What is the Production Safety Framework?

The Production Safety Framework (PSF) is a free, open standard published by the Production AI Institute for governing production AI deployments. The current release is PSF v1.1 (2026). It covers eight domains: Input Governance, Output Validation, Data Protection, Observability, Deployment Safety, Human Oversight, Security, and Vendor Resilience.

How many domains does the PSF have?

The PSF has eight domains, each addressing a distinct category of production AI risk.

Is the Production Safety Framework free?

Yes. The Production Safety Framework is freely available. Any organisation can adopt it for internal AI governance without payment or licence agreement.

How does the PSF relate to the EU AI Act?

The PSF maps closely to EU AI Act obligations. PSF-6 Human Oversight directly implements Article 14. PSF-4 Observability addresses Article 12 record-keeping. PSF-2 Output Validation supports Article 13 transparency. PSF-3 and PSF-8 include explicit mapping hooks for deployer and provider data and regulatory posture.

Production AI Institute · PSF v1.1 open standard

AI Right-To-Know AI Data Use Index Check My AI Tools Policy Change Watch Agent Readiness Public Benchmark ContactGlobal standard · Worldwide

PSF v1.1 · April 2026

The Production Safety Framework

The PSF defines the domains of practice a production AI deployment must address to be considered safe, responsible, and professionally maintainable. It is model-agnostic, cloud-agnostic, and applies to any organisation deploying AI in a production environment — regardless of which models, platforms, or vendors they use.

Read the eight domains How to cite the PSF Version history

Framework Ledger

PSF v1.1

2026

01

Eight domains

Controls from input governance to vendor resilience

02

Model agnostic

Applies across clouds, APIs, open models, and hosted stacks

03

Open reference

Free to cite in policy, procurement, hiring, and research

04

Assessment base

Maps directly to PAI-8, Lab scorecards, portfolio review, and credentials

Reference implementation

Model the PSF in WorkflowOS

The standard is text. WorkflowOS is the working artifact — design workflows, run PSF analysis, simulate runs, and export evidence. Free on the web, or fork the MIT-licensed source and self-host for clients.

Open hosted Studio →View on GitHub

Choose the proof attached to the standard

The PSF is free. The proof path is where people commit.

Visitors arrive here to understand the standard. Route them immediately to the evidence level their role needs.

I need to learn it

Start with free, verifiable PSF proof.

AIDA turns the standard into a registry-verifiable baseline for practitioners, analysts, and operators.

Start free AIDA →

I need to apply it

Assess a real deployment against the PSF.

Use DSA when the standard needs to become external evidence for a live AI workflow.

Scope a DSA →

I need to roll it out

Turn the standard into an organisation programme.

Use the organisation path when policy, procurement, training, and governance need one common operating model.

Choose org path →

I advise clients

Build an MSP offer around the standard.

Package PSF adoption into discovery, workshops, controls, and recurring AI governance revenue.

Get MSP launch pack →

Why this standard exists

Every major cloud platform offers certifications that teach their platform. AWS certifications test AWS. Google certifications test Google Cloud. Azure certifications test Azure. None of them tests whether a practitioner understands how to deploy AI safely when the underlying model changes, when the vendor's service goes down, or when the use case involves personal data they were not designed to handle.

Production AI deployment is a discipline — not a vendor configuration exercise. The same principles of input governance, output validation, data protection, observability, deployment safety, human oversight, security, and vendor resilience apply whether you are running GPT-4o through OpenAI's API, Claude through AWS Bedrock, Llama on your own infrastructure, or Qwen through a European hosting provider.

The Production Safety Framework was developed to fill this gap. It describes the eight domains of practice that any serious production AI deployment should address, in terms that are independent of any specific vendor, platform, or model family.

The framework is published openly and free to reference. PAI certification tests mastery of the PSF — not familiarity with any vendor's product.

Framework Domains

Eight domains of production AI practice

Each domain is covered in the AIDA examination. PSF-1 through PSF-7 are assessed in CPAP portfolio submissions. All eight domains are required for CPAA.

PSF-1
DOMAIN 01

Input Governance

Every input reaching an AI model must be validated, sanitised, and treated as untrusted.

›Sanitise user input and detect injection before any model call
›Validate input schemas (type, length, structure) at the boundary
›Log inputs with PII redacted for auditability
›Rate-limit AI endpoints with alerting on abuse patterns
›Treat the system prompt as a non-overridable security boundary

PSF-2
DOMAIN 02

Output Validation

Raw model output is never trusted. Every output is validated before it acts on any system.

›Enforce structured output schemas on every response
›Define fallbacks when validation fails — never fail open
›Apply semantic checks beyond structural schema where feasible
›Never pipe raw model output straight to data stores, APIs, or UIs
›Sample-based quality scoring with trending over time

PSF-3
DOMAIN 03

Data Protection

Personal and sensitive data is protected throughout the AI pipeline, not just at rest.

›Redact or tokenise PII before external model APIs except where strictly justified
›Document legal basis for processing; map EU AI Act data roles where applicable
›Minimise data in prompts, retrieval, and logs; enforce retention and purge
›Apply lifecycle and access controls to vector stores like primary databases
›Schedule PII purge from AI logs per policy

PSF-4
DOMAIN 04

Observability

You cannot manage what you cannot measure. Every AI system in production must be observable.

