arXiv: An Evidence-driven Protocol for Trustworthy CI Pipelines

This publication introduces a new evidence-driven protocol for building trustworthy continuous integration (CI) pipelines, specifically designed to align with the AI Safety framework. The protocol provides a structured method for generating, documenting, and verifying evidence that AI models and their deployment pipelines meet safety, transparency, and robustness requirements. It is not a regulatory mandate but a technical standard that operationalizes key principles from emerging EU AI Act guidelines, focusing on traceability and auditability of AI system behavior throughout the development lifecycle.

The protocol primarily affects organizations developing or deploying high-risk AI systems, particularly in regulated sectors such as finance, healthcare, and critical infrastructure. It also impacts cloud service providers and DevOps teams responsible for CI/CD pipelines that integrate AI components. Compliance teams in these sectors should review their existing CI pipeline documentation and evidence collection processes against the protocol’s recommendations. The next step is to assess whether current practices generate sufficient auditable evidence for model validation, data governance, and performance monitoring, and to consider adopting the protocol as a reference for internal audits or third-party conformity assessments.