GovAI · Research
Research PaperSSRN2026
Why Auditability Fails in Current Generative AI Systems: A Governance Perspective
Abstract
Generative AI systems are deployed faster than governance infrastructure can verify them. This paper examines structural gaps in auditability — opaque model behavior, weak evidence chains, and compliance claims that cannot be reproduced — and outlines how policy-enforced evidence with deterministic verdicts supports enterprise-grade governance.
Key insights
- Current generative AI stacks often produce outputs without append-only, policy-bound evidence that auditors can replay.
- Compliance posture degrades when verdicts depend on reconstructed logs rather than a single authoritative compliance projection.
- EU AI Act and ISO/IEC 42001 alignment require traceable controls — not marketing claims disconnected from runtime enforcement.
- Deterministic VALID · INVALID · BLOCKED outcomes, tied to hash-chained records, reduce ambiguity for security and compliance reviewers.