Score
Organizational policies and technical controls for managing model lifecycle, risk and compliance, including model inventory, validation and testing, versioning, access controls, monitoring for drift and fairness, documentation (model cards), audit trails and incident response to meet regulatory and ethical requirements.
This study addresses the limitations in automation and interoperability arising from tool heterogeneity in Model-Based Systems Engineering (MBSE) and Object Constraint Language (OCL) constraint validation, which often necessitate manual intervention. To overcome this challenge, the work proposes a unified verification framework that, for the first time, integrates the Asset Administration Shell (AAS) into the MBSE domain, combining AAS, OCL, and Model-Driven Architecture principles. This framework enables centralized management of constraints and their verification results while ensuring semantic consistency across tools. The approach significantly enhances the automation of model validation and improves interoperability among heterogeneous engineering tools. Its effectiveness is demonstrated through application in representative industrial scenarios. All artifacts have been open-sourced on GitHub to facilitate reproducibility and broader adoption.
To address interdisciplinary interoperability, variant configuration governance, end-to-end traceability, and cross-organizational collaboration challenges arising from the networked evolution of Systems of Systems (SoS), this paper proposes a lifecycle management framework for Network-Centric Development (NCD). Methodologically, it grounds the framework in Model-Based Systems Engineering (MBSE) semantics and integrates Product Lifecycle Management (PLM) governance, CAD-CAE model synchronization, and closed-loop digital thread/digital twin capabilities. Its core contributions are four foundational principles: (1) reference architecture with a unified data model; (2) end-to-end configuration sovereignty; (3) review-driven model gating; and (4) quantifiable value contribution assessment. Empirical validation across transportation, healthcare, and public-sector domains demonstrates significant improvements in change robustness and model reuse rate, reduced delivery cycles, and enhanced support for sustainability-oriented decision-making.
This work addresses the challenge of silent updates to large language models (LLMs) by service providers, which often occur without version changes and can lead to behavioral drift and functional regressions, while existing mechanisms lack deployment-side control over compatibility governance. Framing LLM updates as a software supply chain governance problem, this study proposes a deployment-side control framework that defines rule-based production contracts, constructs risk-category-oriented test suites, and enforces compatibility gates to validate model safety and performance prior to updates. Experimental results demonstrate that the approach effectively uncovers fine-grained regressions missed by aggregate metrics, while also highlighting critical challenges in test design, threshold calibration, and drift attribution.
This work addresses the lack of traceable and tamper-resistant transparency mechanisms in large language models (LLMs) deployed in high-stakes decision-making contexts, which undermines accountability. To bridge this gap, the paper introduces the first LLM lifecycle auditing framework that integrates technical provenance with governance records. It proposes a reference architecture enabling cross-organizational traceability and implements a lightweight, open-source Python-based auditing layer. By leveraging append-only logs, event emitters, structured metadata, and an auditor interface, the system seamlessly integrates into existing LLM workflows with minimal intrusiveness. This design ensures complete, tamper-evident traceability across critical stages—including training, deployment, and monitoring—thereby facilitating robust accountability and responsibility attribution throughout the model’s lifecycle.
Large language models (LLMs) lack verifiability and regulatory alignment when generating compliance-critical artifacts in safety-sensitive domains. Method: We propose Constraint-Guided Verifiable Generation (CVG), a framework featuring a Unified Meta-Model (UMM) for harmonizing heterogeneous regulatory texts; an Integrated Constraint Model (ICM) enabling dual-layer validation—structural (via GBNF/DFA) and semantic (via SHACL/SMT); and a synergistic prefix-safe decoding mechanism coupled with runtime automata and post-generation validators to embed auditable, traceable regulatory evidence chains. Contribution/Results: CVG innovatively integrates machine-verifiable certificates and violation-driven audit-and-repair directly into the generation pipeline. Evaluated on AUTOSAR automotive software and cross-border judicial workflows, CVG achieves 100% structural conformance, reduces manual correction effort by 72%, and seamlessly interoperates with existing Model-Driven Engineering (MDE) toolchains—delivering, for the first time, high-assurance, auditable, end-to-end compliant LLM-generated artifacts.
