Responsible AI · Aviation Operations
How AirOS approaches the responsible integration of AI across aviation operations — grounded in safety assurance, human authority, and the emerging international regulatory consensus on trustworthy aviation AI.
Aligns with EASA AI Roadmap 2.0 · ICAO Annex 19 (3rd Ed.) · EU AI Act
AI must never introduce unmanaged operational risk. Every capability is evaluated against its potential safety impact before deployment, and conservative thresholds govern all safety-critical inference.
Accountable persons — Nominated Persons, CAMOs, Safety Managers — retain decision responsibility at all times. No AI system within AirOS may certify maintenance, approve airworthiness, or authorize dispatch.
All AI-assisted outputs must be traceable to their source data, labelled as AI-generated, and logged for regulatory audit. Explainability is not optional — it is the foundation of operational trust.
Aviation is among the most safety-disciplined industries on earth. Decades of procedural refinement, international regulatory coordination, and just-culture reporting have produced a commercial aviation fatality record that other high-risk sectors continue to study and emulate. Into this environment, artificial intelligence arrives not as a disruptor, but as a force multiplier — one that demands the same rigour applied to every other system that touches airworthiness.
This paper sets out AirOS's approach to responsible AI development and deployment across aviation operations. It draws on our published AI Policy, on the emerging international regulatory consensus from EASA, ICAO, the FAA, and the EU AI Act, and on peer-reviewed research into human-AI teaming in safety-critical domains. Our intent is to articulate not just what we do, but why — and to contribute to the broader industry conversation about what ethical aviation AI should look like in practice.
Scope. This paper covers AI as deployed across the AirOS platform — including AURA (Aviation Unified Regulated Assistant), Regulation Intelligence, Reliability Monitoring, AI Inbox, and predictive maintenance capabilities. It does not address flight-deck or Air Traffic Management automation, which sit under separate certification and rulemaking regimes.
The regulatory landscape for AI in aviation has matured considerably. In Europe, EASA's AI Roadmap 2.0 — a human-centric framework that classifies AI applications across three levels of authority — is now the reference architecture for all AI system development and certification in the EASA Basic Regulation domain. Its first regulatory proposal, NPA 2025-07, published in November 2025, introduces Detailed Specifications (DS.AI) that define how "trustworthiness" translates into certifiable artefacts: AI risk assessments, AI ethics assessments, and lifecycle monitoring requirements are all mandatory for systems operating above a no-safety-effect threshold.
At the global level, ICAO adopted formal guidance on AI in aviation in December 2024, mandating a human-centric approach in which operators must maintain ultimate authority and oversight over AI systems in safety-critical functions, with traceability, transparency, and clearly defined responsibility as non-negotiable conditions. ICAO Annex 19, Third Edition — effective November 2025 — further strengthened safety data governance and Just Culture protections, both of which bear directly on how AI systems may handle occurrence reports, safety data, and voluntary disclosure.
In parallel, the EU AI Act (Regulation (EU) 2024/1689) has entered its operational phase. Aviation systems that function as safety components under Regulation (EU) 2018/1139 — EASA's Basic Regulation — are classified as high-risk AI systems under Annex I of the Act, carrying obligations around risk management, data governance, technical documentation, human oversight, and continuous post-market monitoring. Full obligations for these product-integrated high-risk systems apply from August 2028; Annex III stand-alone high-risk obligations are enforceable from August 2026.
Industry survey finding (EASA, 2025). A survey of aviation professionals conducted by EASA in 2024/2025 found mean comfort, trust, and acceptance ratings for AI deployment of 4.4 on a scale of 7 — and two-thirds of respondents declined to accept at least one of eight hypothetical AI deployment scenarios. Regulation and oversight were consistently cited as the conditions under which AI would become acceptable. Trust is not assumed; it must be demonstrated through architecture.
