The regulatory perimeter inside which AI-driven actuation in safety-critical systems now has to operate, and the per-decision evidence the certifier asks for.
Every framework below is enforceable today or about to be. Velma evidence is the format both sides expect.
Sorted by soonest deadline first.
Second wave of mandatory safety technologies (including expanded driver-monitoring, automated emergency braking refinements, and reverse-detection) required on all newly registered vehicles.
Each additional intervention surface adds a new actuation-governance scope.
Expanded scope of ALKS. Higher speeds, lane changes, full traffic conditions. OEMs continue to submit Cybersecurity Management System and Software Update Management System evidence per OTA cycle.
Pulls Level 3 autonomy into the same evidence regime as Level 2, with new audit surface per OTA update.
Member states must transpose the revised PLD into national law. Software, AI systems, and digital services are treated as products. Strict-liability for defects, with reversed burden of proof in many AV / industrial-autonomy scenarios.
Strict-liability exposure on autonomous-system manufacturers and integrators. Tamper-evident decision evidence is the affirmative defense.
Replaces the 1989/2006 Machinery Directive. Covers AI-driven safety functions, autonomous machinery, and robotics, with new conformity-assessment and risk-management requirements.
Industrial autonomy and robotics fall under the same evidence regime as automotive functional safety. CE-marking requires governance proof.
AI used in road vehicles, aviation, and certain industrial safety-critical systems is classified high-risk under Article 6. Article 9 risk-management obligations apply.
Original 2 Aug 2026 deadline deferred by the Omnibus VII provisional agreement (May 2026). Standalone systems now 2 Dec 2027; embedded systems (which captures most automotive and aerospace AI) 2 Aug 2028. Aligns automotive and aerospace AI governance with insurance-grade evidence requirements.
Products with digital elements (including in-vehicle software, autonomous systems, and embedded controllers) must meet essential cybersecurity requirements and provide vulnerability disclosure.
Brings embedded automotive and industrial autonomy under a unified EU cybersecurity baseline.
Full conformity obligations for high-risk AI embedded in safety-critical products (including ADAS, ADS, aerospace, and industrial autonomy) take effect after the Article 111 grandfather window closes.
Original 2 Aug 2027 deadline deferred to 2 Aug 2028 by the Omnibus VII provisional agreement (May 2026). Embedded AI systems lose the legacy carve-out on this date. Evidence-grade governance across the in-service fleet becomes mandatory.
The examiner can cite any of these on first request.
All new vehicles sold in the EU must include driver-attention monitoring, emergency lane-keeping, intelligent speed assistance, and event data recording.
Autonomy-governance evidence is required for each assisted-driving function that can intervene in control.
All new vehicle types sold in EU, Japan, South Korea, and other WP.29 signatories must ship with a certified Cybersecurity Management System and evidence of ongoing risk management.
Vehicles without valid R155 type-approval cannot be sold. Runtime governance evidence fits directly into the CSMS submission.
Mandatory Software Update Management System with documented authorization, verification, and audit for every over-the-air software update.
Adaptive ML updates in the drive stack must produce tamper-evident evidence of safe parameter changes.
Address hazards from functional insufficiencies and reasonably-foreseeable misuse (not just failure) in ADAS and automated driving functions.
Runtime-governance evidence of envelope awareness and bounded authority directly supports the SOTIF argument.
Manufacturers and operators of vehicles with SAE Level 2 ADAS or Level 3-5 ADS must report serious crashes to NHTSA within strict reporting windows.
Evidence-grade incident traceability is non-negotiable. Tamper-evident decision logs answer the SGO directly.
Safety case framework specifically for autonomous products. Covers hardware, software, lifecycle, and operational design domain governance.
Increasingly cited by insurers and procurement officers as a baseline for autonomous product safety claims.
Establishes ASIL-graded development, verification, and production requirements for automotive electrical/electronic systems.
The baseline automotive safety standard. All governance evidence feeds the safety case.
Security risk management for airborne systems. Required by FAA and EASA for type certification of new and modified aircraft.
Aerospace integrators must produce signed evidence of secure-by-design behavior. Runtime governance maps directly.
Five stages. The evidence artifact. Sealed forecasts at horizon. Isometric DFD-0.
Formal safety models, ODD, assurance cases, reviewer briefs.
How we are set up and why the trust structure matters.
Direct line to the inventor. No demo, no deck.
Thirty minutes. Architecture, not sales. On the regulatory surface you already know.
