AI Governance Playbook · ADAS
📅 Book Session 🔒 Premium
Enforcement Deadline: EU AI Act for high-risk AI systems — 2 August 2026. Your ADAS team needs a compliance sprint now.
EU AI Act · Regulation (EU) 2024/1689 ✓ Free Edition Updated March 2026

AI Governance Playbook
for ADAS Teams

An engineer-ready compliance framework mapping EU AI Act obligations onto ADAS development workflows — from concept gate to homologation. Free to use. Premium templates available.

🔒 Unlock Premium Start Reading ↓ Jump to Workflow →
Aug 2026
High-risk system enforcement
Art. 9–15
Core ADAS obligations
€35M
Max penalty / 7% global turnover
21-Day
Recommended sprint cadence
Section 01

EU AI Act Overview ✓ Free

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI regulatory framework. For automotive ADAS developers, it introduces mandatory conformity obligations for systems classified as high-risk AI.

⚠️
ADAS teams are directly in scope. Any AI system used for ADAS functions that could affect safety is classified as high-risk under Annex III (§ 3 – Transport). This mandates Technical Files, QMS integration, and post-market monitoring.
🏗️

High-Risk Classification

ADAS AI is listed in Annex III. Providers must register systems in the EU database and complete conformity assessments before market deployment.

📋

Technical Documentation

Annex IV mandates comprehensive Technical Files covering system design, training data, validation methodology, and performance metrics — version-controlled.

📊

Post-Market Monitoring

Article 72 requires continuous monitoring plans. Providers must collect and analyze real-world performance data and report serious incidents to authorities.

🔍

Human Oversight

Article 14 requires high-risk AI to enable human oversight. ADAS systems must include override capabilities and interpretable outputs for driver intervention.

Key Articles for ADAS Teams

Article 9

Risk management system — documented, iterative process covering the entire AI lifecycle.

Article 10

Training, validation, and testing data governance. Data quality, bias identification, labeling traceability.

Article 11 + Annex IV

Technical documentation — must be updated continuously and available to notified bodies upon request.

Article 12

Logging requirements: automatic event logs, tamper-proof, sufficient to trace system behavior in deployment.

Article 13

Transparency and provision of information. Instructions for use must be clear for downstream deployers.

Article 15

Accuracy, robustness, cybersecurity. Systems must be resilient to adversarial inputs and edge cases.

Article 17

Quality management system (QMS) integration. Must cover design, development, testing, and post-market phases.

Typical Compliance Readiness (Industry Baseline)

Risk Management Documentation42%
Training Data Traceability28%
Automated Logging (Art. 12)51%
QMS Integration (Art. 17)35%
Human Oversight Mechanisms68%
Technical File Completeness22%

Source: Estimated from published regulatory readiness surveys, 2024–2025. Values are indicative.

Section 02

Risk Classification ✓ Free

Map your ADAS AI components to EU AI Act risk levels. High-risk systems require full Article 9–17 compliance. Lower-risk components still need minimal documentation.

ℹ️
Under the Act, all AI components that feed into safety-critical vehicle decisions are presumed high-risk unless explicitly scoped out. When in doubt, treat it as high-risk.
ADAS Component AI Type Risk Level Key Obligations Article Refs
Pedestrian / Object Detection
Camera + LiDAR fusion perception		 CNN / Transformer 🔴 Critical High-Risk Full Technical File, FMEA integration, bias testing across demographics & lighting conditions Art. 9–15 Ann. IV
Driver Monitoring System
Drowsiness, distraction, incapacitation detection		 Facial / Gaze AI 🔴 Critical High-Risk Biometric data governance (Art. 10), demographic bias testing, override logging, GDPR alignment Art. 9–15 GDPR
Automated Emergency Braking
Collision prediction and braking actuation		 Sensor Fusion + RL 🔴 Critical High-Risk Scenario coverage evidence, edge case logging, fail-safe documentation, robustness testing Art. 15 Ann. IV §2
Lane Keeping Assist
Lane detection and steering torque control		 Segmentation CNN 🟠 High-Risk Training data diversity, validation evidence, performance metrics across ODD boundaries Art. 10–12
Adaptive Cruise Control
Speed regulation via object distance AI		 Radar ML Model 🟠 High-Risk ODD specification, failure mode documentation, logging of override events Art. 9 Art. 12
Traffic Sign Recognition
Sign classification and speed limit assist		 Image Classifier 🟡 Medium-Risk Dataset documentation, accuracy benchmarks, regional coverage evidence Art. 10–11
Parking Assistance AI
Low-speed automated maneuver		 Spatial Planning 🟡 Medium-Risk Operational design domain documentation, user instruction clarity Art. 13
Predictive Maintenance AI
In-vehicle sensor anomaly detection		 Time-series ML 🟢 Low-Risk Minimal documentation; transparency notice if driver-facing outputs Art. 50

EU AI Act Risk Pyramid — ADAS Components

🔴 Critical
Pedestrian Detection · DMS · AEB
🟠 High Risk
Lane Keeping · Adaptive Cruise Control
🟡 Medium Risk
Traffic Sign Recognition · Parking Assist
🟢 Low Risk
Predictive Maintenance AI

Art. 9–17 obligations apply in full to Critical & High-Risk tiers · Annex III § 3 Transport

Section 03

Documentation Requirements ✓ Free

Article 11 + Annex IV define what must be documented. For ADAS teams, this means machine-readable, version-controlled artifacts — not static PDFs.