EASA's Concept Paper Issue 2 (March 2024) defines the operational vocabulary that structures how AirOS thinks about its own AI capabilities:
| Level | Designation | Human Role | AirOS Examples |
|---|---|---|---|
| Level 1 | AI Assistance — Enhances human capability | Human retains full decision authority; AI provides information, drafts, or flags | AURA regulatory summaries, document drafting, compliance gap identification, maintenance forecasting alerts |
| Level 2 | Human-AI Teaming — Shared authority under oversight | AI may act automatically within defined parameters; human monitors and can intervene | AI Inbox triage with human approve/decline gates, anomaly-triggered maintenance recommendations, scheduling optimisation proposals |
| Level 3 | Advanced Automation | Human oversight may be intermittent or absent in defined envelopes | Not currently deployed by AirOS |
The significance of this framework for AirOS is that it is architecture-determining, not just classificatory. The moment a capability crosses from Level 1 into Level 2 — from informing to automatically acting — additional safeguards apply: human-AI interaction design principles, defined intervention mechanisms, conservative operational boundaries, and enhanced logging. AirOS applies these requirements proactively, not reactively.
In aviation, accountability cannot be delegated to software. This is not a limitation of current AI capability — it is a principle that reflects the legal, ethical, and organisational reality of licensed aviation practice. Nominated Persons hold regulatory accountability before their authority. CAMOs carry continuing airworthiness responsibility that cannot be transferred to an algorithm. Safety Managers are answerable for the integrity of their SMS.
AirOS enforces human oversight through structural architecture rather than policy statements alone:
Hard-coded authority limits. No AI system within AirOS is authorised to certify maintenance, approve airworthiness, close safety investigations, or authorise operational dispatch. These functions require authenticated human action in the system and cannot be triggered by AI inference.
Review and approval checkpoints. AI-generated outputs that affect compliance or airworthiness pass through mandatory human review gates before entering the audit trail as confirmed records. The AI Inbox is paradigmatic: every recommendation is presented as a human decision, not a pre-completed action.
Role-based authority controls. AI capabilities are surfaced only to users with appropriate role permissions. Recommendations surfaced to an engineer differ from those surfaced to a Postholder — and the scope of actionable authority matches the scope of regulatory accountability.
Override and interrogation mechanisms. Users can always interrogate an AI output: what data informed the result, what assumptions were made, and at what confidence level. Overrides are logged. AI recommendations that are declined are preserved in the audit trail alongside the human decision that superseded them.
ICAO alignment. ICAO's 2024 AI guidance mandates that "human operators must always maintain ultimate authority and oversight over AI systems, especially in safety-critical functions." AirOS's architectural approach directly implements this requirement — not as a compliance checkbox, but as a foundational design constraint that shapes every capability from initial specification.
EASA identifies explainability, predictability, and traceability as the three core trustworthiness properties that AI in aviation must demonstrate. Each has direct operational implications that are distinct from the softer "transparency" language sometimes used in AI ethics discourse.
An explainable system can provide a user-interpretable account of why a given output was produced. In practice, this means AirOS AI outputs — compliance gap identifications, maintenance forecasts, anomaly flags — are always presented alongside their evidentiary basis: the regulatory paragraphs, maintenance records, telemetry readings, or historical patterns that drove the inference. A finding without a source is not a finding the system will surface.
Traceability is the audit requirement: the chain from input data to AI output to human decision must be reconstructible, with timestamps and actor identities, for regulatory review, occurrence investigation, and internal safety assurance. AirOS logs all AI-generated outputs, all human interactions with those outputs, and all downstream decisions taken on their basis. This is not supplementary to regulatory compliance — it is the compliance mechanism.
Predictability in the EASA sense means that AI behaviour within a defined operational domain is stable and bounded: the system does not exhibit emergent or unexpected behaviour under routine operating conditions. AirOS achieves this through defined operational envelopes, controlled evaluation before deployment, and continuous output monitoring against known baseline performance characteristics. Model updates undergo regression testing before release.
Aviation's SMS framework — codified in ICAO Annex 19 and reflected in UK CAA, EASA Part-M, and Part-CAMO requirements — provides the natural model for AI safety assurance. The four pillars of SMS (safety policy, safety risk management, safety assurance, and safety promotion) map directly to what a robust AI governance programme should look like in a regulated aviation environment.
