Manufacturing - AI Shared Responsibility

Experimental schema. This vertical is a proposed extension of the CoSAI Shared Responsibility Framework, developed independently to demonstrate the approach. It is not part of CoSAI SRF v1.0 and has not been endorsed by CoSAI, the European Commission, ISA, IEC, or any standards body or government agency. EU AI Act and EU Machinery Regulation references must be verified against current regulatory text before use in compliance submissions.

Controls

SRF layers

Lifecycle stages (DES / VAL / OPS / CHG)

Operating models

Operating model and EU AI Act risk class

Operating model	Data type	Network zone	EU AI Act risk class	Key obligation
AI-SaaS	Production KPIs, supply chain data, quality metrics, workforce analytics	Corporate IT / cloud boundary	High-risk where used for employment, safety, or critical infrastructure decisions; otherwise limited or minimal	EU AI Act provider obligations (Article 16), deployer obligations (Article 26), post-market monitoring (Article 72)
OT-Edge	Sensor streams, PLC/SCADA signals, process variables, historian data	OT/ICS security zone per IEC 62443 zone-and-conduit model	High-risk where AI is a safety component (EU Machinery Regulation Annex I item 5/6) or integrated into critical infrastructure	Zone segmentation, conduit documentation, IEC 62443 SL compliance, air-gap or approved-conduit enforcement, OT change management
Product-Embedded	Machine operating state, sensor inputs, user commands	Embedded in product; external network connectivity varies	High-risk for AI safety components under EU Machinery Regulation Annex I items 5 and 6 (automatic high-risk classification under EU AI Act)	Conformity assessment (EU AI Act Article 43), EU declaration of conformity (Article 47), EU AI database registration (Article 49), 10-year technical file retention
AI-PaaS	Digital twin state, IIoT telemetry, model training datasets	Cloud or hybrid; data may traverse OT/IT boundary via approved conduit	Minimal-risk for infrastructure only; risk class determined by workloads deployed on the platform	OT/IT data boundary enforcement, data provenance documentation, platform SBOM/AIBOM, model drift monitoring

The EU AI Act high-risk gap. The EU AI Act (Regulation 2024/1689) high-risk provider and deployer obligations take effect August 2, 2026. The Act requires providers to complete conformity assessments, register high-risk systems in the EU AI database, implement a quality management system per Article 17, and activate post-market monitoring per Article 72. Deployers must implement human oversight, retain automated logs for at least six months, and complete Fundamental Rights Impact Assessments where required. The Act provides no control catalog, no evidence model, and no thresholds. This schema provides all three.

The EU Machinery Regulation 2023/1230 gap. The EU Machinery Regulation applies from January 20, 2027. Annex I item 5 defines safety components with self-evolving behavior using machine learning approaches that ensure safety functions. Item 6 covers machinery embedding such components. Both are automatically high-risk AI systems under the EU AI Act. Manufacturers must protect safety functions against third-party attacks for the operational lifetime of the machine. No existing schema connects Machinery Regulation obligations to the AI Act conformity assessment process; this vertical bridges the two.

The IEC 62443 OT gap. IEC 62443 is the global standard for OT/ICS cybersecurity. ISA-TR62443-2-2-2025 (December 2025) updated the security protection scheme guidance but added no AI-specific controls. The standard has no concept of model drift, no AI accountability assignment per zone, and no evidence model for AI outputs. The ot_applicability field on every control in this schema requires the deploying manufacturer to make an explicit OT/IT/both determination and document it, closing the classification gap IEC 62443 leaves open.

ISO 42001 and the quality management system anchor. ISO 42001:2023 is gaining adoption as the Article 17 quality management system anchor for EU AI Act compliance. ISO 42001 assigns no accountable party per control and provides no thresholds. This schema is a structural complement: use ISO 42001 for QMS certification; use this schema for per-control accountability, thresholds, and evidence.

NIST Cyber AI Profile. The NIST Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) was published as a preliminary draft on December 16, 2025. All NIST Cyber AI mappings in this schema are marked TBD pending finalization of the profile.

Responsibility split values

Split key manufacturer equipment-oem ai-vendor system-integrator shared Every control carries one value. shared = documented split required; accountable party owns the split determination.