🗃️

Model Training Data Description

Art. 10
  • Data sources and collection methodology
  • Dataset size, splits (train / val / test)
  • Geographic, temporal, and demographic coverage
  • Labeling process, annotator qualifications
  • Bias assessment and mitigation measures
  • Data lineage and version tracking
  • Synthetic data usage documentation

Validation Evidence Package

Art. 9, 15
  • Test scenarios and ODD coverage matrix
  • Performance metrics (mAP, recall, F1, AUROC)
  • Edge case & adversarial test results
  • SOTIF analysis linking AI failures to hazards
  • V&V methodology documentation
  • Statistical significance of benchmark results
  • Regression test evidence per release
📝

Logging Requirements

Art. 12
  • Automatic event logging (tamper-proof)
  • Timestamps on all safety-critical decisions
  • System state at time of AI activation
  • Human override events with cause codes
  • Log retention policy (min. 6 months active)
  • Access control and chain of custody
  • Export format for authority audit
📐

Technical File (Annex IV)

Ann. IV
  • System description and intended purpose
  • Architecture diagrams (model + software stack)
  • Risk management documentation (Art. 9)
  • Changes over lifecycle — versioned changelog
  • Conformity assessment approach
  • EU declaration of conformity reference
  • Post-market monitoring plan

What Teams Have vs. What Homologation Asks For

This is the gap most ADAS teams discover late. The left column reflects typical engineering artifacts; the right column shows what a notified body or authority will look for.

📁 What Teams Typically Have

📊
Confluence / Jira tickets
❌ Not structured as Technical File evidence
🧪
Internal benchmark spreadsheets
❌ No statistical confidence intervals or ODD mapping
🗃️
Dataset READMEs in code repos
❌ Missing bias assessment and demographic coverage
📝
Git commit history as changelog
❌ No formal version-controlled risk impact mapping
🔍
Manual QA test reports (PDF)
❌ Not machine-readable or linked to requirements
📡
Vehicle CAN logs (raw)
❌ Not structured for AI system event traceability
GAP ANALYSIS

📋 What Homologation Asks For

Structured Technical File (Annex IV)
✓ JSON schema + version-controlled artifact set
Validated performance evidence with ODD coverage
✓ Linked to Annex IV §2 per scenario class
Art. 10 data governance record
✓ Schema-validated dataset card with bias metrics
Risk-linked change history (Art. 9)
✓ Every change traces to risk register delta
Machine-readable test evidence
✓ CI/CD-integrated validator outputs with audit trail
Art. 12 structured event log schema
✓ Tamper-proof, exportable, timestamped events
🔒  Premium Content — Advanced Compliance Templates

Annex IV Technical File — JSON Schema Template

{
  "$schema": "http://json-schema.org/draft-07/schema",
  "title": "EU_AI_Act_Technical_File_v2",
  "required": ["system_id","intended_purpose","risk_classification"],
  "properties": {
    "system_id":        { "type": "string" },
    "intended_purpose": { "type": "string" },
    "odd_definition":   { "type": "object" },
    "risk_management":  { "$ref": "#/definitions/Article9" },
    "training_data":    { "$ref": "#/definitions/Article10" }
  }
}

Plus: Art. 12 logging schema, CI/CD validator YAML, dataset card template, RACI export formats.

🔒

Advanced Compliance Templates

Full JSON schemas for Annex IV Technical Files, Article 12 logging, dataset cards, and CI/CD validator configs — ready to drop into your repo.

Get Premium Access →
🔒  Premium Content — Art. 12 Logging Schema Implementation

Article 12 Event Log Schema — Production Implementation

{
  "event_id":       "uuid-v4",
  "session_id":     "string",
  "timestamp_utc":  "ISO8601",
  "model_version":  "semver",
  "decision_type":  "enum",
  "confidence":     "float",
  "override_flag":  "boolean",
  "override_cause": "enum|null"
}

Includes:

  • → OpenTelemetry integration guide
  • → Kafka schema registry config
  • → Tamper-proof hash chaining
  • → Authority export script (Python)
🔒

Art. 12 Logging Schema — Full Implementation

Production-ready event log schema with OpenTelemetry integration, Kafka config, tamper-proof hashing, and a Python export script for authority audits.

