Systems must be designed to perform their intended functions under all foreseeable operating conditions. This requirement applies to the entire system. That’s why we speak of AI-enhanced systems, or systems that include an AI component.The overall design and development of traditional components remain governed by established standards.
As for the AI component, it's true that we can't fully "see into" the black box. It's not deterministic in how it's created—but its results are deterministic. According to FAA classification, it is machine-learned, not machine-learning: once training, testing, and validation are completed in the lab, the neural network’s parameters are fixed. It doesn’t evolve or learn during operation. So when deployed as a software component, it behaves deterministically: given the same input, it will always produce the same output.
The question, then, is how to ensure the machine-learned component works as intended—and what that depends on. The answer lies in three things: 1) properly designed data for training, testing, and validation; 2) a sound learning process; 3) and a well-structured model—the mathematical framework tuned during learning. If any of these are flawed, the system can fail. But all three can be verified.
Together with EASA, we published two research reports that provide mathematical proof of these principles:
Concepts of Design Assurance for Neural Networks (CoDANN), and
CoDANN II. These ideas form the basis of the W-shaped model for Learning Assurance and later contributed to EASA’s guidance for Level 1 and 2 machine learning applications.