- The paper presents a framework that enriches ISO/IEC 42001 conformity with diagnostic fields across architectural layers to deliver actionable assurance for AI cyber-physical systems.
- It employs a two-stage governance-to-assurance handoff, integrating layer attribution, maturity profiles, and risk-targeted corrective actions for cross-layer deficiency identification.
- Empirical evaluations reveal a significant gap between standard conformity and high-assurance outcomes, highlighting the need for integrated, architecture-aware diagnostics.
Architecture-Aware Assurance Posture for AI Cyber-Physical Systems: The CEDAR-42001 Framework
AI-enabled cyber-physical systems (AI-CPS) such as autonomous vehicles, robotics, and industrial control platforms pose assurance challenges spanning sensing, computation, control, human oversight, and governance. ISO/IEC 42001:2023 establishes audit requirements for artificial intelligence management systems (AIMS), yet mere conformity does not attribute governance evidence to specific architectural layers, capture maturity relative to risk, or specify actionable outcomes. This gap is particularly salient when failures propagate cross-layer—as exemplified by the Cruise robotaxi incident—requiring diagnosis and remediation aligned across technical and organizational strata.
The CEDAR-42001 Methodology
CEDAR-42001 operationalizes a two-stage governance-to-assurance handoff. Stage A retains the traditional ISO/IEC 42001 conformity verdict; Stage B augments each audit row with four diagnostic fields:
- Layer attribution: Governance or one of seven architectural layers (physical, perception, state estimation, middleware, control, application, human oversight).
- Maturity profile: Five evidence-driven scores (Traceability, Operationalization, Monitoring, Improvement, Cross-layer Integration) mapped via a 17-rule gate to IRDMO levels (Initial–Optimized) with explicit binding constraints.
- Risk-proportionate target maturity: Assigned from CPS impact and safety/security criticality.
- Action recommendation: Rulebook-derived corrective, improvement, assurance-strengthening, evidence-acquisition, or sustainment actions.
Rows are then aggregated into strategic, operational, and tactical decision products, enabling architectural granularity and actionable risk management.
Distinctiveness and Implementation
CEDAR-42001 uniquely co-locates conformity, architectural attribution, maturity sufficiency, and action class within a traceable audit row. The separation between assessment instrument (audit question library, coding rubrics, rulebook) and assessment engine (deterministic rule application) ensures reproducibility and extensibility. For each obligation, assessor-coded evidence (source, implementation, scope, severity context, maturity, attribution) triggers deterministic rule-based outcomes.
Evaluation and Numerical Findings
Synthetic Case: Meridian Robotics
Applying the pipeline to the synthetic Meridian Robotics AIMS evidentiary corpus demonstrates row-level representational and processing coverage. Out of 159 audit questions, 143 (89.9%) yielded conformity findings. However, only 49 of these 143 conforming rows (34.3%) achieved baseline High-assurance (mean Monitoring, Improvement, Cross-layer Integration ≥ 2.50).
Figure 1: Stage~A conformity and Stage~B assurance outcomes in the Meridian fixture. Of 159 assessed rows, 143 were conforming; 49 of those conforming rows reached the baseline high-assurance category.
This discrepancy persists in sensitivity analysis; High-assurance proportions ranged from 22.4% to 46.2% across aggregation thresholds, underscoring the non-equivalence between conformity and actionable assurance. Moreover, maturity and binding constraint heatmaps revealed that Monitoring and Cross-layer Integration were recurrently weak across architectural layers. Major nonconformities distributed across G, L2, L4, and L5 further illustrated diagnosis beyond clause-level grouping.
Cruise Robotaxi Incident Application
Retrospective coding of public records on the Cruise robotaxi incident demonstrated CEDAR-42001’s capability to attribute governance, perception, control, and human oversight deficiencies to their respective AI-CPS layers, supporting differentiated recommendations (disclosure and accountability, perception validation, control-logic definition, intervention and interlock design). Consequently, physical harm at L1 was connected to upstream deficiencies in G, L2, L5, and L7, not reducible to technical or management-system compliance alone.
Implications and Limitations
CEDAR-42001 enables stakeholders to allocate assurance resources based on maturity and architectural localization, providing strategic risk concentration summaries, operational attribution and gap analysis, and tactical action registers. By preserving clause-level conformity while enriching postural diagnosis, it bridges the decision gap between management-system auditing and technical assurance needs. However, CEDAR-42001 neither estimates exploitability nor replaces system-level security testing; it is informational, not causal. The method’s sensitivity to author-defined maturity gates and action templates warrants further multi-assessor operational validation, especially in live AIMS deployments.
Theoretical and Practical Future Directions
CEDAR-42001 establishes traceable artifact-driven frameworks for integrated audit-visible assurance in AI-CPS. Practically, its adoption can enhance resource prioritization, remediation planning, and cross-layer investigation post-incident. Future work should focus on operational validation in production AIMS, refinement of threshold sensitivity, and integration with runtime technical assurance pipelines. Theoretical extensions include formalization of cross-layer propagation models and automated mapping of management evidence to technical vulnerability profiles. The disconnect between conformity and assurance evident in numerical results suggests continued research into maturity-driven governance metrics and their role in regulatory and certification processes.
Conclusion
CEDAR-42001 advances architecture-aware, audit-visible assurance for AI-CPS by translating ISO/IEC 42001 audit records into enriched, actionable postures through deterministic, traceable rule application. Empirical evaluation demonstrates that conformity assessments alone are insufficient to establish high-assurance postures, and that architecture-aware enrichment is essential for nuanced resource allocation and remediation. The method fills a critical gap between management-system governance and technical assurance, supporting decision-making across strategic, operational, and tactical levels, while remaining distinct from technical CPS security assessment.