**Article 9**

### Establishment and Scope of the Risk Management System

Norwin Industrial Technologies has established and formally documented a comprehensive risk management system (RMS) specifically tailored for Gas Safety Insight, reflecting its classification as a high-risk AI system for critical infrastructure monitoring. This RMS operates as a lifecycle-spanning, iterative process encompassing design, development, deployment, and ongoing maintenance phases. It is governed by an internal Risk Oversight Committee tasked with upholding procedural compliance and periodic review. The RMS documentation explicitly defines roles, responsibilities, and timelines for risk analysis updates, ensuring continuous alignment with the system’s evolving operational context and amendments in regulatory expectations.

### Identification and Analysis of Known and Foreseeable Risks

A dedicated multidisciplinary risk assessment team has conducted extensive identification and analysis of all known and reasonably foreseeable risks related to Gas Safety Insight. Inputs included historical incident logs from natural gas networks covering over 15 years, safety engineering reports, and relevant scientific literature on sensor and AI system vulnerabilities. The primary risk categories identified are false negatives (failures to timely detect leaks or pressure anomalies), false positives leading to unnecessary operational disruptions, sensor malfunction or data corruption affecting model accuracy, and potential cybersecurity threats undermining system integrity. Each hazard was analyzed with respect to its potential impact on health, safety, and fundamental rights, specifically highlighting scenarios that might lead to greenhouse gas leaks, explosions, or prolonged service interruptions.

### Estimation and Evaluation of Risks under Intended Use and Foreseeable Misuse

Utilizing probabilistic risk modeling techniques, the team estimated the likelihood and severity of each identified risk, both under normal operational use as well as under foreseeable misuse scenarios such as sensor tampering, delayed data feeds, and operator error in interpreting system outputs. For example, false negative rates were quantitatively assessed at 1.2% based on rigorously labeled validation datasets comprising 2 million sensor and log records from operational environments. Robustness analysis against noisy and adversarial input data was conducted to simulate plausible misuse. The evaluation employed standardized metrics including Receiver Operating Characteristic (ROC) curves, F1 scores, and confusion matrices calibrated to minimize Type II errors relevant to safety-critical events.

### Post-Market Risk Monitoring and Data-Driven Updates

Gas Safety Insight incorporates an integrated post-market monitoring (PMM) infrastructure enabling continuous risk evaluation through real-time logging and telemetry from deployed instances. Anomaly reports, user feedback, and system performance metrics are systematically collected and analyzed monthly to identify emergent or previously unrecognized risks. For example, during the first six months of deployment within two large European gas networks, PMM detected a previously unforeseen risk of drift in sensor calibration impacting model predictions under specific environmental conditions. This observation triggered targeted model retraining and sensor recalibration protocols, thereby demonstrating dynamic risk mitigation based on field data in compliance with Article 72 requirements.

### Risk Management Measures and Their Design Integration

Risk mitigation measures were developed and embedded during design and development stages. To reduce false negatives, redundancy was implemented through a hybrid modeling strategy combining GBDT’s robustness to tabular sensor data with Transformer encoders’ capacity for contextual sequence modeling of operational logs. Feature engineering incorporated domain expert knowledge to weigh sensor inputs related to pressure thresholds and chemical signatures prominently. Data preprocessing includes automated outlier detection and imputation to minimize corrupted input risks. In addition, access controls and encryption protect data integrity and system components against cybersecurity threats. Relevant user guidance documents and operational training modules have been developed to facilitate proper interpretation of system outputs by gas network personnel, considering their technical expertise and typical decision-making environments.

### Consideration of Requirement Interaction and Balance

The risk management measures take into account the interplay with other legal and technical requirements, balancing system performance, interpretability, and operational feasibility. For instance, the integration of Transformer architectures improved contextual detail recognition without significantly increasing computational latency, preserving real-time responsiveness crucial for safety interventions. Training programs reflect typical knowledge levels and usage contexts of maintenance personnel, supporting appropriate risk communication without overburdening workflows. The overall risk control strategy promotes proportionality, focusing resources on hazards with the highest risk magnitude and frequency while maintaining compliance with transparency and robustness principles prescribed in this Section.

### Risk Acceptability, Residual Risk Evaluation, and Documentation

Residual risks were quantified after implementation of mitigation measures, using the defined probabilistic metrics. The highest residual risk pertains to rare sensor failures under extreme environmental conditions, which was reduced to an estimated occurrence probability below 0.05%. Acceptability thresholds were established in consultation with domain safety standards, including IEC 61508 for functional safety and EN 50156 for gas network operations. All residual risk assessments are documented in the Risk Management File, including justification for accepted risks based on technical feasibility constraints and cost-benefit analyses. Comprehensive traceability matrices link identified hazards to specific mitigations and testing results, enabling transparent auditability.

### Verification through Testing and Validation Procedures

Extensive testing campaigns were executed throughout development and prior to market release. These included unit testing of individual AI modules, system integration tests combining GBDT and Transformer components, and end-to-end validation against synthetic and real-world datasets totaling over 10 million sensor and log records. Testing included scenario simulations of pressure spikes, leak events, and sensor failures, conducted in laboratory conditions and pilot field deployments. Performance thresholds defined in the Test and Validation Plan specified minimum sensitivity at 98% with false positive rates below 3%, benchmarks that were consistently met or exceeded. Adversarial testing assessed system resilience to manipulated input streams, confirming robustness above industry-standard benchmarks for critical infrastructure AI.

### Real-World Testing in Operational Environments

Pilot deployments of Gas Safety Insight in live gas network segments were conducted in compliance with Article 60 parameters, involving controlled real-world testing over a six-month period across two EU countries. Operational data were collected under routine conditions and stress scenarios including incomplete sensor coverage and network maintenance outages. The system demonstrated consistent anomaly detection accuracy aligned with prior validation outcomes. Continuous communication protocols ensured immediate operator notification and incident logging, facilitating iterative feedback and rapid response to emerging system limitations. These deployments provided critical evidence supporting the system’s risk profile under authentic operating conditions.

### Considerations for Vulnerable Groups and Minors

Given the system’s critical infrastructure nature, an assessment was conducted to consider potential adverse impacts on vulnerable populations, including minors and sensitive community groups residing near gas infrastructure. The evaluation concluded that risks primarily manifest through physical safety hazards such as gas leaks and explosions, which have universal impact profiles. Nonetheless, risk communication strategies were designed to include clear, accessible safety warnings for end-users in affected regions, adaptable by deployers for local languages and literacy levels. Training materials emphasize awareness of vulnerable group proximity and incorporate instructions for emergency response tailored to potential indirect harms arising from system failures or inaccuracies.

### Integration with Other Internal Risk Management Processes

Norwin Industrial Technologies aligns Gas Safety Insight’s risk management with internal quality management systems certified under ISO 9001 and safety standards such as ISO/IEC 27001 for information security. This integrated approach includes periodic audits, incident investigation procedures, and continuous improvement cycles, thereby fulfilling multiple regulatory frameworks while satisfying Article 9’s requirements. The risk management activities and documentation are maintained in a unified compliance repository accessible to authorized personnel and external auditors, ensuring coherence and traceability across intersecting legal mandates.