Get Premium Access →
Section 04

Governance Checkpoints

Embed compliance into your ADAS development stages. Stages 01-02 Free 🔒 Stages 03-05 Premium

01
Concept
ODD & Intent
02
Design
Architecture & Data
🔒
03
Implementation
Training & CI/CD
🔒
04
Validation
V&V Evidence
🔒
05
Release
Conformity & PMM

Stage 01 · Concept Gate Checkpoints

  • 🎯
    Define Intended Purpose & ODD Document operational design domain: geography, speed range, weather, road types. This becomes the scope boundary for all downstream risk assessments.
  • ⚖️
    Classify AI Risk Level Apply Annex III screening. Confirm high-risk classification and trigger full Art. 9–15 obligation plan or document justification for lower classification.
  • 📋
    Open Technical File (Art. 11) Instantiate the Annex IV Technical File template in version control. Assign a document owner and establish update cadence.
  • 👥
    Assign RACI & Compliance Ownership Confirm Accountable party for EU AI Act compliance (typically Safety Lead or Product Owner). Communicate scope to all affected teams.
  • 🔗
    Link to Existing ISO 21448 / ISO 26262 Process Map EU AI Act obligations to SOTIF hazard analysis and functional safety lifecycle. Avoid creating separate documentation silos.
Gate Criterion: Technical File initialized, risk classification approved by Safety Lead, RACI confirmed. These are mandatory before design phase entry.

Stage 02 · Design Phase Checkpoints

  • 🗃️
    Data Governance Plan (Art. 10) Define training, validation, test data sources. Document provenance, licensing, known limitations. Assign data steward role.
  • 🏗️
    Architecture Documentation Capture model architecture, input/output specifications, interface definitions. Include system context diagram in Technical File.
  • ⚠️
    Risk Management Plan (Art. 9) Conduct FMEA/FMEDA with AI-specific failure modes. Document known limitations and mitigations. Link to SOTIF triggering conditions.
  • 🔍
    Bias & Fairness Assessment Plan Identify protected attributes relevant to use case (demographics in DMS, regional variation in perception). Define testing methodology.
  • 📡
    Logging Architecture (Art. 12) Design log schema: event types, data fields, timestamps, storage, retention, access control. Implement in next stage.
⚠️
Common Pitfall: Designing logging as an afterthought. Art. 12 logging must be architecturally integrated — retrofitting is costly and often incomplete.
🔒  Stage 03 — Implementation Checkpoints — Premium Edition

Stage 03 · Implementation Checkpoints

  • 📊
    Dataset Card CompletionFinalize Art. 10 documentation with statistics, coverage maps, labeling quality metrics.
  • 🤖
    Training Run TraceabilityLog experiments with hyperparameters, dataset hash, framework versions, and evaluation results.
  • 🔧
    CI/CD Compliance Validator IntegrationAutomate schema validation in CI pipeline. Block non-compliant merges.
  • 📝
    Activate Art. 12 LoggingDeploy event logging in integration environment. Verify completeness, timestamps, export capability.
🔒

Stage 03, 04 & 05 — Full Detail

Implementation, Validation, and Release checkpoints including CI/CD validator configs, ODD coverage evidence templates, conformity assessment checklist, and PMM activation guide.

Get Premium Access →
🔒  Stage 04 — Validation Checkpoints — Premium Edition

Stage 04 · Validation Checkpoints

ODD coverage evidence, robustness testing (Art. 15), human oversight verification (Art. 14), V&V evidence linking to Technical File.

🔒

Stage 04 — Validation Checkpoints

Full detail: ODD coverage evidence, robustness & adversarial testing guide, human oversight verification protocol, and V&V evidence packaging for your notified body.

Get Access →
🔒  Stage 05 — Release Gate — Premium Edition

Stage 05 · Release Gate Checkpoints

Technical File completeness review, conformity assessment (Art. 43), EU database registration (Art. 49), PMM plan activation, Instructions for Use (Art. 13).

🔒

Stage 05 — Release Gate

Full conformity assessment checklist, EU database registration walkthrough, post-market monitoring activation guide, and a Declaration of Conformity template.

Get Access →
Section 05

Compliance Tools & Integrations ✓ Free

Compliance infrastructure runs in your existing toolchain. These categories cover logging, traceability, ALM integration, and validation.

OpenTelemetry

Vendor-neutral observability framework for structured event logging. Supports trace context for AI decision chains.

Art. 12 Open Source

Apache Kafka + Schema Registry

High-throughput event streaming with schema enforcement. Kafka's immutable log provides tamper-evident event history.