AirOS treats AI performance monitoring as continuous safety assurance, not a post-deployment afterthought:
Output accuracy monitoring. AI model performance is tracked against defined Key Performance Indicators, aligned with SMS SPI/SPT frameworks. Degradation below alert thresholds triggers a formal safety review, not just an engineering ticket.
AI safety occurrence management. Any identified AI failure, hazard, or unsafe output is treated as a safety occurrence and managed through formal investigation processes — the same workflow used for airworthiness or SMS events. There is no separate, lower-scrutiny track for "software errors."
Bias and anomaly detection. Models are actively monitored for output bias — the risk that training data patterns produce recommendations that are systematically skewed in ways that create unsafe operational assumptions. Fleet diversity, operator type, and geographic variation are considered in evaluation design.
Incremental deployment. New AI capabilities enter service through phased rollout: controlled evaluation environments first, then limited operational contexts with enhanced monitoring, then broader deployment as confidence is established. This mirrors the FAA's Roadmap for AI Safety Assurance principle of incremental deployment starting with lower-risk applications.
The safety data that aviation generates — occurrence reports, FDM exceedances, maintenance records, reliability data — is among the most sensitive operational information an organisation holds. It is sensitive not only because of privacy, but because of function: the willingness of professionals to report accurately and without fear of punitive consequence is the foundation of aviation's safety culture.
ICAO Annex 19 (Third Edition, November 2025) explicitly strengthened safety data governance requirements, mandating that organisations protect reporting sources, maintain data integrity, and support the Just Culture environments necessary for voluntary disclosure. AirOS treats this requirement as directly applicable to AI workflows.
Just Culture principle. Where AI models analyse safety reports, occurrence data, or FDM exceedances, they do so to identify patterns, systemic risks, or operational efficiencies — never to identify or profile individuals. Safety reporting confidentiality is preserved in all AI workflows, and whistleblower protections are maintained. AI must not become a mechanism through which Just Culture is undermined by making individual identification easier or attribution more automatic.
Data governance within AirOS operates under five principles:
AirOS's AI development is calibrated against the evolving requirements of multiple regulatory frameworks simultaneously. These are not independent compliance exercises — they are convergent expressions of the same underlying principle: that AI in safety-critical aviation applications must be trustworthy, overseen, and accountable.
| Framework | AirOS Alignment |
|---|---|
| EASA AI Roadmap 2.0 + NPA 2025-07 | Capabilities mapped against the Level 1/Level 2 framework. DS.AI requirements — AI risk assessment (DS.AI.130) and AI ethics assessment (DS.AI.140) — incorporated into pre-deployment evaluation. Monitoring and recording capabilities required by DS.AI.160 built into platform architecture. |
| ICAO Annex 19 (3rd Ed.) + AI Guidance (Dec 2024) | Human oversight, traceability, and clearly defined accountability reflected in authority architecture. Safety data governance and Just Culture protections applied to all AI workflows touching safety-relevant data. |
| EU AI Act (Reg. (EU) 2024/1689) | AI system inventory and risk classification assessments maintained. High-risk system obligations — risk management, data governance, technical documentation, human oversight design, and post-market monitoring — applied across the platform's AI layer in advance of mandatory enforcement dates. |
| UK CAA / Part-M / Part-CAMO / Part-145 | AI outputs affecting continuing airworthiness, maintenance programmes, or compliance status subject to the same regulatory accountability structures as non-AI processes. Licensed engineers, Nominated Persons, and CAMO Postholders remain solely responsible for decisions informed by AI-generated information. |
| ICAO Doc 9859 SMS Framework | AI safety assurance structured within the SMS four-pillar model. AI-related hazards, risks, and safety occurrences managed through existing SMS workflows rather than separate "technology risk" frameworks. |
The capabilities that make AI valuable in aviation operations — processing large volumes of heterogeneous data, identifying non-obvious patterns, maintaining consistency across high document volumes, and surfacing information at the moment it becomes relevant — are precisely the capabilities that address the most persistent failure modes in human-managed compliance: missed regulatory amendments, overlooked maintenance history, documentation gaps discovered during audit rather than before it.
