Why AI in the Utility Back Office Needs the Same Audit Trail as Everything Else
Nuclear and electric utilities run on documented quality programs and audit evidence. Putting AI under governance means every internal action stays attributable, policy-controlled, and recorded.
The regulated work is the paperwork
NRC 10 CFR Part 50, Appendix B lays out eighteen quality-assurance criteria for a nuclear plant. Read through them and most of the criteria govern documents rather than hardware: design control, document control, corrective action, records retention, audits. The plant runs on turbines and switchyards. The regulation mostly reaches paperwork: the condition report someone files, a procedure change routed through review, the record showing an operator trained on the current revision.
AI is now landing in exactly this part of the business. Staff draft condition reports with a model, summarize a thousand-page design basis document, or ask a chatbot to interpret a procedure step. Each of those is an administrative action that touches a controlled record. Without governance, the assistant becomes one more author whose work nobody can trace, and the audit evidence the quality program depends on never gets created.
What happens when a condition report passes through a public model
The corrective action program is central to nuclear operations. Someone notices a degraded condition, writes it up, it gets screened, dispositioned, and tracked to closure. Appendix B Criterion XVI requires that conditions adverse to quality be promptly identified and corrected, with the cause and the correction documented. Suppose an operator pastes a draft condition report about a degraded safety-related valve into a public model to clean up the wording. The screening step now runs against text that left the company with no record it did, and the cleaned-up version that comes back could carry a changed component identifier the reviewer never sees.
No system flags any of this when it happens. Months later an auditor asks how that condition report was authored and reviewed, and nobody can fully reconstruct it. The work looked complete. But Criterion XVI calls for the cause and correction to be documented, and there is no evidence the disposition was done correctly, which is what an auditor writes up as a finding.
We built LogicNerve around the failure we worry about most: an action that looks complete but left no trail anyone can stand behind in an audit.
CIP-015-1 treats AI calls as network activity you have to see
The grid side carries its own mandate. NERC CIP-015-1 extends internal network security monitoring inside the trust zones that protect the bulk electric system. The standard expects you to know what is talking to what, to collect evidence, and to detect activity that should not be there. An AI agent on a workstation that also reaches operational systems, reaching out to an external API endpoint, is precisely the kind of east-west traffic these controls were added to surface.
Shadow AI use rarely announces itself on the network in a clean, labeled way. An employee opens a browser tab, and sensitive configuration data or a clearance procedure leaves the building over ordinary HTTPS to some inference provider. To a monitoring tool, what shows up is an outbound session to an unfamiliar destination, carrying payload no one approved. CIP-015-1 wants that flow collected and detected. If it cannot be tied to a known agent with a known purpose, it is unmonitored egress that the standard expects you to have caught.
Route the requests instead of banning the tools
The instinct at a lot of utilities is to ban the tools outright. Bans hold until a deadline gets tight, and then the work still has to ship, so someone finishes it on a personal account where nobody can see the usage. Routing is the more durable answer: every request goes to an approved, department-owned agent. Records management gets an agent scoped to records work. Engineering gets one that already knows the document control rules. A separate agent sits in front of the corrective action program, because that is where a wrong revision does the most damage. Each one runs under policy, against the right revision, with the prompt and the response captured as evidence.
That also turns the audit into a routine handoff. When an examiner asks how a procedure change was drafted or who summarized a design basis package, you hand them a record. The qualification check, the access controls, the retention period, and the monitoring trail are already part of how the work ran, so the AI-assisted work clears the same Appendix B and CIP-015-1 bar as any other controlled activity at the plant.
Get in touch to see how LogicNerve can help your organization adopt AI responsibly.
Sources
NRC 10 CFR Part 50, Appendix B: Quality Assurance Criteria for Nuclear Power Plants (eCFR)
NERC CIP-015-1 Critical Infrastructure Protection Reliability Standard (Federal Register)