirements (A.2.2), role allocation (A.3.2), resource documentation including data and tooling (A.4.2–A.4.4), and objectives for responsible AI use (A.9.3) together define what the organization must document and govern about its AI usage.

ISO/IEC 5338's lifecycle stages model (Figure 2: Inception → Design → Verification → Deployment → Operation → Continuous Validation → Re-evaluation → Retirement) helps distinguish where in the process AI is being used — a key factor in classification.

ISO/IEC TR 5469 introduces usage levels of AI technology (Table 1 in Clause 6) that classify AI by its final impact on the system. This maps closely to the layer concept: different usage levels trigger different safety assurance requirements. The classification considers whether AI technology forms part of a safety function, supports safety analysis, or is used in development tooling.

Gap to fill: None of the standards provide a ready-made "decision tree" for classifying real-world AI usage into governance tiers. Our model needs to synthesize the abstract standard requirements into concrete, actionable classification criteria that a project manager can apply.

02 Reclassification Triggers (Layer Transitions) Depth: High

Silent drift L1→L2: support use becomes technical work product Deliberate promotion L2→L3: personal tool becomes shared/official Degradation path: unmaintained L3 tool reverts to uncontrolled state Gate reviews as control points — add AI-specific checklists to existing confirmation measures Lessons learned reviews should include AI usage as a standing topic

26262 Pt.2 §6.4.10 confirmation reviews, §6.5.3 safety plan 26262 Pt.2 Annex B safety culture / lessons learned 42001 A.2.4 policy review, §9.3 management review 5338 §6.4.14 continuous validation Model-specific — original contribution

click to edit

The standards provide review mechanisms but don't specifically address layer migration. ISO 26262 Part 2's confirmation measures and safety planning give us the gate structure where reclassification checks can be inserted. During phase gate reviews and milestone checks, an additional AI-specific checklist should be followed, for example: "Has anyone used AI to work on, develop, or create any of the work products under review?", "Was the AI tool internally developed?", "Was it used/shared by multiple people in the team or by other teams?"

ISO 26262 Part 2 Annex B's safety culture guidance explicitly calls for continuous improvement and lessons learned as integral to all processes. This directly supports making AI usage a standing topic in lessons-learned reviews — organizations should systematically capture how AI was used in each project phase and what issues emerged.

ISO/IEC 42001's review mechanisms (A.2.4 AI policy review at planned intervals, management review per Clause 9.3) provide the organizational review cadence. ISO/IEC 5338's continuous validation process (6.4.14) provides a lifecycle-aware review mechanism.

Original contribution needed: Specific trigger definitions (what event causes reclassification), the AI-specific checklist items for gate reviews, and the process for promoting/demoting tools between layers. This is where our model adds the most original value.

03 Shadow AI Detection & Mitigation Depth: High

Three control layers: governance (policy), process (traceability/declaration), IT (approved tools/network) Layer 2 is invisible by definition — users don't self-identify as "using a tool" Biggest risk when functional safety, cybersecurity, and SOTIF are involved Makes existing V&V and confirmation measures even more critical as safety nets

42001 A.2.2 policy, A.3.3 reporting, A.9.3 human oversight 5338 §6.3 audit trail for safety-related AI 23894 risk identification 26262 Pt.2 Annex B safety culture IT controls → 21434 (future scope)

click to edit

Governance layer: ISO/IEC 42001 provides the foundation — AI policy (A.2.2) must guide all AI usage, roles and responsibilities must be allocated (A.3.2), and a process for reporting concerns must exist (A.3.3). The policy must explicitly address what AI usage is permitted, what must be declared, and what is prohibited.

Process layer: ISO/IEC 5338 emphasizes audit trails for safety-related AI systems, including data provenance, model traceability, and decision documentation. This must be extended to cover not just AI systems being developed but AI tools being used in the development process. Work product traceability, toolchain identification including AI detection, and clear methodology descriptions in processes are needed.

IT control layer: This is less covered by the standards in scope and falls more into cybersecurity territory (ISO 21434, currently out of scope but designed to extend naturally). Practical measures include: approved AI tool lists, network-level monitoring of AI service usage, endpoint controls, and data loss prevention systems.

Safety culture connection: ISO 26262 Part 2 Annex B's safety culture table is remarkably relevant. It contrasts organizations where processes are ad-hoc and implicit versus those with defined, traceable, controlled processes. It flags "groupthink" and suppression of dissent as poor safety culture indicators. Applied to shadow AI: an organization where employees fear disclosing AI usage (because it might be seen as "cheating" or "not doing their job") has a safety culture problem. Disclosure must be encouraged, not penalized.

