The software development cycle, also known as the software development life cycle (SDLC), is a structured process for developing software applications. It encompasses various phases, each contributing to the software's systematic development and deployment. Understanding the Software Development Life Cycle is crucial for developers and the industry, as it ensures that software products are developed efficiently and meet quality standards.
The concept of SLDC originated in the early days of computer science. The first formalised model, known as the "Waterfall Model," was introduced by Dr. Winston W. Royce in 1970. The Waterfall Model emphasises thorough documentation and clear project stages, including requirements analysis, system design, implementation, testing, deployment, and maintenance. Since then, various models have emerged to address the limitations of the Waterfall Model, such as iterative and incremental models, agile methodologies, and Dev Ops.
The SDLC is vital for the software industry for several reasons. It provides a clear roadmap, ensuring that development is organised and systematic. Each phase has defined goals and deliverables, which help manage project scope and timelines. These include quality assurance, identifying and addressing risks early in development, and structuring planning and budgeting resources.
The recently approved EU AI Act introduces a regulatory framework for AI systems and has profound implications for the SDLC of AI development in the EU, affecting each cycle phase.
It is important to highlight that when assessing and implementing the above novel obligations, one must continuously monitor the post-deployment of an AI system. Thus, these AI systems must be constantly monitored to ensure ongoing compliance with the AI Act. Risk management and data governance measures will likewise need regular updates, requiring the setting up of tracking systems to detect anomalies, conducting periodic audits, and updating the AI system to address new risks or vulnerabilities.
Existing AI systems already deployed before the inception of the EU AI Act will generally not need to comply with the new regulations aside from making sure that there is no banned AI. Having said this, however, should any substantial modifications be planned or required, then the AI Act will apply. Thus, developers must start catering for the required modifications in their SDLC for any direct and indirect impacts. This is very tricky and requires adequate planning to make sure that the AI system being modified can actually cater to all the required obligations mentioned above and that the required training, plugins are in place before the modified version is deployed.
Given the so-called Brussels Effect of the AI Act, the above will apply to any high-risk AI system provided in the EU or from the EU.
Specifically for developers and companies outside the EU aiming to provide AI systems within the EU, the AI Act imposes additional compliance burdens. These developers must, amongst other obligations, align their development practices with the EU’s regulatory standards, potentially requiring significant changes to their processes. This may involve reworking existing AI systems to meet EU requirements or developing new systems specifically for the EU market.
Non-EU developers must also maintain thorough documentation and be prepared for audits by EU regulators. This includes providing detailed records of the AI system's development, testing, deployment, and maintenance processes.
While the Act imposes additional challenges, it also sets a global benchmark for AI governance. By understanding and adapting to the EU AI Act, developers will comply with regulatory standards and contribute to creating safer, more reliable AI systems.
Article by Dr Ian Gauci.