Operational Monitoring

The organisation shall implement continuous monitoring of AI system performance and behavior in production environments. This includes automated monitoring of key performance indicators, tracking of system outputs, detection of anomalies or degradation in performance, and validation that systems operate within defined parameters. The organisation must maintain documentation of monitoring results, performance trends, and actions taken to address identified issues. Monitoring activities shall be proportional to the system's risk level and complexity.

The organisation shall maintain comprehensive logs of AI system events and operations throughout their lifecycle. Logging systems must capture relevant operational data including system usage, input data references, and verification of results. For general-purpose AI (GPAI) models, logs shall include details of model interactions and outputs to support transparency and compliance. Logs must be retained for required retention periods, protected from unauthorised access or modification, and made available to authorities when required. The organisation shall ensure logging systems enable effective compliance verification and support incident investigations.

The organisation shall establish and maintain a systematic approach to continuous improvement of AI systems throughout their operational lifecycle. This includes implementing processes to gather and analyse performance data, user feedback, and operational metrics to identify opportunities for enhancement. The organisation shall maintain documented improvement plans that outline specific objectives, timelines, and success criteria. Regular reviews must be conducted to evaluate the effectiveness of improvements and identify new areas for optimisation. The organisation shall ensure that improvement initiatives are prioritised based on operational impact and risk considerations, with clear processes for implementing and validating changes.