A Workflow for Full Traceability of AI Decisions

📝 Abstract

An ever increasing number of high-stake decisions are made or assisted by automated systems employing brittle artificial intelligence technology. There is a substantial risk that some of these decision induce harm to people, by infringing their well-being or their fundamental human rights. The state-of-the-art in AI systems makes little effort with respect to appropriate documentation of the decision process. This obstructs the ability to trace what went into a decision, which in turn is a prerequisite to any attempt of reconstructing a responsibility chain. Specifically, such traceability is linked to a documentation that will stand up in court when determining the cause of some AI-based decision that inadvertently or intentionally violates the law. This paper takes a radical, yet practical, approach to this problem, by enforcing the documentation of each and every component that goes into the training or inference of an automated decision. As such, it presents the first running workflow supporting the generation of tamper-proof, verifiable and exhaustive traces of AI decisions. In doing so, we expand the DBOM concept into an effective running workflow leveraging confidential computing technology. We demonstrate the inner workings of the workflow in the development of an app to tell poisonous and edible mushrooms apart, meant as a playful example of high-stake decision support.

💡 Analysis

An ever increasing number of high-stake decisions are made or assisted by automated systems employing brittle artificial intelligence technology. There is a substantial risk that some of these decision induce harm to people, by infringing their well-being or their fundamental human rights. The state-of-the-art in AI systems makes little effort with respect to appropriate documentation of the decision process. This obstructs the ability to trace what went into a decision, which in turn is a prerequisite to any attempt of reconstructing a responsibility chain. Specifically, such traceability is linked to a documentation that will stand up in court when determining the cause of some AI-based decision that inadvertently or intentionally violates the law. This paper takes a radical, yet practical, approach to this problem, by enforcing the documentation of each and every component that goes into the training or inference of an automated decision. As such, it presents the first running workflow supporting the generation of tamper-proof, verifiable and exhaustive traces of AI decisions. In doing so, we expand the DBOM concept into an effective running workflow leveraging confidential computing technology. We demonstrate the inner workings of the workflow in the development of an app to tell poisonous and edible mushrooms apart, meant as a playful example of high-stake decision support.

📄 Content

A Workflow for Full Traceability of AI Decisions Julius Wenzel1, Syeda Umaima Alam2, Andreas Schmidt2, Hanwei Zhang2, Holger Hermanns2 1Technische Universität Dresden, 2Saarland University julius.wenzel@tu-dresden.de, syal00002@stud.uni-saarland.de,schmidt,zhang,hermanns@depend.uni-saarland.de Abstract An ever increasing number of high-stake decisions are made or assisted by automated systems employing brittle artificial intelligence technology. There is a substantial risk that some of these decision induce harm to people, by infringing their well-being or their fundamental human rights. The state-of-the-art in AI systems makes little effort with respect to appropriate documentation of the decision process. This obstructs the ability to trace what went into a decision, which in turn is a prerequisite to any attempt of reconstructing a responsibility chain. Specifically, such traceability is linked to a documentation that will stand up in court when determining the cause of some AI-based decision that inadvertently or intentionally violates the law. This paper takes a radical, yet practical, approach to this problem, by enforcing the documentation of each and every component that goes into the training or inference of an automated decision. As such, it presents the first running workflow supporting the generation of tamper-proof, verifiable and exhaustive traces of AI decisions. In doing so, we expand the Decision Bill of Material (DBOM) concept (Wenzel et al. 2024) into an effective running workflow leveraging confidential computing technology. We demonstrate the inner workings of the workflow in the development of an app to tell poisonous and edible mushrooms apart, meant as a playful example of high-stake decision support. Introduction As AI models are increasingly integrated into our daily lifes, ensuring their trustworthiness has become a pressing concern. The widespread deployment of AI systems, particularly in sensitive and high- stakes domains, demands rigorous scrutiny. The European Union’s AI Act (European Parliament and Council of the EU 2024) underscores this urgency by mandating that AI systems classified as high- risk must address key issues such as transparency, interpretability, cybersecurity, and data privacy. This echoes a growing global recognition that trustworthy AI is not optional but essential for safe and ethical deployment. However, ensuring trustworthiness is far Copyright © 2026, Association for the Advancement of Artificial Intelligence (www.aaai.org ). All rights reserved. from straightforward. The opacity and complexity of modern AI models pose significant challenges for auditing and compliance, especially in high-risk scenarios. Traditional interpretability methods fall short in providing the end-to-end transparency needed for robust oversight. Bill of Materials. We propose a holistic and practical approach to this problem, enabled by treating AI models as complex software systems. By reviewing the entire implementation pipeline from data preparation, server infrastructure, and training procedures to deployment and inference, we establish tamper-proof traceability at and across each stage. Building on the concept of Decision Bill of Material (DBOM) (Wenzel et al. 2024), we propose and implement a practical approach for documenting exhaustively the components of AI system development and decision-making processes. We use cryptograpic technology to make the entire documentation tamper- proof and traceable, and this is supported by DBOM- inspection technology we develop. Use Case. As a running example when explaining and experimenting with the DBOM workflow we present FungAI, a practical mobile phone application that can help determine whether certain mushrooms (funghi) are poisonous, based on structured data and images. Such an application could support foraging safety, educational tools, or assist in biodiversity research by providing quick, automated assessments of mushroom toxicity. Wrong classifications may come with high-stake consequences if blindly followed. In this respect, the app shares crucial characteristics with more serious high-stake applications, such as skin cancer recognition apps or other medical image classification systems. Contributions. The paper contributes the following: • We present a fully functional DBOM workflow, enabling tamper-proof, verifiable and exhaustive traces of AI decisions. • We discuss threats to the dependable functioning of a generic AI system, and in how far DBOMs protect against these threats. arXiv:2511.11275v2 [cs.AI] 17 Nov 2025 • We apply the approach to the FungAI use case. • We discuss first empirical evaluations together with first components of an ecosystem of DBOM-based tools. Organization of the Paper. We continue this paper by reviewing the scientific context of the work. A characterization of a generic AI system is the base for discussing threats to the dependability of AI decision systems, and the role of DBOMs in protect

This content is AI-processed based on ArXiv data.