AirOS's Regulation Intelligence continuously analyses applicable regulations, identifies changes, and maps compliance gaps before they become audit findings. AURA surfaces relevant technical data at the moment an engineer or Safety Manager needs it, without requiring manual retrieval from distributed sources. Reliability Monitoring aggregates fleet-wide component performance data and identifies anomalies that would not be visible from individual aircraft maintenance records. The Scheduling Engine validates FTL compliance and maintenance requirements before a schedule is published, not after.
In each case, the pattern is the same: AI reduces the administrative and cognitive burden on the licensed, accountable professional — not to replace their judgement, but to ensure their judgement is applied to complete, accurate, and timely information. The human is not removed from the loop; they are better placed within it.
Research alignment. A 2025 systematic review of AI-driven predictive maintenance in aviation found significant improvements in unplanned grounding rates and fault detection lead times, with the strongest outcomes in systems that combined AI pattern recognition with human engineer validation — not systems that attempted to remove engineer judgment from the maintenance release process. The human-in-the-loop is not a constraint on AI effectiveness; in aviation, it is a condition of it.
Aviation AI systems face threat vectors that general-purpose AI applications do not. Data poisoning — the deliberate introduction of malformed training or input data to skew model outputs — poses a particular risk in maintenance forecasting contexts where adversarial manipulation of component health data could suppress safety-critical alerts. Model manipulation through adversarial inputs is a concern in any system that accepts free-text operational inputs.
AirOS applies cybersecurity frameworks to its AI layer with the same rigour applied to other platform components: permission-based AI feature access, anomalous usage pattern monitoring, and prevention of automated execution of regulated actions. AI system security is evaluated as part of pre-deployment suitability assessment, and cybersecurity considerations are incorporated into the DS.AI-aligned AI risk assessment process.
Output usage disclaimers are applied where AI-generated content touches safety-critical determinations. The system is designed to surface uncertainty — including through explicit confidence indicators where applicable — so that users approach AI outputs with calibrated trust rather than unexamined reliance.
Aviation did not become the world's safest form of mass transport by moving fast and fixing problems later. It did so through a combination of incremental, evidence-based improvement; rigorous investigation of failures and near-misses; transparent sharing of safety information; and international regulatory coordination that maintained common standards across a globally interconnected system.
AirOS's commitment is to bring the same discipline to AI. That means deploying incrementally, with evidence of safety at each step. It means being transparent about what our AI systems can and cannot do. It means preserving the human authority structures that aviation has spent decades building. And it means treating any AI failure, however minor, with the same seriousness as any other safety occurrence.
We are at an early moment in the integration of AI into regulated aviation operations. The frameworks being developed now — by EASA, ICAO, the FAA, and the emerging body of DS.AI specifications — will shape how the industry deploys AI for decades. AirOS is committed to participating actively in that process: working with regulators, engaging with industry bodies, incorporating user and audit feedback into our AI governance reviews, and sharing what we learn.
AirOS AI Policy. The principles described in this paper are operationalised in the AirOS AI Policy. The policy is a living document, updated as the regulatory environment and our operational experience evolve. We invite aviation professionals and regulators to engage with us on its content.
EASA — AI Roadmap 2.0: A Human-Centric Approach to AI in Aviation (2023, living document). AI Concept Paper Issue 2: Guidance for Level 1 & 2 Machine Learning Applications (March 2024). NPA 2025-07: AI Trustworthiness for Aviation (November 2025).
ICAO — Guidance on AI in Aviation (adopted December 2024, effective January 2025). Annex 19: Safety Management, Third Edition (adopted June 2025, effective November 2025).
FAA — Roadmap for Artificial Intelligence Safety Assurance (July 2024). Safety Framework for Aircraft Automation (September 2025).
EU — Regulation (EU) 2024/1689 — EU Artificial Intelligence Act, in force August 2024 with phased application to 2028.
Research — EASA Ethics for Artificial Intelligence in Aviation: Aviation Professionals Survey Results 2024/2025 (September 2025). Systematic literature reviews on AI-driven predictive maintenance and fault detection in aircraft systems (2024–2025). Cross-regional review of AI safety regulations in commercial aviation (MDPI, January 2026).
© 2026 AirOS. Research Paper — June 2026.
