Requirements engineering is a mature discipline. Its standards, methods, and tools were developed over decades to support increasingly complex systems and increasingly rigorous forms of verification.
By the early 2010s, many of the foundations that still define the field had reached a stable form. ISO/IEC/IEEE 29148 provided an international framework for requirements engineering. EARS offered a practical and widely adopted approach to requirements syntax. Requirements management platforms had become established across regulated industries. Organizations operating within aerospace, automotive, medical device, defense, rail, and energy sectors could point to a common body of practices for defining, reviewing, tracing, and governing requirements.
The framework was built for a particular engineering environment. Requirements were written by people, reviewed by people, and assessed against standards applied by people. The discipline's primary challenges involved scale, consistency, traceability, and organizational adoption. As programs grew larger, requirements management systems emerged to maintain relationships between requirements, designs, tests, and change activities. As concerns about writing quality became more visible, requirements quality tools appeared to evaluate requirements against established guidance and standards. Together, these developments strengthened the discipline without fundamentally changing its operating assumptions.
Those assumptions are now being tested.
The engineering environment of the mid-2020s differs materially from the environment in which much of the current framework was established. Generative AI systems are increasingly capable of producing engineering artifacts that resemble those created by experienced practitioners. Requirements can now be generated, transformed, summarized, decomposed, and reviewed with a level of speed that was previously unavailable to engineering organizations. At the same time, governments, regulators, and standards bodies have begun introducing new frameworks intended to govern the use of AI in operational environments. ISO/IEC 42001, the European Union AI Act, and the NIST AI Risk Management Framework are examples of a broader movement toward formal AI governance.
These developments are occurring while existing engineering obligations remain unchanged. Standards such as DO-178C, ISO 26262, IEC 61508, IEC 62304, ISO 13485, and related regulatory frameworks continue to require organizations to demonstrate the quality, traceability, rationale, and defensibility of the artifacts they produce. The introduction of AI does not remove those obligations. In many cases, it makes them more difficult to satisfy.
For the first time, requirements engineering is being shaped simultaneously by advances in generative AI, emerging AI governance frameworks, and long-established certification standards. Organizations are being asked to incorporate new forms of automation while continuing to satisfy obligations that were originally written for human-authored engineering artifacts. Much of the uncertainty surrounding AI in engineering originates at this intersection.
The change is not only technical. It is economic. Generative AI has made candidate engineering artifacts abundant. The scarcity that once sat at the point of creation has moved to the point at which those artifacts can be defended. Producing engineering work quickly is now a solved problem. Producing engineering work that survives design review, supplier acceptance, safety review, audit, change approval, and certification is the new bottleneck. A team that adopts AI to generate faster without a corresponding path to defensibility has not gained speed. It has built a backlog it cannot defend.
The existing requirements engineering framework remains valuable. The standards are still relevant. The guidance remains sound. The challenge is that the framework describes requirements, reviews, traceability, and governance without fully describing the operating architecture required to support those activities in environments where humans and automated systems participate together.
This book proposes a Requirements Operating Model for those conditions.
The model does not replace existing standards, methods, or tools. It assumes their continued importance. EARS remains relevant. ISO/IEC/IEEE 29148 remains relevant. The INCOSE Guide to Writing Requirements remains relevant. Requirements management platforms remain relevant. AI governance frameworks remain relevant. The question addressed in this book is different. It concerns the operating architecture needed to connect these elements into a coherent and governable system.
At the center of the model is a Knowledge Substrate, a structured and computable representation of engineering knowledge from which requirements, decisions, constraints, and evidence can be derived. Around that substrate are the processes responsible for introducing information into the system, transforming it, governing it, and producing engineering artifacts from it. The model also introduces principles for separating generation from evaluation, defines the organizational responsibilities required to operate the system, and describes a maturity path organizations can follow as they adopt increasingly automated engineering practices.
This book reflects the state of the discipline as it exists in the mid-2020s. The technologies, regulations, and governance frameworks discussed throughout are evolving rapidly, and future editions may revise portions of the model as those conditions change. The purpose of this work is not to predict the final form of requirements engineering. It is to provide an architectural framework for organizations navigating the conditions that exist today.
The chapters that follow introduce the model, describe its components, and examine how it can be applied within regulated engineering environments.