›Log each inference with IDs, model/version, tokens, latency, outcome; correlate multi-hop chains
›Automated output quality sampling with stored trends
›Drift and quality alerts, including per-stage signals in multi-model pipelines
›Capture user feedback and correlate with outputs
›Operational health dashboards for on-call without raw-log access

PSF-5
DOMAIN 05

Deployment Safety

Every model change is a risk. Production AI deployments require the same rigour as critical software.

›Pipeline with evaluation gates for every model, prompt, or config change
›Canary or shadow for material changes before full cutover
›Documented, tested rollback within 15 minutes
›Automated eval suites block regressions
›Reconstruct model version and prompt hash for any logged output

PSF-6
DOMAIN 06

Human Oversight

Automation does not mean unaccountable. High-stakes AI decisions require human checkpoints.

›Classify decisions by stakes and reversibility
›Mandatory HITL for high-stakes / irreversible paths; bounded autonomy for agentic flows
›Escalate to named humans instead of silent failure
›Log and review human overrides for systematic issues
›Transparent AI use where the law or materiality requires it

PSF-7
DOMAIN 07

Security

AI systems introduce new attack surfaces. Standard security practices must extend to cover them.

›Secrets manager for keys; no credentials in repos
›Per-environment keys with spend controls
›Document and review model calls, data sources, and tools
›Treat prompt injection as a vulnerability class with testing
›Minimal authority for agents; validate tools; confirm irreversible actions

PSF-8
DOMAIN 08

Vendor Resilience

A production AI system that only works with one vendor is a liability, not an asset.

›Abstract providers behind an internal API; configuration-level switching
›Test at least one alternative model; assess prompt portability
›Document dependencies with contingencies
›Avoid vendor lock-in in core logic without justification and migration plan
›SLAs, DPAs, and regulatory role mapping on file and reviewed when vendors change

How the PSF is used

Practitioners

Use the PSF as a self-assessment checklist before and after deploying AI systems. The AIDA examination tests PSF knowledge. CPAP portfolio submissions are assessed against PSF criteria.

Organisations

Reference the PSF in procurement specifications and job descriptions to define what 'production-ready AI' means in their context. CAI-certified organisations have demonstrated PSF alignment in their delivery methodology.

Hiring teams

Use AIDA certification as a baseline signal that a candidate understands production AI safety across all eight domains — not just the vendor platforms they've previously used.

Researchers and policy-makers

Cite the PSF as a practitioner-developed reference for what production AI governance looks like in practice. The framework is referenced in PAI research on the EU AI Act.

Licensing and citation

The Production Safety Framework is published under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence. You may freely share, adapt, and build on the framework for any purpose, including commercial use, provided you attribute the Production AI Institute.

If you are referencing the PSF in a job description, procurement document, research paper, or internal policy, see our citation guidance for the recommended attribution format.

Recommended short citation

Production AI Institute. (2026). Production Safety Framework v1.1. productionai.institute/standard

Full citation guidance (APA, IEEE, BibTeX) →Version history and changelog →

The standard comes before the credential

The Production Safety Framework is a published standard: open, freely available, and not owned by any commercial product. You do not need a credential to use, cite, or implement the PSF; credentials exist for moments when an individual or organisation needs external evidence that the standard has been understood and applied.

AIDA Examination

Tests knowledge across all eight PSF domains. 20 questions. Offered at no charge.

Learn more →

CPAP Review

Assesses a real production deployment against PSF criteria. Portfolio submission + expert review.

Learn more →

CPAA Panel

The most rigorous individual assessment. Portfolio plus structured panel interview.

Learn more →

Companion Standard

PAI-8: The Organisational Governance Standard

The PSF defines what safe AI deployment looks like at the system level — the technical controls every production AI deployment must address. PAI-8 defines what safe AI governance looks like at the organisational level — the 8 controls every enterprise deploying AI must address to demonstrate governance maturity.

The two standards are complementary and parallel: PSF maps to what practitioners implement; PAI-8 maps to what organisations govern, audit, and report on. AIDA and AIMA certify PSF mastery. CAIA certifies PAI-8 audit capability.

Read the PAI-8 Standard →Commission a PAI-8 Audit

PSF

Technical deployment safety

Domains: D1–D8

Certifications: AIDA · AIMA · CPAP

PAI-8

Organisational governance

Domains: C1–C8

Certifications: CAIA

How they map

PSF D6 Human Oversight ↔ PAI-8 C5 Human Oversight
PSF D1 Input Governance ↔ PAI-8 C2 Risk Assessment
PSF D3 Data Protection ↔ PAI-8 C3 Data Stewardship
PSF D8 Vendor Resilience ↔ PAI-8 C8 Vendor & Supply Chain

Start here — production AI

Foundational reference pages for practitioners and teams evaluating production AI safety, agent readiness, and certification paths.

What is production AI? →AI agent production ready checklist →AI certification compared →AI-proof your career →WorkflowOS open-source PSF studio →PSF standard →

The Production AI Brief

Get the brief that keeps AI work defensible

PSF updates, deployment checks, failure patterns, and proof paths for practitioners, MSPs, and teams who need AI work to survive scrutiny. No hype.