Papers
Topics
Authors
Recent
Search
2000 character limit reached

CEDAR-42001: From ISO/IEC 42001 Conformity to Architecture-Aware, Audit-Visible Assurance Posture for AI Cyber-Physical Systems

Published 19 Jun 2026 in cs.CY | (2606.21276v1)

Abstract: AI-enabled cyber-physical systems (AI-CPS) turn data-driven decisions into physical actions, creating assurance challenges across sensing, computation, control, human oversight, and governance. ISO/IEC 42001:2023 specifies requirements for an artificial intelligence management system (AIMS), but conformity assessment alone does not show which architectural layers are affected, whether practices are mature enough for the risk context, or what actions should follow. We present CEDAR-42001 (Control-Evidence Decision and Action Reasoning), a two-stage method that converts ISO/IEC 42001 audit evidence into an architecture-aware assurance posture traceable to the audit record. Stage A preserves the conformity determination. Stage B adds four outputs to each audit row: (i) attribution to a governance stratum or one of seven AI-CPS layers; (ii) a five-dimensional maturity profile with binding-constraint identification; (iii) a risk-proportionate target maturity; and (iv) a rulebook-derived action recommendation. The enriched rows are aggregated into strategic, operational, and tactical decision products. We evaluate CEDAR-42001 using a synthetic autonomous-fleet AIMS and by comparing conformity-only results with the enriched outputs. Although 89.9 percent of audit rows were conforming, only 34.3 percent of conforming rows reached the baseline High-assurance category; across alternative operationalizations, this proportion ranged from 22.4 percent to 46.2 percent. A retrospective application to the 2023 Cruise robotaxi incident shows how the method captures documented concerns across governance, perception, decision-making, and human oversight and maps them to layer-specific actions. CEDAR-42001 does not estimate exploitability or replace technical CPS-security testing; it identifies where audit evidence warrants deeper technical assurance, organizational improvement, or remediation.

Summary

  • The paper presents a framework that enriches ISO/IEC 42001 conformity with diagnostic fields across architectural layers to deliver actionable assurance for AI cyber-physical systems.
  • It employs a two-stage governance-to-assurance handoff, integrating layer attribution, maturity profiles, and risk-targeted corrective actions for cross-layer deficiency identification.
  • Empirical evaluations reveal a significant gap between standard conformity and high-assurance outcomes, highlighting the need for integrated, architecture-aware diagnostics.

Architecture-Aware Assurance Posture for AI Cyber-Physical Systems: The CEDAR-42001 Framework

Problem Formulation and Motivation

AI-enabled cyber-physical systems (AI-CPS) such as autonomous vehicles, robotics, and industrial control platforms pose assurance challenges spanning sensing, computation, control, human oversight, and governance. ISO/IEC 42001:2023 establishes audit requirements for artificial intelligence management systems (AIMS), yet mere conformity does not attribute governance evidence to specific architectural layers, capture maturity relative to risk, or specify actionable outcomes. This gap is particularly salient when failures propagate cross-layer—as exemplified by the Cruise robotaxi incident—requiring diagnosis and remediation aligned across technical and organizational strata.

The CEDAR-42001 Methodology

CEDAR-42001 operationalizes a two-stage governance-to-assurance handoff. Stage A retains the traditional ISO/IEC 42001 conformity verdict; Stage B augments each audit row with four diagnostic fields:

  • Layer attribution: Governance or one of seven architectural layers (physical, perception, state estimation, middleware, control, application, human oversight).
  • Maturity profile: Five evidence-driven scores (Traceability, Operationalization, Monitoring, Improvement, Cross-layer Integration) mapped via a 17-rule gate to IRDMO levels (Initial–Optimized) with explicit binding constraints.
  • Risk-proportionate target maturity: Assigned from CPS impact and safety/security criticality.
  • Action recommendation: Rulebook-derived corrective, improvement, assurance-strengthening, evidence-acquisition, or sustainment actions.

