Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Navigating the EU AI Act: A Methodological Approach to Compliance for Safety-critical Products

J. Kelly, S. Zafar, L. Heidemann, J. Zacchi, D. Espinoza, N. Mata

TL;DR

This work addresses how to operationalize the EU AI Act for high-risk, safety-critical AI by introducing an extended AI product quality framework derived from ISO/IEC 25059 and aligned with ISO 25010:2023. It maps Act Articles to AI-specific quality attributes (e.g., transparency, human oversight, data quality) and uses a contract-based validation approach to derive verifiable technical requirements that flow across multi-stakeholder supply chains. The methodology is demonstrated in an automotive TSR use case, illustrating how stakeholder contracts can ensure compliance with Articles related to transparency and human oversight. The proposed approach aims to bridge regulatory demands and quality engineering, enabling safer, more trustworthy AI deployment in complex, real-world supply chains across safety-critical domains.

Abstract

In December 2023, the European Parliament provisionally agreed on the EU AI Act. This unprecedented regulatory framework for AI systems lays out guidelines to ensure the safety, legality, and trustworthiness of AI products. This paper presents a methodology for interpreting the EU AI Act requirements for high-risk AI systems by leveraging product quality models. We first propose an extended product quality model for AI systems, incorporating attributes relevant to the Act not covered by current quality models. We map the Act requirements to relevant quality attributes with the goal of refining them into measurable characteristics. We then propose a contract-based approach to derive technical requirements at the stakeholder level. This facilitates the development and assessment of AI systems that not only adhere to established quality standards, but also comply with the regulatory requirements outlined in the Act for high-risk (including safety-critical) AI systems. We demonstrate the applicability of this methodology on an exemplary automotive supply chain use case, where several stakeholders interact to achieve EU AI Act compliance.

Navigating the EU AI Act: A Methodological Approach to Compliance for Safety-critical Products

TL;DR

This work addresses how to operationalize the EU AI Act for high-risk, safety-critical AI by introducing an extended AI product quality framework derived from ISO/IEC 25059 and aligned with ISO 25010:2023. It maps Act Articles to AI-specific quality attributes (e.g., transparency, human oversight, data quality) and uses a contract-based validation approach to derive verifiable technical requirements that flow across multi-stakeholder supply chains. The methodology is demonstrated in an automotive TSR use case, illustrating how stakeholder contracts can ensure compliance with Articles related to transparency and human oversight. The proposed approach aims to bridge regulatory demands and quality engineering, enabling safer, more trustworthy AI deployment in complex, real-world supply chains across safety-critical domains.

Abstract

In December 2023, the European Parliament provisionally agreed on the EU AI Act. This unprecedented regulatory framework for AI systems lays out guidelines to ensure the safety, legality, and trustworthiness of AI products. This paper presents a methodology for interpreting the EU AI Act requirements for high-risk AI systems by leveraging product quality models. We first propose an extended product quality model for AI systems, incorporating attributes relevant to the Act not covered by current quality models. We map the Act requirements to relevant quality attributes with the goal of refining them into measurable characteristics. We then propose a contract-based approach to derive technical requirements at the stakeholder level. This facilitates the development and assessment of AI systems that not only adhere to established quality standards, but also comply with the regulatory requirements outlined in the Act for high-risk (including safety-critical) AI systems. We demonstrate the applicability of this methodology on an exemplary automotive supply chain use case, where several stakeholders interact to achieve EU AI Act compliance.
Paper Structure (9 sections, 3 figures, 4 tables)

This paper contains 9 sections, 3 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Proposed Methodology: Eliciting high-level requirements from the AIA
  4. Deriving an Extended Quality Model for safety-critical AI Systems
  5. Mapping EU AI Act Articles to the Extended Quality Model
  6. Contract-Based Validation Approach for Quality Attributes
  7. Use-Case Demonstration: Automotive Supply Chain
  8. Discussion
  9. Conclusion

Figures (3)

  • Figure 1: Extended Quality Model for AI products for safety-critical applications.
  • Figure 2: Automotive supply chain demonstrating stakeholder interactions and respective design contracts (DCs) and technical requirements (TRs).
  • Figure 3: Design contracts and technical requirements elicited by the AI Product or Service Provider.