Interaction with functional safety: Shadow AI is where the biggest risk hides. The safety evidence chain (ISO 26262's core assurance mechanism) assumes that every work product is traceable, reviewable, and produced by qualified people using qualified methods. Undeclared AI breaks this silently. Error propagation is the key danger: an AI-introduced flaw in early-phase work products (e.g., requirements) can survive all downstream V&V because tests verify against the flawed requirement, not against the actual need.

04 Criticality Axis (V-cycle Phase × ASIL × Activity Type) Depth: Medium

Second axis beyond layer classification: what is the AI being used for? Distinguish V-cycle activities from supporting/general project activities Within V-cycle: criticality increases with project advancement (fewer downstream checks remain) ASIL level of affected safety requirements modulates the risk

26262 Pt.2 Table 1 confirmation measures × ASIL 26262 Pt.8 Cl.11 TCL vs. ASIL TR 5469 Cl.9 AI-specific V&V challenges

click to edit

The same AI tool used in different contexts has vastly different risk profiles. An engineer using AI to format meeting notes (supporting activity) vs. using AI to derive software safety requirements (V-cycle core activity at ASIL D) cannot be governed the same way.

V-cycle phase progression: A critical insight is that AI usage becomes more dangerous as the project advances through the V-cycle. Using AI in early concept phases (hazard analysis, safety concept) is less critical because multiple subsequent verification layers exist to catch errors. Using AI in late phases (final validation before tape-out, safety case argumentation) is much more critical because fewer — or no — subsequent checks remain to catch AI-introduced errors.

ISO 26262 Part 2 Table 1 already defines which confirmation measures apply at which ASIL level, with which independence requirements. Part 8 Clause 11 considers the ASIL of safety requirements that could be violated if a tool malfunctions when classifying Tool Confidence Level. These existing mechanisms map well to the criticality axis.

ISO/IEC TR 5469 Clause 9 makes a critical observation: for AI-based systems, standard verification and validation is undermined because the function behavior progressively moves away from rigorously tested, deterministic behavior. This directly supports the argument for increasing scrutiny of AI usage in later V-cycle phases.

Needed: A concrete mapping — "at this V-cycle phase, with this ASIL, AI usage at Layer X requires these specific controls." This is a matrix that the standards support structurally but don't populate for the AI case.

05 Tool Qualification Adaptation for AI Depth: Very High

Part 8 Cl.11 TCL framework designed for deterministic tools — AI breaks the model Non-deterministic output, prompt-dependent behavior, version instability Part 10 alternative: boost TD to achieve TCL1 (avoid qualifying the tool, add process checks) Which AI standards fill the gap that Part 8 can't cover alone? Most technically novel contribution of the model

26262 Pt.8 Cl.11 (TI/TD/TCL, Tables 4–5) 26262 Pt.10 Cl.13 alternative approach TR 5469 Cl.6, 9, Annex A (extended measures) 42001 A.4.4 tooling resources 5338 lifecycle processes for AI tools

click to edit

ISO 26262 Part 8 Clause 11 provides the full traditional tool qualification framework. Tools are assessed for Tool Impact (TI: can a malfunction introduce or fail to detect errors?) and Tool error Detection (TD: can errors be detected/prevented?). These combine into a Tool Confidence Level (TCL1/2/3). TCL2 and TCL3 require qualification via one or more methods: increased confidence from use, evaluation of development process, validation, or development per a safety standard.

The AI problem: This framework assumes deterministic tools with stable, characterizable behavior. AI tools fundamentally break this: output varies with prompt wording, the model's internal state is opaque, there's no stable "function" to validate, and the tool may behave differently after a vendor update. "Increased confidence from use" is questionable when the same input can produce different outputs. "Validation" is challenging when you can't define expected outputs for all use cases.

The Part 10 alternative path: ISO 26262 Part 10 Clause 13 describes an alternative: instead of qualifying the tool, increase the probability of detecting erroneous tool outputs by adding process measures (review of tool output, additional test steps, checks by subsequent tools). This reduces TD to TD1, achieving TCL1 without direct tool qualification. This is highly relevant for AI tools — instead of trying to qualify the AI itself, qualify the human review process that checks its outputs.

