The EU Artificial Intelligence Act (AI Act) introduces a comprehensive set of obligations for the development of high-risk AI systems, yet remains largely agnostic on how such requirements should be operationalized, verified, and audited in engineering practice. This paper presents the AI Compliance Methodology Framework (AICMF), a structured and engineering-oriented approach for assessing the conformity of industrial AI systems with the EU AI Act. AICMF turns regulatory obligations into atomic, testable requirements, characterizes target systems through a dedicated compliance profile, and maps requirements to concrete artefacts and verification procedures. Verification outcomes are expressed through partial satisfaction levels and aggregated using a risk-weighted scoring model, supporting compliance assessment under heterogeneous and incomplete evidence. The framework explicitly supports traceability, re-auditability, and lifecycle-oriented verification. A scenario in AI-based legal contract management demonstrates the applicability of AICMF, showing how compliance evidence, corrective actions, and quantitative indicators can be derived from operational data. The results illustrate how AICMF bridges regulatory interpretation and technical verification, contributing an uncertainty-aware compliance engineering methodology suitable for decision support and regulatory validation

An Engineering Methodology for Verifying Compliance with the EU AI Act in Industrial AI Systems

Lomasto Luigi;Lettieri Nicola;Malandrino Delfina;Zaccagnino Rocco
2026

Abstract

The EU Artificial Intelligence Act (AI Act) introduces a comprehensive set of obligations for the development of high-risk AI systems, yet remains largely agnostic on how such requirements should be operationalized, verified, and audited in engineering practice. This paper presents the AI Compliance Methodology Framework (AICMF), a structured and engineering-oriented approach for assessing the conformity of industrial AI systems with the EU AI Act. AICMF turns regulatory obligations into atomic, testable requirements, characterizes target systems through a dedicated compliance profile, and maps requirements to concrete artefacts and verification procedures. Verification outcomes are expressed through partial satisfaction levels and aggregated using a risk-weighted scoring model, supporting compliance assessment under heterogeneous and incomplete evidence. The framework explicitly supports traceability, re-auditability, and lifecycle-oriented verification. A scenario in AI-based legal contract management demonstrates the applicability of AICMF, showing how compliance evidence, corrective actions, and quantitative indicators can be derived from operational data. The results illustrate how AICMF bridges regulatory interpretation and technical verification, contributing an uncertainty-aware compliance engineering methodology suitable for decision support and regulatory validation
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4954435
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact