The framework for measuring AIs already exists. It still have to be made operational.

Companies no longer need to be told that artificial intelligence carries risks. They already know.

They also know that a system can produce a convincing yet fragile answer, that a provider can modify a model or its routing without the change being immediately visible, and that an application can remain fully available from a technical standpoint while silently evolving at the behavioural level.

The real question therefore begins after the principles.

How can we measure what is changing? How can we distinguish normal variation from a signal that warrants investigation? How can we document the actual behaviour of a system over time? And above all, how can we turn these observations into useful decisions for product, risk, compliance, finance and executive teams?

For several years, the National Institute of Standards and Technology has been laying the foundations of this discipline. NIST advocates the development of metrics, measurement methods, evaluation protocols and best practices for assessing the properties of artificial intelligence systems. Its approach does not seek a universal score capable of summarizing the quality of every AI system. On the contrary, it emphasizes the need to define precisely the property being observed, the evaluation context, the data used, the limitations of the metrics and the methods required to produce an interpretable measurement.

This direction remains fully relevant today. The programme dedicated to the testing, evaluation, validation and verification of AI systems reiterates that trust in artificial intelligence products and services depends on reliable measurement and evaluation. NIST therefore continues to develop measurement methods, contribute to standards and support their adoption in real-world applications.

The framework is therefore in place.

But between a reference framework and its day-to-day implementation within an organisation, a considerable gap remains.

This is where NeoMundi operates.

Measuring After Deployment

A large proportion of AI-system evaluation remains episodic. A model is tested against a dataset, compared with a reference, and then declared sufficiently effective for a specific use case.

This step is necessary, but it is no longer sufficient.

Generative AI systems are not static objects. They are probabilistic and dependent on their context, provider, parameters, technical environment and the successive changes that may occur after deployment.

A company does not merely consume a model. It uses a “living” service.

That service can change without any visible outage. Latency remains acceptable. The API responds. Costs appear to be under control. Yet the answers may become more variable, less coherent, more factually fragile or simply different from those that the organisation had previously observed and accepted.

The risk is therefore not only that an AI system may be wrong.

The risk is also that it may change silently, as illustrated by our weekly barometers: under the same repeated protocol, one de-identified profile moved from 0.3% of responses being flagged to 12.3%, before falling again and then stabilizing at approximately 14% during additional longitudinal measurements (see AI Barometer #4).

In my paper, From AI Observability to Governance Metrology, I argue that the next stage of observability consists precisely in measuring these behavioural regimes over time. The objective is no longer simply to collect telemetry or record what happened. It is to establish a baseline and then observe whether the system’s behaviour remains within a known range or begins to move away from it.

This approach directly extends the measurement logic promoted by NIST, while applying it to a question that remains insufficiently addressed within organisations: what becomes of evaluation once the system is actually in use?

This question also aligns with the logic of the European Union’s Artificial Intelligence Act. For the systems concerned, the AI Act does not stop at initial evaluation: it provides for logging mechanisms, human oversight, post-market monitoring and the reporting of serious incidents. Organisations deploying high-risk systems are notably required to monitor their operation and act when risks or incidents are identified.

The regulation therefore establishes a governance obligation, but it does not, by itself, provide the instrument required to observe fine-grained behavioral variations in a generative AI system over time. This is precisely where governance metrology becomes operational: it transforms system outputs into documented, comparable and actionable signals that can trigger an investigation, strengthen oversight or lead to the reassessment of a use case.

This monitoring requirement is also consistent with ISO/IEC 42001, the standard dedicated to artificial intelligence management systems. It encourages organisations to structure their responsibilities, control processes, documentation and the continuous improvement of their AI uses. Here again, the challenge is no longer merely to define a governance policy, but to obtain sufficiently reliable and regular data to verify how systems actually behave after deployment.

From Observability to Governance Metrology

NeoMundi has begun to make this approach operational.

We run repeatable protocols on AI systems accessible in production. We observe their responses under defined conditions. We repeat the measurements, establish baselines and compare the results over time.

The object being measured is not “the model” in absolute terms.

We measure a behavioral moment: the way a system responds to a defined input, within a specified context and during a declared period.

This distinction is essential. It prevents a local measurement from being turned into a universal judgement. A system may be stable while still producing an inaccurate answer. Another may be variable while remaining relevant for a creative or exploratory use case.

Measurement must therefore not become a simplistic ranking mechanism.

It must make it possible to document behaviour, identify its evolution and determine whether a variation warrants more detailed review.

This is why NeoMundi applies a consistent doctrine: the signal is not the verdict.

Semantic variation, a loss of coherence or a factual alert does not, in itself, constitute proof of failure. It indicates that a change has been observed and that human, domain-specific or institutional attention may be required.

The role of the instrument is not to replace authority. It is to provide that authority with a structured, traceable and reviewable basis for decision-making.

The Value Does Not Lie in Yet Another Score

For an organisation, measurement only has value when it enables action.

Executive management does not need one more indicator in an already saturated dashboard. It needs to know where behaviour is changing, which use cases are affected, how much those uses cost and where control resources should be concentrated.

This is why we are progressively correlating behavioural signals with operational data such as cost, token consumption, latency, incomplete executions, information density and the effort required for human oversight.

Connecting these dimensions changes the nature of the measurement.

An increase in variability does not have the same significance for an internal brainstorming tool as it does for a system producing legal, financial or medical information. An isolated error does not have the same impact depending on whether it is detected automatically or requires several hours of rework by a qualified employee.

The true cost of AI is therefore not limited to the API bill.

It also includes the cost of verification, correction, escalation, oversight and, in some cases, the cost of an incident identified too late.

Governance metrology must make this economy visible.

It can help an organisation identify the use cases that can remain largely automated, those requiring stronger oversight, those that must be reassessed and those for which the cost of control ultimately exceeds the value created.

At this level, measurement becomes a resource-allocation instrument.

Building a Memory of Actual Behaviour

The other major challenge is traceability.

When an incident occurs, organisations often have technical logs, application traces or isolated data points. Much more rarely do they possess a structured history of the system’s behaviour before the incident.

A weak signal only becomes visible when it can be compared.

Longitudinal monitoring makes it possible to move from a succession of isolated observations to a trajectory. It helps distinguish a one-off episode from a persistent evolution and, potentially, from a regime shift.

This behavioural memory can become useful to many stakeholders: product teams seeking to monitor the actual quality of a service, procurement teams evaluating a provider, compliance teams documenting the controls performed, auditors reconstructing a chronology, insurers better assessing exposure and executives arbitrating investment decisions.

NIST has long emphasised the importance of systematic evaluations, explicit metrics, appropriate datasets and tools that enable these methods to be applied to real systems. It is also developing environments and software designed to organise and reproduce evaluations.

NeoMundi operates within this continuity, with a specific field of application: the repeated and longitudinal observation of generative AI system behaviour.

A Framework Does Not Govern on Its Own

We must remain rigorous about what this approach can and cannot achieve.

Behavioural metrology does not prove that an AI system is telling the truth. It does not certify that a system is safe. It does not independently determine whether a use case is legally compliant. It replaces neither domain expertise, human responsibility nor the authorities responsible for making decisions.

It enables something else, which is becoming essential.

It makes it possible to know that behaviour has changed before that change becomes a silent incident.

It makes it possible to document that change.

It makes it possible to concentrate oversight where it produces the greatest value.

Finally, it makes it possible to connect governance principles with real operating conditions.

Institutions have established the language of artificial intelligence measurement. NeoMundi has built the operational instrument: a metrology layer that enables organisations to monitor the behaviour of real systems over time and turn those observations into measurable governance decisions.

The next challenge for AI governance will therefore not simply be to determine whether a system has been evaluated.

It will be to determine whether it continues to behave as the organisation believes it behaves, and how much that confidence costs.

Associated reference: Sébastien Favre, From AI Observability to Governance Metrology, NeoMundi Research, July 2026, DOI: 10.5281/zenodo.21250268.

References

National Institute of Standards and Technology. (n.d.). NIST AI Measurement and Evaluation Projects.
https://www.nist.gov/programs-projects/ai-measurement-and-evaluation/nist-ai-measurement-and-evaluation-projects

National Institute of Standards and Technology, AIME Planning Team. (2021). Artificial Intelligence Measurement and Evaluation at the National Institute of Standards and Technology.
https://www.nist.gov/system/files/documents/2021/06/16/AIME_at_NIST-DRAFT-20210614.pdf

European Union. (2024). Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence. Official Journal of the European Union.

National Institute of Standards and Technology. (2023). Artificial Intelligence Risk Management Framework (AI RMF 1.0), NIST AI 100-1.
https://doi.org/10.6028/NIST.AI.100-1

International Organization for Standardization. (2023). ISO/IEC 42001:2023, Information technology, Artificial intelligence, Management system.

Favre, S. (2026). From AI Observability to Governance Metrology, Measuring the Behavioural Regimes of Generative AI Systems.
NeoMundi Research.
https://doi.org/10.5281/zenodo.21250268

Leave a Comment

Your email address will not be published. Required fields are marked *


Scroll to Top