What 5469 adds: ISO/IEC TR 5469 explicitly acknowledges that AI technology is not covered by mature functional safety standards and that continuous model improvement undermines V&V. It provides an extended catalogue of measures for AI-specific systematic failures (Annex A) and addresses transparency, explainability, and verification techniques for AI systems (Clause 9). This is the bridge between the traditional Part 8 framework and the AI reality.

Key question to resolve: What does "increased tool error detection" mean concretely when the tool output is a generated requirement, a generated test case, or a design suggestion? We need to define specific TD measures for each type of AI tool output in the safety lifecycle.

06 External Tool / Vendor Dependency Depth: High

Organization can qualify its use but not the model itself Vendor may update model overnight — qualification invalidated Distinction: vendor allows version/model locking vs. transparent updates Controllable vendor → regression testing with golden dataset at intervals Uncontrollable vendor → full human review of every output

42001 A.10.2–A.10.3 supplier management 42001 B.10.3 supplier guidance 26262 Pt.8 §11.4.2 revalidation on change 26262 Pt.10 Cl.13 re-qualification effort 5338 §5.3 supply chain risks

click to edit

ISO/IEC 42001 A.10.2 and A.10.3 require that responsibilities are allocated between the organization, suppliers, and third parties throughout the AI system lifecycle, and that supplier products align with the organization's responsible AI approach. The implementation guidance in B.10.3 discusses different supplier types, varying risk levels, and the need for ongoing monitoring. Organizations should document how AI system components from suppliers are integrated.

ISO 26262 Part 8 §11.4.2 requires that predetermined tool qualification be re-verified before each project use. §11.4.6.2 requires documenting tool version, configuration, and environment — re-qualification is needed when any of these change. Part 10 Clause 13 explicitly warns about the high re-qualification effort for frequently changing tools.

Proposed two-path approach:

Path A — Controllable vendor: If the vendor or tool setup allows locking the model version and controlling settings, the problem is manageable. Qualification can be performed for a specific model version + configuration. Regression testing using a "golden dataset" (known inputs with verified correct outputs) should be executed before and after any model update to confirm performance stability. Re-qualification is triggered by model/version changes, at defined intervals, and at project milestones.

Path B — Uncontrollable vendor: If the vendor updates models daily with no version control, no notification, and no rollback capability, then tool qualification in the traditional sense becomes meaningless — you'd be qualifying a moving target. In this case, the only reliable approach is mandatory full human review/verification of every AI-generated output before it enters the safety lifecycle. This effectively treats the tool as an unqualified aid and relies entirely on process-level error detection (TD1 approach from Part 10).

ISO/IEC 5338 acknowledges that AI system lifecycle stages can be managed by separate organizations and addresses supply chain risks across organizational boundaries. This supports the need for clear contractual requirements about model versioning, update notification, and qualification support.

07 Shadow AI & Functional Safety Evidence Chain Depth: High

Undeclared AI breaks the traceability/evidence chain ISO 26262 safety cases depend on AI errors propagate downstream: plausible, internally consistent, systematically biased Confirmation reviews must be designed to catch AI-specific error types AI-specific additions needed for existing confirmation review checklists

26262 Pt.2 §6.4.10 confirmation reviews, Annex C guidance TR 5469 Cl.9 AI-specific failure modes 42001 A.9.3 human oversight Model-specific — new checklist items

click to edit

The core risk scenario: A software architect uses AI to help derive software safety requirements from the technical safety concept. The AI introduces a subtle misinterpretation — perhaps mapping a hazard to the wrong ASIL, or generating a requirement that sounds correct but misses an edge case. The architect reviews it, it looks reasonable, it goes forward. Downstream design, implementation, and testing are all based on this flawed requirement. Every subsequent review and test passes because they're testing against the wrong requirement. The defect survives to validation because the source was contaminated invisibly.

Why AI errors are different from human errors: ISO/IEC TR 5469 Clause 9 explains that data-driven models introduce fundamentally different failure modes: what's not in the training data can't be learned, what is in the data is learned but not always perfectly, and incorrect labels are a primary cause of learning errors. Applied to development tools: AI-generated errors tend to be plausible-sounding (they're trained on correct-looking text), internally consistent (the AI hallucinates coherently), and systematically biased (the same blind spots appear repeatedly) rather than random.