Art. 12 Infrastructure

Custom JSON Schema Logger

Lightweight Art. 12-aligned event schema: timestamp, session_id, model_version, decision_type, confidence, override_flag.

Art. 12 Lightweight

CI/CD Compliance Validator

GitHub Actions workflow that validates Technical File JSON schemas on every commit.

🔒 Premium

MLflow

Open-source ML experiment tracking. Logs parameters, metrics, artifacts, and model registry with full run provenance.

Art. 10 Open Source

DVC (Data Version Control)

Dataset versioning with hash-based integrity. Tracks dataset changes alongside model code — critical for Art. 10 data lineage.

Art. 10 Git-native

Weights & Biases (W&B)

Comprehensive experiment tracking with model registry, dataset cards, and audit logging for compliance evidence packages.

Art. 9–11 SaaS

Siemens Polarion ALM

Industry-standard automotive ALM. Create custom Art. 9–15 requirement types, link to test evidence, export Technical File sections.

Automotive Enterprise

Jama Connect

Requirements traceability with live impact analysis. Map EU AI Act articles to system requirements and track coverage status.

Traceability Enterprise

CI/CD Validators (Custom)

JSON Schema validators for Technical File artifacts running in GitHub Actions / GitLab CI. Block non-compliant merges automatically.

Open Source Art. 11
Section 06

Training & Roles (RACI) ✓ Free

EU AI Act compliance is a team sport. The matrix below assigns Responsible, Accountable, Consulted, and Informed roles across key compliance activities.

Compliance Activity ML Engineer Data Engineer Systems Engineer QA / Test Engineer Functional Safety Lead Product Owner Legal / Compliance
Risk Classification (Art. 6) C R C A I C
Risk Management System (Art. 9) R C R C A I I
Data Governance (Art. 10) R A I C C I C
Technical File (Ann. IV) R R R R A C I
Logging Implementation (Art. 12) R R C C A I
Human Oversight Design (Art. 14) C R R A I
Robustness Testing (Art. 15) R C C A C I
QMS Integration (Art. 17) I I C R A C C
Conformity Assessment (Art. 43) C I C R A R R
Post-Market Monitoring (Art. 72) R R C C A I I
R Responsible — does the work A Accountable — owns the outcome C Consulted — provides input I Informed — kept updated

Recommended Training by Role

👨‍💻

ML & Data Engineers

  • 📘 EU AI Act Article 10 deep-dive (data governance)
  • 📘 Art. 12 logging schema implementation
  • 📘 MLOps traceability (MLflow / DVC)
  • 📘 Bias assessment tooling (Fairlearn, AI Fairness 360)
🛡️

Functional Safety Leads

  • 📘 EU AI Act full regulatory overview
  • 📘 Mapping Art. 9 to ISO 21448 / SOTIF
  • 📘 Conformity assessment routes (Art. 43)
  • 📘 Post-market monitoring design (Art. 72)
📋

QA & Test Engineers

  • 📘 Art. 15 robustness testing methodology
  • 📘 ODD coverage matrix techniques
  • 📘 Validation evidence packaging for Annex IV
  • 📘 CI/CD compliance validator integration
Ready to Comply?

Unlock Premium Playbook Access

Choose how you want to get started — instant access to full EU AI Act checklists, templates, and governance frameworks, or book a session to implement them with expert guidance.

✓ Free Edition

Download the Free Playbook

This complete interactive HTML file — all 6 sections, risk table, RACI matrix, split comparison. Works offline. No sign-up required.

Share: keithan-c.github.io/Playbook

💬

Quick question before you go

What's your team's biggest EU AI Act compliance gap right now? Drop your answer and email — I'll send you a specific resource or note back within 24 hours.

Got it — I'll be in touch within 24 hours.

No pitch. Just a useful reply. hello@keithan.eu

Or choose a premium pathway below

August 2026 is 5 months away. Your team needs compliant artifacts before then — not after.

Recommended
📥

Upgrade to Premium

Access detailed ADAS risk classification templates, AI compliance logs, and step-by-step governance workflows — yours to keep and use across your team.

  • Everything in the email tier
  • CI/CD validator YAML configs
  • Python automated doc generator
  • Conformity assessment checklist
  • Declaration of Conformity template
💳 Buy Premium Playbook →

Secure checkout · Instant download after payment

📅

Book a Strategy Session

Book a free 30-minute gap analysis session to map your ADAS team's EU AI Act obligations — tailored to your stack, timeline, and the August 2026 enforcement deadline.

  • 30-minute 1:1 with Keithan
  • Gap analysis against EU AI Act obligations
  • 21-day sprint roadmap for your team
  • Ingolstadt / remote — your choice
📅 Book a Session →

Free · No commitment required

Already have the free version? Upgrade anytime for full access →  ·  Questions? hello@keithan.eu  ·  keithan-c.github.io/Playbook