Nautilus ML logo Nautilus ML
AI Assurance Compliance

How to Prove an AI Model Meets DNV Assurance Requirements

Damir Herman, Ph.D. avatar
Damir Herman, Ph.D.

Image credit: Photo by Stephen Leonardi (pexels.com)

From Black-box Fear to Justified Confidence

In regulated engineering domains, the hardest question about AI is rarely accuracy. It is trust.

Why can this system be relied upon when conditions change? How can its outputs be explained, audited, and defended months or years later? And critically: how long can engineers remain accountable for decisions supported by AI?

This is the problem space addressed by the DNV Recommended Practice for assurance of AI-enabled systems DNV-RP-0671. Not by prescribing a specific model architecture, but by defining what justified confidence looks like when AI enters safety- and mission-critical workflows.

Assurance is not Certification, It Is an Argument

DNV’s definition of assurance is “grounds for justified confidence that a claim has been or will be achieved.”.

That framing matters.

An AI model does not “pass” or “fail” assurance in isolation. Instead, assurance is built as a structured argument that connects:

  • clearly stated claims (e.g. the system is reliable within defined operating bounds),
  • evidence (tests, validations, controls),
  • and explicit treatment of uncertainty and assumptions.

In other words, assurance is not a badge. It is a living, inspectable chain of reasoning.

The Three Layers You Must Prove, Not Promise

When organizations struggle with AI assurance, it is usually because they focus on only one layer. DNV-RP-0671 forces all three into the open:

1. The System Behaves as Intended

This is the technical layer engineers are most comfortable with:

  • Performance metrics tied to real engineering objectives
  • Robustness across the operating envelope
  • Known failure modes and degradation behavior
  • Validation against trusted baselines (e.g. physics-based models, historical operations)

Accuracy alone is insufficient. What matters is bounded behavior.

2. The System Is Used Responsibly

AI rarely fails in isolation. It fails in context. DNV explicitly requires assurance of how AI outputs are consumed:

  • Clear human-in-the-loop or human-on-the-loop roles
  • Defined decision authority (AI informs, humans decide)
  • Safeguards against automation bias
  • Traceability from output back to inputs, assumptions, and model version

This is where many “AI platforms” quietly fall apart. Not technically, but operationally.

3. The Organization Can Sustain Trust Over Time

AI systems are dynamic by nature. Data drifts. Models evolve. Use cases expand.

DNV therefore treats assurance as continuous, not static:

  • Change management and re-validation triggers
  • Monitoring for performance drift and data integrity
  • Governance over model updates and retraining
  • Explicit ownership and accountability structures

An AI model that cannot be governed is, by definition, unassurable.

Where Automation Fits and Where It Does Not

Automation is often misunderstood in assurance discussions.

Used correctly, automation strengthens assurance. Used carelessly, it obscures responsibility.

At Nautilus AI, automation is applied narrowly and deliberately:

  • Automating evidence collection, not judgment
  • Automating traceability, not decisions
  • Automating repeatable checks, not accountability

Yes, this can include modern infrastructure patterns, including MCP-style servers for structured model access, versioning, and audit-ready interfaces. But that infrastructure is supporting cast, not the story.

The focus remains unchanged:

Engineers must always be able to answer why a result was produced, not just what the result was.

The answer “the model gave me that result” is not acceptable. It is always wrong.

Why DNV-aligned Assurance Changes the AI Conversation

DNV-RP-0671 does something subtle but powerful: it reframes AI from a disruptive black box into a governable engineering component.

When assurance is done correctly:

  • Regulators stop asking “How can we trust this AI?”
  • Clients stop asking “What happens if it’s wrong?”
  • Engineers stop fearing loss of professional responsibility

Instead, the conversation becomes:

“Under what conditions is this system reliable, and how do we know when we are outside them?”

That is an engineering question. Very reasonable and manageable.

The Nautilus AI Perspective

At Nautilus AI, assurance is not an afterthought added to an existing model. It is the design constraint.

Our systems are built to:

  • make assumptions explicit,
  • preserve traceability end-to-end,
  • align AI outputs with established engineering standards,
  • and integrate into existing compliance and verification workflows.

This is how AI earns its place in safety-critical domains: not by replacing engineering judgment, but by making it faster, more consistent, and more defensible.

Closing Thought

AI does not become trustworthy because it is sophisticated.
It becomes trustworthy because it is understood, bounded, and governed.

DNV-RP-0671 provides the map.

Back to all insights