ISO 26262 Part 2 Annex C provides detailed confirmation review guidance for each type of work product (HARA, safety concept, integration strategy, safety case, etc.). ISO/IEC 42001 B.9.3 requires human oversight mechanisms including authority to override AI decisions and performance monitoring.

What needs to be added: AI-specific checks for each existing confirmation review point. For example, the HARA confirmation review (Annex C.3) should additionally ask: Was AI used in the situation analysis? Were AI-generated hazardous events cross-checked against domain expertise? Were ASIL classifications independently verified by a human who did not see the AI output first? These additions make the confirmation measures effective as a safety net against AI contamination.

08 Operationalization Format Depth: Medium-High

How to package the model so it's usable by project managers and individual engineers Decision tree: classify usage → identify layer → look up obligations Understandable for both company management and individual employees Clear "when and where the model applies"

42001 PDCA management system structure 5338 lifecycle process structure 26262 Pt.2 safety plan + confirmation scheduling Packaging/design — original contribution

click to edit

The standards provide structural frameworks: ISO/IEC 42001 uses the Plan-Do-Check-Act management system cycle. ISO/IEC 5338 provides lifecycle process structure. ISO 26262 Part 2 provides safety plan structure and confirmation measure scheduling. None of them, however, provide the kind of quick-reference classification and decision tool envisioned for this model.

The operationalization needs to serve two audiences: management (who needs to understand risk exposure, resource implications, and governance obligations) and individual contributors (who need to know "what am I allowed to do, and what do I need to declare?").

Possible formats: A decision flowchart ("Is the output a formal work product? → Is it safety-relevant? → What ASIL? → Is the AI shared or personal? → Here are your obligations"), reference cards per layer, integration into existing safety plan templates, and checklists embedded in gate review procedures.

The goal is something a project manager can use on Monday morning when an engineer says "I've been using ChatGPT to help with the FMEA" — the model should immediately tell them what layer that falls into, what standards apply, and what corrective actions are needed.

09 Organizational Maturity & Scalability Depth: Low (for now)

Build complete model for complex cases first, simplify later ISO 26262 rarely applies fully to very small organizations (<20 people) Important differences: 30–50 people vs. thousands; product type matters Eskube expertise: customization and simplification for deployment

42001 risk-based control selection 5338 process tailoring 26262 tailoring provisions

click to edit

All three primary standards allow risk-proportional application. ISO/IEC 42001 explicitly allows organizations to elect a risk-based approach to ensure appropriate control levels for particular AI use cases. ISO/IEC 5338 notes that organizations can tailor lifecycle processes. ISO 26262 has tailoring provisions throughout.

The strategy is to build the complete model first — viable for very large and complex cases (Tier 1 suppliers with thousands of engineers, ASIL D products, complex distributed development). Then, customization and simplification guidelines can be developed for smaller organizations, lower-ASIL products, and simpler development setups. This is where Eskube's consulting expertise in deploying and customizing processes comes into play.

Deferred to later phase: Customization guidelines are an application/deployment concern. The full model must be correct and complete first.

10 Review Cadence & Change Management Depth: Medium

How often to review layer classifications, tool qualifications, vendor assessments Aligned to project milestones at minimum Vendor update pace may force more frequent reviews Merged with Topics 2 (reclassification triggers) and 6 (vendor dependency)

42001 A.2.4 AI policy review cadence 26262 Pt.8 §11.4.2 revalidation on tool change TR 5469 §8.7 technology maturity monitoring

click to edit

AI tools evolve extremely fast. A layer classification or tool qualification made today may be obsolete in months because the tool gained new capabilities, the underlying model changed, or new tools emerged. The governance model needs a built-in review cadence.

ISO/IEC 42001 A.2.4 requires AI policy review at planned intervals. ISO 26262 Part 8 §11.4.2 requires re-verification of tool qualification when the tool version or environment changes. ISO/IEC TR 5469 §8.7 discusses technology maturity as a risk factor that requires continuous monitoring, noting that even mature technologies need ongoing risk monitoring based on field data.

Minimum cadence: Layer classifications and tool qualifications should be reviewed at every project phase gate/milestone. For tools with controllable vendors, additional reviews should be triggered by model/version updates. For rapidly changing tools, a fixed-interval review (e.g., quarterly) should supplement milestone-based reviews.

This topic is closely coupled with Topics 2 and 6 and should be developed together with them.

Tiered Governance Model for AI Usage in the Safety Lifecycle

The Three Layers of AI Usage

Discussion Topics & Open Work Items