The AI Resilience Gap: Bringing Artificial Intelligence Inside the Operational Resilience Perimeter
Abstract: The rapid adoption of artificial intelligence across regulated firms has produced an extensive governance response oriented around trustworthiness: the EU AI Act, ISO IEC 42001, the NIST AI Risk Management Framework, and the United Kingdom's principles-based approach all address safety, fairness, transparency, and model risk. That response is necessary but incomplete. It does not, on its own, address operational resilience: the continuity of important business services under severe but plausible disruption, the substitutability of AI components, and the concentration of dependency on the small number of firms that supply frontier models. This paper argues that AI adoption creates a resilience obligation that is distinct from, and inadequately covered by, the trustworthy AI stack, and that United Kingdom financial authorities are already closing this gap through the Financial Policy Committee's systemic analysis, the Critical Third Parties regime, and the May 2026 joint statement on frontier AI and cyber resilience. We map the two regulatory logics, identify the structural gap between them, and propose the AI Resilience Framework: a regime-agnostic method for bringing AI dependencies inside the operational resilience perimeter through dependency mapping, a criticality-substitutability tiering, the extension of impact tolerances to AI-specific failure modes, an explicit fallback doctrine, and provider level concentration management. The framework gives chief information security officers, security architects, and boards an actionable route from AI governance policy to demonstrable resilience. This work extends a companion analysis of the United Kingdom cyber resilience regulatory stack into the artificial intelligence dimension.
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.