EAAF Association · eaaf.ai · 2026 Industry-led · Independent

Independent assurance for AI in energy operations.

⎯ Mission

EAAF is the energy industry's independent AI assurance framework — the standard for certifying that AI systems making decisions in drilling, production, and reservoir operations are safe, accountable, and fit for purpose.

Read the White Paper v2.0 · PDF Explore Framework
0/ standards
Sector-specific AI assurance
frameworks for energy today
$300M
Exploration well failure
from one drifted ML model
6/ gaps
Energy-specific risks NIST
AI RMF does not cover
ADIPEC'26
Public launch · certification
program opens
⎯ Part 01 · The Problem

The Governance
Vacuum.

AI systems are deployed today across upstream, midstream, and downstream operations — interpreting seismic, steering wells, adjusting downhole pumps, calculating emissions. Vendors self-certify. No independent body audits. When something goes wrong, the accountability chain dissolves across the supply chain to the point of no one in particular.

Unlike consumer AI, where a bad recommendation is an inconvenience, an AI failure in energy can have immediate physical consequences.

Below are four scenarios drawn from the documented operational record. Each required only a model that was not properly validated for its operational context, deployed without adequate governance, and certified by no one. None required catastrophic system collapse. Each happened — or will — when probabilistic systems make safety-critical recommendations through supply chains where responsibility has been distributed to dissolution.

Potential failure modes
Cost Accountability
SC / 01
Drilling parameter optimizer misreads formation pressure.
Autonomous system maintains weight-on-bit above safe limits. Differential sticking, 48-hour fishing operation. The model had never been field-validated in this basin — it was transferred from a different geological province without recalibration.
$4.0M
Non-productive time
Vendor? Integrator? Operator? Engineer? No one in particular.
SC / 02
Production lift algorithm misclassifies a sensor anomaly.
AI adjusts downhole ESP settings in response to what it interprets as a normal fluctuation. Mechanical failure follows. The pump is lost at depth. Three weeks of deferred production while a workover rig is mobilized.
$1.8M
Workover + deferred prod.
Validation chain unbroken upstream;
no inflection point of accountability.
SC / 03
Seismic interpretation ML applied across basins without recalibration.
Model trained on one geological province systematically misidentifies a structural trap in a new exploration area. A commercial well is drilled to a location that does not hold commercial volumes. Basin-transferability was never independently tested.
$300M
Dry hole
Model developer absolved by EULA;
operator carries the loss alone.
SC / 04
Emissions AI computes flaring volumes against drifted sensor calibration.
Over twelve months, an emissions reporting system fails to detect calibration drift in the sensors feeding it. The operator files inaccurate ESG disclosures. Regulatory exposure, reputational liability, and forced restatement follow.
12 months
Misreported emissions
Auditor never validated the model;
no certification existed to validate.
⎯ On Accountability
The engineer sees the recommendation, not the reasoning. They approve it in seconds, under operational pressure. This is not decision-making. It is ratification.

Why generic frameworks fall short.

The NIST AI Risk Management Framework is the most rigorous general AI assurance standard available. It is the cited foundation for EAAF. But it is deliberately sector-agnostic, and the energy industry presents a set of risks that no general framework — NIST, EU AI Act, ISO/IEC 42001 — was designed to address.

GAP / 01
Physical asset coupling
AI outputs actuate rotary steerable systems, ESPs, gas-lift valves, compressor controls. Generic frameworks address software risk — not the AI-to-physical propagation that turns a model error into HSE consequence.
GAP / 02
Subsurface data sovereignty
NOC-held subsurface data is a sovereign national asset measured in trillions. Provenance, access control, and IP protection requirements go far beyond standard data privacy frameworks.
GAP / 03
Operational continuity, live
An AI failure during a drilling operation or production upset has immediate HSE and financial consequence. No generic framework defines what graceful degradation looks like connected to a wellbore at 4,000m under live pressure.
GAP / 04
Model drift in dynamic reservoirs
Pressure depletes. Water breakthrough alters fluid properties. AI models degrade in dynamic subsurface environments in ways that require domain-specific drift detection no general framework defines.
GAP / 05
GCC regulatory alignment
NIST is a US federal framework. UAE AI Strategy 2031, Saudi Vision 2030 digital mandates, and NESO require alignment by design — not retrofitted compliance work after the fact.
GAP / 06
ESG & emissions accountability
AI systems influencing flaring decisions and carbon accounting carry regulatory exposure. No framework addresses the auditability and explainability required for AI in emissions reporting contexts.
⎯ Part 02 · The Solution

The Energy AI
Assurance Framework.

EAAF is the energy sector's implementation profile of AI assurance — built explicitly on top of NIST AI RMF 1.0, with the architecture, audit protocols, and certification structure needed to govern AI in safety-critical energy operations. It is the standard the industry will write before regulators write it for them.

⎯ Govern-E
Govern·E
Culture and structure of AI risk management across the energy organization.
  • AI authority matrices
  • Pre-committed operational envelopes
  • Executive accountability for Category A
  • GCC regulatory obligation inventory
⎯ Map-E
Map·E
Context mapping and risk identification for every deployed AI use case.
  • Application category (A / B / C / D)
  • Physical asset coupling pathways
  • Subsurface data sovereignty mapping
  • ESG and emissions liability scoping
⎯ Measure-E
Measure·E
TEVV-E — Test, Evaluation, Verification, Validation for energy.
  • Field validation under live conditions
  • Drift detection for dynamic subsurface
  • Basin-transferability assessment
  • Independent EASC-3 audit protocols
⎯ Manage-E
Manage·E
Risk treatment, incident response, lifecycle management.
  • Incident response for AI failures
  • Continuous drift monitoring
  • Decommissioning protocols
  • Immutable attribution logging
Foundation: NIST AI RMF 1.0 (GOVERN / MAP / MEASURE / MANAGE) · Energy-contextualized as GOVERN-E / MAP-E / MEASURE-E / MANAGE-E · Cross-cutting function: GOVERN-E.
⎯ Trustworthiness

Ten pillars.
Seven inherited. Three new.

