5.3.2 Verification of Dynamic Systems
Original Problem in the Paper
The paper frames modern AI systems such as ChatGPT as dynamic systems rather than static models: deployed systems can combine multiple models or components, including mixture-of-experts architectures and input/output filters, and can change across their lifecycle. That makes oversight harder because the object being evaluated or governed may differ from the object later served to users. The paper’s open problem is reliable, accessible versioning and update tracking for AI systems, including model registries, what information those registries should store, how stored claims can be verified, and how updates and their impacts can be monitored.
July 2026 Update & Trajectory
Versioning is operational for public model repositories such as Hugging Face Hub, and release/lifecycle documentation is increasingly institutionalized through EU AI Act duties such as high-risk-system technical documentation and post-market monitoring, GPAI model technical documentation, and Commission lists for GPAI models with systemic risk. Separately, at least one AI lab publishes release-specific system cards or safety reports in the evidence reviewed here. But the paper’s harder target—verified dynamic-system identity across model weights, prompts, tools, retrieval corpora, routing, safety filters, and frequent updates—is not solved by the sources reviewed here. They provide documentation, histories, lists, and release reports, but they do not establish a general cryptographic proof that a hosted API is serving the same model, prompt stack, tools, retrieval corpus, routing, and filters that auditors evaluated.
Deployed / Operationalized
- Public model repositories such as Hugging Face Hub use Git-backed commits/revisions and UI history/diffs to track committed model-file changes.
- The EU AI Act creates technical-documentation, conformity-assessment, registration, and post-market-monitoring duties for covered high-risk AI systems; technical-documentation duties for GPAI model providers; and systemic-risk classification/listing plus standardized evaluation, adversarial testing, risk mitigation, incident-reporting, and cybersecurity duties for GPAI models with systemic risk.
- The voluntary EU GPAI Code of Practice provides a Model Documentation Form for GPAI transparency obligations and safety/security practices for providers of GPAI models with systemic risk that choose to use the Code to demonstrate AI Act compliance.
- At least one lab publishes release-specific system cards or safety reports in the evidence reviewed here; for example, Anthropic’s May 2025 Claude Opus 4/Sonnet 4 system card documents pre-deployment safety tests, release decisions, ASL determinations, RSP evaluations, third-party assessments, and ongoing safety commitments for that model family.
New Tractable Vectors
- Standard GPAI model documentation forms and safety/security practices under the voluntary EU GPAI Code of Practice for providers seeking to demonstrate AI Act compliance.
- Mapping public model/version commits to evaluation artifacts for open-weight models.
- Release-specific system cards that report pre-deployment evaluations and explicit post-deployment monitoring or ongoing safety commitments where the provider has them.
Key Open Questions
- Cryptographic proof that a hosted API is serving the same model, prompt stack, tools, retrieval corpus, routing, and filters that auditors evaluated.
- Granularity standards for when a prompt, retrieval corpus, safety filter, tool policy, quantization, or routing change should require a new version identifier, evaluation, or audit.
- Versioning agentic systems whose tools, memories, permissions, and user-specific state change over time.
- User-facing presentation of version and verification data without overwhelming users.
Evidence & Primary Sources
- Reuel, Bucknall, et al., *Open Problems in Technical AI Governance*, section 5.3.2, frames modern AI systems as dynamic multi-component systems that may include mixture-of-experts architectures and input/output filters, change over their lifecycle, and raise open questions about versioning, update tracking, model registries, stored information, verification, and monitoring update impacts. (2024/2025): https://arxiv.org/pdf/2407.14981
- Hugging Face Hub documentation says Hub repositories can be managed with Git; a pushed Git commit is a revision; and the UI exposes repository history and diffs for committed changes. This supports narrow operational versioning for public model artifacts, not verification of a hidden hosted pipeline. https://huggingface.co/docs/hub/repositories-getting-started
- Regulation (EU) 2024/1689, published in the Official Journal on 12 July 2024, creates category-specific AI Act obligations: Article 53 requires GPAI model technical documentation including training/testing process and evaluation results; Articles 51-52 establish systemic-risk GPAI classification and a Commission-maintained list; Article 55 requires standardized model evaluation and adversarial testing, risk mitigation, incident reporting, and cybersecurity duties for GPAI models with systemic risk; and Article 72 requires post-market monitoring plans for high-risk AI systems. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
- The European Commission’s GPAI Code of Practice page says the Code was published on July 10, 2025, is an adequate voluntary tool for providers to demonstrate AI Act compliance, includes a Transparency chapter with a user-friendly Model Documentation Form, and includes a Safety and Security chapter for providers of GPAI models with systemic risk under Article 55. https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai
- The European Commission Q&A states that the GPAI Code of Practice is voluntary, does not impose obligations beyond the AI Act, and provides a way for GPAI providers and providers of GPAI models with systemic risk to demonstrate compliance with relevant AI Act obligations. https://digital-strategy.ec.europa.eu/en/faqs/questions-and-answers-code-practice-general-purpose-ai
- Anthropic’s *System Card: Claude Opus 4 & Claude Sonnet 4* is dated May 2025 and documents pre-deployment safety tests, release decision process, ASL determinations, RSP evaluations, third-party assessments, and ongoing safety commitments for Claude Opus 4 and Claude Sonnet 4. https://www-cdn.anthropic.com/6be99a52cb68eb70eb9572b4cafad13df32ed995.pdf