Rows are then aggregated into strategic, operational, and tactical decision products, enabling architectural granularity and actionable risk management.

Distinctiveness and Implementation

CEDAR-42001 uniquely co-locates conformity, architectural attribution, maturity sufficiency, and action class within a traceable audit row. The separation between assessment instrument (audit question library, coding rubrics, rulebook) and assessment engine (deterministic rule application) ensures reproducibility and extensibility. For each obligation, assessor-coded evidence (source, implementation, scope, severity context, maturity, attribution) triggers deterministic rule-based outcomes.

Evaluation and Numerical Findings

Synthetic Case: Meridian Robotics

Applying the pipeline to the synthetic Meridian Robotics AIMS evidentiary corpus demonstrates row-level representational and processing coverage. Out of 159 audit questions, 143 (89.9%) yielded conformity findings. However, only 49 of these 143 conforming rows (34.3%) achieved baseline High-assurance (mean Monitoring, Improvement, Cross-layer Integration ≥\geq 2.50). Figure 1

Figure 1: Stage~A conformity and Stage~B assurance outcomes in the Meridian fixture. Of 159 assessed rows, 143 were conforming; 49 of those conforming rows reached the baseline high-assurance category.

This discrepancy persists in sensitivity analysis; High-assurance proportions ranged from 22.4% to 46.2% across aggregation thresholds, underscoring the non-equivalence between conformity and actionable assurance. Moreover, maturity and binding constraint heatmaps revealed that Monitoring and Cross-layer Integration were recurrently weak across architectural layers. Major nonconformities distributed across G, L2, L4, and L5 further illustrated diagnosis beyond clause-level grouping.

Cruise Robotaxi Incident Application

Retrospective coding of public records on the Cruise robotaxi incident demonstrated CEDAR-42001’s capability to attribute governance, perception, control, and human oversight deficiencies to their respective AI-CPS layers, supporting differentiated recommendations (disclosure and accountability, perception validation, control-logic definition, intervention and interlock design). Consequently, physical harm at L1 was connected to upstream deficiencies in G, L2, L5, and L7, not reducible to technical or management-system compliance alone.

Implications and Limitations

CEDAR-42001 enables stakeholders to allocate assurance resources based on maturity and architectural localization, providing strategic risk concentration summaries, operational attribution and gap analysis, and tactical action registers. By preserving clause-level conformity while enriching postural diagnosis, it bridges the decision gap between management-system auditing and technical assurance needs. However, CEDAR-42001 neither estimates exploitability nor replaces system-level security testing; it is informational, not causal. The method’s sensitivity to author-defined maturity gates and action templates warrants further multi-assessor operational validation, especially in live AIMS deployments.

Theoretical and Practical Future Directions

CEDAR-42001 establishes traceable artifact-driven frameworks for integrated audit-visible assurance in AI-CPS. Practically, its adoption can enhance resource prioritization, remediation planning, and cross-layer investigation post-incident. Future work should focus on operational validation in production AIMS, refinement of threshold sensitivity, and integration with runtime technical assurance pipelines. Theoretical extensions include formalization of cross-layer propagation models and automated mapping of management evidence to technical vulnerability profiles. The disconnect between conformity and assurance evident in numerical results suggests continued research into maturity-driven governance metrics and their role in regulatory and certification processes.

Conclusion

CEDAR-42001 advances architecture-aware, audit-visible assurance for AI-CPS by translating ISO/IEC 42001 audit records into enriched, actionable postures through deterministic, traceable rule application. Empirical evaluation demonstrates that conformity assessments alone are insufficient to establish high-assurance postures, and that architecture-aware enrichment is essential for nuanced resource allocation and remediation. The method fills a critical gap between management-system governance and technical assurance, supporting decision-making across strategic, operational, and tactical levels, while remaining distinct from technical CPS security assessment.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.