NIST's seven trustworthiness characteristics adapted for energy operations, plus three pillars that have no equivalent in any existing framework: Asset Integrity Coupled, Regulatory Aligned, and ESG Accountable.

NIST · Inherited (5) Adapted for Energy (2) New · Energy-specific (3)
P/01
Valid & Reliable
NIST
Field-validated under real operational conditions. Basin-transferability explicitly tested before cross-basin deployment.
P/02
Safe
NIST
HSE-coupled. Emergency response integration and fail-safe certification required for Category A systems.
P/03
Secure & Resilient
NIST
OT/IT convergence threats, cyberphysical attack surfaces, resilience under field network degradation.
P/04
Accountable & Transparent
NIST
Immutable attribution logging extended to physical actuation events. Accountability reaches the field operator.
P/05
Explainable & Interpretable
NIST
Interpretable to drilling and production engineers. Black-box systems structurally disqualified for Category A.
P/06
Data Sovereign
Adapted
Replaces Privacy-Enhanced. Subsurface data treated as sovereign national asset; ZKA protocol applies.
P/07
Operationally Robust
Adapted
Replaces Fair/Bias-Managed. Drift detection and recalibration protocols for evolving reservoir conditions.
P/08
Asset Integrity Coupled
New
AI-to-physical coupling certified. Failure-mode propagation pathways mapped, bounded, and mitigated.
P/09
Regulatory Aligned
New
Mandatory mapping to UAE AI Strategy 2031, Saudi Vision 2030, NESO, and sector regulators. Current or invalid.
P/10
ESG Accountable
New
Model version and confidence state immutably logged at the time of any regulatory ESG disclosure.
⎯ EASC Certification

Three tiers. One standard.

The EAAF Certification (EASC) program is delivered by EAISA-accredited auditors. It operates the same way DO-178 + EASA does for aviation, and CHAI does for healthcare AI — process compliance attested at audit, time-bound, independently issued.

EASC / 01 01
Compliant.
AI Vendors & Tech Providers
System-level certification for individual AI products. Covers model documentation, TEVV-E records, data provenance or ZKA attestation, pillar compliance by application category, immutable attribution logging.
2-year validity · annual surveillance
EASC / 02 02
Verified.
NOCs · IOCs · Operators
Enterprise AI governance audit. Covers full EAAF implementation across deployed systems — GOVERN-E structure, MAP-E completeness, automation bias mitigation, MANAGE-E incident maturity. Required for Category A deployment.
2-year validity · annual surveillance
EASC / 03 03
Accredited.
Auditors & Consulting Firms
Individual or firm accreditation to conduct EASC-1 and EASC-2 audits. Requires demonstrated expertise in both energy operations and AI systems, plus completion of EAISA auditor training and examination.
3-year validity · CPD requirement
⎯ Zero-Knowledge Audit Protocol

Certify the system. Never see the data.

A standard audit requiring access to AI training data will fail immediately with any GCC NOC. Subsurface data access triggers national security review before a technical conversation can begin. EAAF resolves this with a first-class audit methodology — not a workaround — modeled on penetration testing for classified cybersecurity systems.

The auditor characterizes system safety behavior without ever accessing sovereign training data. No competing body offers this protocol without adopting EAAF's methodology.

ZKA / 01
Synthetic stress-test validation
AI tested against EAISA's standardized synthetic dataset library — geological scenarios, drilling hazards, formation pressure anomalies, production upsets, out-of-distribution edge cases.
ZKA / 02
Behavioral boundary testing
Inputs designed to probe confidence boundaries, adversarial conditions, and scenarios outside the training distribution. Failure modes characterized without visibility into what produced them.
ZKA / 03
Legal attestation of provenance
Operator provides legally binding attestation of training data, preprocessing, and exclusions. Auditor verifies behavioral consistency through testing — not direct access.
ZKA / 04
Red-team adversarial testing
Deliberately anomalous, corrupted, and adversarial inputs verify fail-safe behavior, confidence-floor enforcement, and automatic halt conditions under the pre-committed operational envelope.
⎯ Part 03 · Engage

Where you
come in.

EAISA is industry-led. It is not a regulator imposing burden — it is the institution the energy industry needs to build before external regulators impose frameworks built without it. Founding membership and patron programs are open through 2026, with the public launch at ADIPEC.

⎯ For NOCs & IOCs
Shape the standard before it is written for you.
Join as a founding institutional member. Your participation defines what responsible AI for the global energy industry looks like — and qualifies your own digital AI products for international market credibility.
Founding Patron program
⎯ For AI Vendors
EASC-1 is the market access credential.
Independent certification is what separates your product from the self-certified alternatives your buyers will increasingly distrust. Early founding-rate certification is a competitive advantage with a time limit.
Pilot EASC-1 program
⎯ For Auditors & Consultants
Join the founding EASC-3 cohort.
10 to 15 EASC-3 accredited auditors will form the inaugural pool. Drawn from drilling and production engineers with AI exposure, and AI practitioners with energy operational context. Training pre-ADIPEC.
Accreditation pathway

Read the full case.
White Paper v2.0.

⎯ Beyond NIST

The complete argument for an energy-specific AI assurance framework — problem, framework, obstacles, design responses, and the precedents from defense, aviation, and healthcare that prove the path is viable.

Download PDF ~ 84 pages · 2.4MB Read SPE Figures
Tweaks