**Article 9**

### Establishment and Maintenance of the Risk Management System

Aegis Mobility Technologies has established a comprehensive risk management system specifically tailored to the Guardian Signal Controller, recognized as a high-risk AI system due to its safety-critical role in managing municipal traffic signals. This system is documented within the Provider’s quality management framework and has been implemented following ISO 31000 risk management principles, adapted for AI lifecycle risks. Continuous operation and iterative updates are planned throughout all development, deployment, and operational phases, ensuring that evolving risks are promptly identified and mitigated. The risk management documentation includes detailed schedules for regular assessments, responsible roles within the organization, and mandatory triggers for review such as software updates, changes in sensor hardware, or incident reports from post-market monitoring.

### Risk Identification and Analysis

The initial risk assessment combined data-driven hazard identification with expert consultation from traffic safety engineers and human factors specialists. Known risks include false negatives in anomaly detection (e.g., failing to identify a red-light violation), false positives causing unnecessary signal changes, sensor or video feed interference, environmental variability such as adverse weather, and latency issues impacting real-time responsiveness. Reasonably foreseeable risks extend to system misuse scenarios such as incorrect installation angles of sensors, cyber interference attempts, or atypical traffic behaviors caused by local events. The AI models’ decision boundaries were analyzed to identify vulnerabilities to perturbations in input data. Furthermore, potential fundamental rights impacts were assessed, focusing on non-discrimination and privacy through ensuring that the system does not influence traffic based on individual characteristics but solely on objective traffic conditions.

### Risk Estimation and Evaluation

Quantitative risk estimation employed both statistical model performance metrics and scenario-based impact analysis. The CNN modules were benchmarked on a dataset of 1 million annotated video frames collected from 50 urban intersections, yielding a pedestrian and vehicle detection accuracy of 96.8% and a false negative rate below 1.5% in anomaly detection. The Random Forest classifier was subjected to uncertainty quantification via out-of-distribution testing and ensemble variability analysis, achieving a confidence level of 95% in classification decisions under variable conditions. Simulated deployment scenarios included variable lighting, occlusions, and varying traffic densities, showing the residual risk of system failure per hour of operation to be below 0.02%. Misuse cases were evaluated through red-team testing where installation errors and electronic interference were artificially introduced, allowing estimation of risk increase under those conditions and informing system robustness measures.

### Integration of Post-Market Monitoring Data

Data collected from the post-market monitoring system, as delineated under Article 72, feeds directly into the risk management loop. Initial pilot deployments monitored over a six-month period in three municipalities generated systematic feedback on false alarm rates, signal timing deviations, and safety incidents in real time. This data was anonymized, aggregated, and analyzed weekly, revealing initial risk patterns such as increased false positives during heavy rain, which triggered targeted model retraining and algorithmic adjustments. This continuous incorporation of operational data allows dynamic updating of risk profiles and prioritization of mitigation measures.

### Risk Management Measures and Their Interaction

Risk elimination and reduction measures include model architecture design choices, sensor fusion strategies, and anomaly detection thresholds calibrated to balance sensitivity and specificity. Convolutional Neural Networks use spatial feature extraction with batch normalization and dropout layers to reduce overfitting, enhancing model robustness against environmental noise. The Random Forest classifier employs feature importance weighting, allowing adaptive tuning to prioritize critical sensor inputs during adverse conditions, thus minimizing erroneous decisions. The system architecture ensures modular updates allowing isolated improvements with minimal disruption. System documentation includes detailed AI model versioning and validation reports demonstrating how these design decisions reduce identified risks. Technical information provided to deployers includes installation guidelines, operational limits, and a user manual explicitly detailing the system’s scope to preclude deployment contexts beyond the intended use, preventing misuse and cascading risk interactions.

### Residual Risk Evaluation

Residual risk for each hazard was assessed post-mitigation by analyzing testing outcomes and predictive failure modes. For example, residual risk related to pedestrian misclassification is maintained at a level considered acceptable by urban traffic safety standards (<0.5% per day per intersection), based on empirical data from simulated and real-world tests. Overall system residual risk, aggregated from individual hazard contributions using probabilistic risk modeling, remains below the provider’s predefined acceptability threshold established through alignment with European traffic safety-performance benchmarks. The balance between risk reduction measures and functional performance aims to prevent over-restricting system responsiveness, thereby preserving operational safety and efficiency.

### Risk Mitigation Strategies

Where risks could not be fully eliminated at design or development stages, additional mitigation strategies are implemented. These include automated system health monitoring with fault detection triggering fail-safe traffic light modes, fallback algorithms to simpler heuristic controls in the event of model uncertainty exceeding thresholds, and encrypted communication modules protecting sensor data integrity. Deployment support includes remote diagnostic capabilities and regular software update mechanisms to address vulnerabilities as they emerge. Furthermore, comprehensive training materials incorporating system limitations, typical error modes, and troubleshooting support are provided to deployers, who are presumed to have traffic management expertise but receive specialized AI-system-specific guidance.

### Testing Protocols and Procedures

A comprehensive test plan encompasses unit, integration, system, and acceptance testing stages. Testing regimes utilize synthetic and real-world datasets to evaluate detection accuracy, classification robustness, latency, and fail-safe activation rates. Metrics such as precision, recall, F1-score, response latency (target <200 ms), and system uptime (>99.9%) are employed with probabilistic thresholds reflecting acceptable risk levels for each metric. Real-world testing occurred over successive deployment phases in controlled operational environments replicating diverse intersection typologies and volumes, with data collection enabling continuous improvement. Adversarial robustness testing evaluated resistance to visual spoofing (e.g., signs or objects designed to confuse the system) and sensor noise, informing retraining cycles and model update schedules.

### Real-World Testing and Lifecycle Application

To validate performance under real-world conditions, large-scale pilot programs deployed Guardian Signal Controller at 75 intersections across three cities for periods ranging from three to nine months each, consistent with Article 60 provisions. Data from these deployments were used to inform ongoing risk management activities and to verify that operational performance met safety and accuracy requirements pre-market placement and continue to do so throughout active service periods. The iterative development life cycle integrates feedback loops between field data, risk assessment updates, and model retraining, thereby operationalizing risk evaluation and mitigation continuously.

### Vulnerable Groups Considerations

Specific consideration was given to potential impacts on persons under 18 years of age and other vulnerable road users such as cyclists and pedestrians with mobility impairments. Data analysis focused on detection rates and response times for these groups, ensuring no performance degradation relative to the general population. The provider’s design choices reflect a risk-averse approach favoring conservative safety margins (e.g., extra buffer times in signal timing when pedestrians are detected). Documentation includes an impact assessment detailing these findings and justifications for selected thresholds, thereby supporting targeted safeguards against disproportionate or adverse effects on vulnerable users.

### Alignment with Other Union Law Risk Management

The Guardian Signal Controller’s risk management procedures have been aligned with relevant internal risk processes under applicable Union road safety legislation and standards. Cross-referencing these provisions ensures a harmonized approach, avoiding duplication while maintaining stringent AI-specific risk controls required under this Regulation. The risk management documentation explicitly references these other frameworks, incorporating their outputs and complementing them with AI lifecycle-specific measures consistent with Article 9 requirements.