In this section

Schema design

Accountability plane

SRF layers, manufacturing personas, and operating models

Each control names one accountable SRF persona. Manufacturing roles map to those personas in the how-to guide: Plant AI Safety Officer to ai-system-governance, OT Data Manager to data-provider, OT/MES Engineer to application-developer, Automation Platform Owner to agentic-platform-provider, OT Infrastructure/ICS Security Team to ai-platform-provider, AI Model Vendor / Equipment OEM to model-provider.

Control plane

OT-parameterized thresholds across four lifecycle stages

Four lifecycle stages: DES (design, classification, architecture), VAL (conformity assessment, FAT/SAT, safety validation), OPS (operational monitoring, post-market), and CHG (OT change management, version freeze, safety re-validation). Every control carries an ot_applicability value and an eu_ai_act_risk_class value. OT change management (CHG stage) is the distinctive manufacturing stage: model updates in OT environments cannot follow the IT patch cycle.

Evidence plane

OCSF v1.8.0 + EU AI Act technical file artifacts

Machine-readable evidence uses OCSF event classes where a technical signal exists. Governance artifacts (EU AI Act technical file, FRIA, FAT/SAT report, conformity assessment certificate, safety case, change record) are named explicitly so compliance managers and auditors know what to produce. IEC 61508 SIL assessments and safety case documents may be confidential; document type and custodian role only, no URL.

Coverage by layer

Governance and processes

EU AI Act risk classification and EU database registration, governance committee with OT and safety representation, AI use case inventory with operating model per system, conformity assessment program management, serious incident reporting plan per Article 73, third-party procurement policy, post-market monitoring plan per Article 72, FRIA for applicable deployers, AI decommission procedure, OT change management policy with version freeze and safety re-validation triggers. Accountable persona: ai-system-governance.

10 controls

Data and input control

Sensor and historian data provenance documentation, training data authority-to-use for production data, OT/IT data boundary enforcement via approved conduits, input data drift monitoring (PSI or equivalent), training data bias assessment for consequential AI, adversarial input detection for OT-edge AI, AI decision log retention per Article 12 (six months minimum), production data egress audit for cloud services. Accountable personas: data-provider, ai-platform-provider.

8 controls

Application and use case

EU AI Act technical documentation completeness (Article 11 / Annex IV), pre-deployment testing for safety-critical AI, human oversight gate for safety-critical outputs (zero-tolerance bypass), safety interlock integration verification, conformity assessment completed before market placement, FAT/SAT coverage for AI-specific failure modes, operator override interface verification, agentic task boundary enforcement for autonomous systems, prompt injection detection for AI assistants, explanation availability for quality and safety decisions. Accountable personas: application-developer, agentic-platform-provider.

10 controls

Platform and infrastructure

OT network zone segmentation per IEC 62443 zones-and-conduits model, OT-edge AI hardware security baseline (firmware signing, secure boot, hardened credentials), air-gap or approved-conduit enforcement for safety-critical OT AI (zero-tolerance), OT patch and update change management, OT SIEM and anomaly detection coverage, remote access security for OT AI maintenance (zero-tolerance unauthenticated sessions), encrypted communication for AI data in transit, SBOM/AIBOM for OT AI components, availability SLA for AI in critical production processes. Accountable persona: ai-platform-provider.

9 controls

Model and supplier

EU AI Act technical file completeness for model supplier, model drift and performance degradation monitoring, model version change management trigger (re-validation determination for high-risk), vulnerability disclosure SLA accounting for OT change cycle, BoAIM and model artifact signing, functional safety validation for AI in safety-instrumented systems (SIL-appropriate per IEC 61508; safety case documents are classified artifacts), model portability and lock-in avoidance documentation, model supplier due diligence and supply chain risk assessment. Accountable persona: model-provider.

8 controls

NIST Cyber AI Profile mappings are marked TBD pending finalization of the December 2025 preliminary draft. IEC 61508 clause-level mappings are marked TBD across all controls; cite only part numbers (IEC 61508-1 through IEC 61508-7) until verified against primary text. The NIST Trustworthy AI in Critical Infrastructure Profile was still in development as of June 2026 and is not cited.

Regulatory crosswalk

EU AI Act (Regulation 2024/1689)

EU Machinery Regulation 2023/1230

IEC 62443 series

ISA-TR62443-2-2-2025

ISO 42001:2023

NIST AI RMF 1.0

NIST AI 600-1

IEC 61508 (SIL, functional safety)

NIST Cyber AI Profile (preliminary draft)

OWASP LLM Top 10