Insights / PSF Compliance
PSF Compliance Explained
PSF compliance means an AI system has been assessed against the Production Safety Framework — the eight-domain standard for deploying AI in production environments. This guide explains what compliance requires, how it is assessed, and which practitioner certifications map to each domain.
Production AI Institute · 8 min read · Updated May 2026
What Is the PSF?
The Production Safety Framework (PSF) is a structured standard developed by Production AI Institute that defines the minimum controls required before an AI system can be considered production-ready. It was designed to fill the gap between ad-hoc deployment practices and the rigour that regulated industries, enterprise buyers, and procurement teams expect.
The PSF is organised into eight domains, each covering a distinct control surface. A PSF-compliant system has documented, tested controls in all eight. Partial compliance — covering some domains but not others — is documented in an assessment but does not meet the full standard.
The Eight PSF Domains
Validation, sanitisation, prompt-injection defence, and intent classification at the system boundary. Every input path must be treated as a potential attack surface.
Structured checks on model outputs before they reach users or downstream systems. Covers hallucination detection, format enforcement, and toxicity filtering.
Controls on what data the AI system can access, retain, and transmit. Includes PII handling, data minimisation, and cross-tenant isolation.
Logging, tracing, and monitoring sufficient to reconstruct what the system did and why. A system that cannot be observed cannot be trusted in production.
Rollback capability, staged rollouts, environment parity, and release gating. Production AI systems need the same deployment rigour as any other production software.
Defined escalation paths, human-in-the-loop checkpoints, and override mechanisms. Autonomy without oversight is not production-ready.
Authentication, authorisation, secret management, and adversarial input handling. LLM-specific attack classes require controls beyond standard application security.
Dependency mapping, fallback providers, SLA monitoring, and continuity planning for third-party model and infrastructure dependencies.
How PSF Compliance Is Assessed
PSF compliance assessments follow a structured evidence-review process. For each domain, the assessor reviews documented controls, architecture diagrams, test results, and operational procedures. Self-attestation without supporting evidence does not satisfy the standard.
Production AI Institute offers the Deployment Safety Assessment (DSA) for organisations that want a formal third-party PSF review. The DSA produces a domain-by-domain scorecard, a gap analysis, and a remediation roadmap.
For practitioners who want to demonstrate individual PSF knowledge, the Certified LLM Operations Engineer (CLOE) and Certified AI Safety Specialist (CAIS) certifications cover the framework in depth.
Certifications That Demonstrate PSF Knowledge
Individual practitioners can demonstrate PSF competency through Production AI Institute certifications. Each certification maps to specific PSF domains:
Covers: PSF-1, PSF-2, PSF-4, PSF-5
Covers: PSF-1, PSF-2, PSF-6, PSF-7
Covers: PSF-3, PSF-6, PSF-8
Covers: PSF-1, PSF-2, PSF-4, PSF-5
Covers: All eight domains (audit perspective)
PSF Compliance vs. Regulatory Compliance
PSF compliance is a technical and operational standard, not a legal one. It does not replace EU AI Act obligations, GDPR requirements, or sector-specific regulations. It does, however, provide documented evidence of controls that regulators and auditors commonly look for.
Organisations subject to the EU AI Act will find that PSF-compliant systems satisfy a substantial portion of the technical documentation requirements for high-risk AI systems. The PSF was designed with regulatory alignment in mind, though independent legal review is always required for compliance determinations. See our analysis: EU AI Act and Production AI.
Turn the evidence into production practice.
Use the PSF, research library, and Lab material to review your own deployment. Credentials are available when a client, employer, or regulator needs public proof.