This study addresses the challenges posed by the proliferation, complexity, and expanding scope of regulatory requirements in software engineering, which hinder their systematic integration into development processes. To tackle this issue, the paper proposes a viewpoint-centered, artifact-based approach to regulatory requirements engineering. The approach innovatively integrates viewpoint analysis with artifact modeling to develop the AM4RRE (Artifact Modeling for Regulatory Requirements Engineering) framework, which facilitates cross-functional collaboration and ensures consistency in compliance-driven design. Preliminary validation demonstrates that AM4RRE effectively bridges the gap between organizational regulatory processes and software development practices, enabling a shift from ad hoc compliance responses toward systematic integration. This foundational work paves the way for further empirical investigation into scalable and sustainable regulatory compliance in software engineering.
This study addresses the pervasive lack of structural integrity in current AI governance documents, which often fail to meet critical requirements such as traceability, dynamic re-verification, and objective evidence. To bridge this gap, the work systematically adapts structural governance principles from aviation software certification standards (DO-178C/DO-330) and proposes a novel integrity framework tailored for static AI governance artifacts. The framework introduces three key concepts—“epoch constraints,” “proof surfaces,” and “structural gaps”—and establishes the seven-principle PromptQ system. Structural analysis of mainstream governance documents reveals that 37% fall below a basic quality threshold, thereby demonstrating the framework’s effectiveness and practicality in enhancing the rigor and verifiability of AI governance documentation.
Enterprise-scale general-purpose agents lack built-in, reusable governance mechanisms for autonomous cross-tool operation, making it difficult to satisfy requirements for compliance, auditability, and behavioral controllability. This work proposes the CUGA policy system, which embeds runtime governance capabilities into five critical checkpoints of the agent execution pipeline—intent protection, playbook guidance, tool invocation control, human approval gating, and output formatting—through a modular “policy-as-code” architecture. Without requiring model fine-tuning, CUGA enables proactive, continuous, and structured behavior control. By integrating typed governance primitives, dynamic playbook injection, and human-in-the-loop approval, the system effectively blocks malicious requests, enforces structured tool sequences, and triggers manual review for high-risk operations in healthcare scenarios, significantly enhancing policy adherence, execution consistency, and deployment safety.
This study addresses key challenges in ESG reporting—namely unstructured data, inconsistent terminology, and complex regulatory standards—compounded by the absence of automation and dynamic feedback in current workflows. To overcome these limitations, this work proposes the first AI-driven, multi-agent framework for end-to-end ESG lifecycle management, systematically integrating five phases: identification, measurement, reporting, stakeholder engagement, and continuous improvement. The framework enables a shift from static disclosure to adaptive, accountable governance by leveraging large language models within three agent configurations: single-model, single-agent, and multi-agent. It supports automated report generation, cross-validation, multi-version comparison, and knowledge base maintenance. A prototype implementation demonstrates significant improvements in report consistency, accuracy, and adaptability, with code and data publicly released.
This study addresses the challenge faced by production system engineers in automatically verifying production line layouts due to limited knowledge of PDDL and planning theory. To bridge this gap, the authors propose a novel approach based on an Asset Administration Shell (AAS) capability model that natively generates complete PDDL planning problems directly from domain-level descriptions, eliminating the need for PDDL-specific submodels. The method integrates four Industry 4.0 standards—VDI 3682, IEC 61360-1, IDTA 02011, and IDTA 02016—to construct the AAS and employs an extraction algorithm to automatically translate multi-AAS architectures into PDDL domains. In a laboratory case study, the approach enabled engineers to systematically compare four layout variants by modifying only the AAS model, significantly lowering the barrier to adopting automated planning in industrial settings.