Adapter ID / PEFT lineage records the specific parameter-efficient fine-tuning component associated with a run and the provenance chain that makes that component intelligible. In practice, this can include the adapter identifier, the PEFT method used, the base model to which it was attached, the checkpoint or commit hash, the relevant training dataset reference, and any version link needed to distinguish one behavioural layer from another.

Conceptually, this item sits between a simple model version label and a full training-history dossier. A base-model identifier alone tells a reviewer what underlying model family was used, but it may not explain why the run behaved in a domain-specific or task-specific way. Adapter lineage narrows that gap by documenting the additional learned layer that materially alters behaviour without requiring a wholly new foundation model release.

This matters in GenAI governance because PEFT methods such as LoRA and related techniques make model adaptation cheaper, faster, and more modular. That is operationally useful, but it also creates a governance challenge: behaviour can change through the swapping of lightweight adapters even when the base model label remains constant. Without recording adapter lineage, organisations can mistake a technically distinct system state for the same model instance.

Inside RAIDT, the item belongs in Evidence Architecture and Artefacts because it helps define what must be captured for one run to be meaningfully reconstructable. It contributes directly to run-level evidence, strengthens the evidence pack, and improves the defensibility of a RAIDT score profile across Responsibility, Auditability, Interpretability, Dependability, and Traceability. It is therefore not just engineering provenance; it is governance-relevant provenance.

Adapter ID / PEFT lineage solves a specific governance problem: in contemporary GenAI systems, behaviour is often shaped by modular fine-tuning artefacts that are easier to change than the base model itself. If those artefacts are not recorded, a reviewer may know which model family was used but still be unable to explain why a run produced a particular style, error pattern, or domain-specific judgement.

The concept also prevents confusion between model identity and model behaviour. Two runs can both be logged as using the same foundation model yet differ because one relied on a medically tuned LoRA adapter, another on a compliance-oriented adapter, and a third on no adapter at all. From a RAIDT perspective, those are not governance-equivalent runs, because the evidential conditions of use differ in ways that matter for review, comparison, and accountability.

If this item is missing, organisations face several avoidable risks: weak incident reconstruction, poor rollback capability, difficulty validating whether an approved adapter was used, and limited ability to learn from output drift across versions. More broadly, governance remains too dependent on broad model labels and too weakly connected to the actual technical artefacts shaping a run.

Key idea: Adapter ID / PEFT lineage matters because RAIDT needs evidence of the actual behavioural layer used in a run, not only the name of the underlying base model.

• The identifier of the adapter or PEFT artefact used in the run.
• The PEFT method or adaptation type, such as LoRA, QLoRA, prefix tuning, or another lightweight fine-tuning approach.
• The relationship between the adapter and the underlying base model version.
• The checkpoint, commit, hash, or registry reference needed to distinguish one adapter release from another.
• The training dataset reference or lineage marker associated with the adapter, where relevant and available.
• The deployment or activation status showing whether the adapter was applied, swapped, stacked, or disabled for the run.
• The evidential link needed to compare outputs across runs, investigate drift, and support rollback or review.
• The provenance detail required to justify scoring and governance judgements in RAIDT.

Audience question

If the base model version is already recorded, why do we also need Adapter ID / PEFT lineage?

Answer

The concern behind this question is that recording both may appear duplicative. The direct answer is that the base model and the adapter do different explanatory jobs. The base-model identifier tells us the underlying model family and release. Adapter lineage tells us which additional behavioural layer was attached to that base model for the run under review.

A practical example makes the difference clear. Suppose an organisation uses the same base model across several internal tasks but attaches different LoRA adapters for legal drafting, customer-service tone control, and cybersecurity triage. If a problematic output emerges, the base-model label alone will not reveal which specialised adaptation shaped the run. A reviewer needs to know whether the issue arose from the base model, from the specific adapter, from the training lineage of that adapter, or from an unauthorised version swap.

RAIDT handles this better than a generic AI governance approach because it ties the answer to a specific run and its evidence pack. Instead of asking only whether the organisation had an approved model, RAIDT asks whether the actual behavioural configuration used in the run can be reconstructed and scrutinised. That makes governance operational rather than merely declarative.

Consider a healthcare trust using a GenAI drafting assistant to produce first-pass clinic letters. The trust deploys a common base model but applies a PEFT adapter trained to follow local clinical style, abbreviations, and redaction conventions. The run-level issue is that one generated letter includes an unsafe summary of medication changes, and the reviewer needs to determine whether the problem reflects the clinician prompt, the base model, or the domain adapter.

The evidence needed includes the run ID, timestamp, prompt version, base-model identifier, adapter ID, PEFT method, checkpoint hash, training dataset reference for the adapter, generated output, clinician edits, and reviewer notes. Responsibility is affected because the trust must show who approved the use of that adapter in clinical communication. Auditability is affected because investigators need to reconstruct the exact technical configuration. Interpretability is affected because the adapter helps explain why the output took a particular domain-specific form. Dependability is affected because repeated errors may indicate adapter drift or poor fine-tuning quality. Traceability is affected because the run must be linked to the precise artefact that influenced behaviour.

By capturing adapter lineage, RAIDT improves governance readiness. The trust can distinguish an isolated prompting issue from a wider adapter problem, justify rollback if necessary, compare runs across versions, and show that governance review extends to the real technical artefacts shaping clinical outputs.

Adapter ID / PEFT lineage links to RAIDT in four ways.

First, it supports RAIDT's core idea that GenAI governance should be based on evidence from real use rather than high-level declarations about an approved model estate.

Second, it sharpens the run as the unit of governance by identifying the precise adaptation layer active in that run, not merely the underlying model family.

Third, it strengthens both the run-level evidence pack and the score profile because reviewers can test whether model provenance, change control, and behavioural explanation are adequately evidenced.

Fourth, it improves reviewability, contestability, audit readiness, and organisational learning by making it possible to reconstruct how adapter changes affected outputs across time and tasks.

Adapter ID / PEFT lineage → Run-level evidence → Evidence pack → RAIDT score profile → Governance readiness

Responsibility

This item supports Responsibility by showing whether the organisation can identify who authorised, deployed, or approved the adapter used in a run and whether its use matched the intended task and governance boundary.

Example evidence / implication:

• Named approval for a clinical, legal, or sector-specific adapter in a controlled workflow.
• Record showing that only authorised adapters were permitted for the task category.

Auditability

This item has a strong effect on Auditability because adapter lineage is often essential to reconstructing why two apparently similar runs behaved differently.

Example evidence / implication:

• Adapter registry entry, checkpoint hash, and activation record linked to the run.
• Sufficient metadata for an auditor to distinguish an approved adapter release from a later unreviewed variant.

Interpretability

Adapter lineage supports Interpretability by improving practical explanation of output behaviour, especially when domain adaptation or stylistic tuning materially shapes the model's response.

Example evidence / implication:

• Record that a finance-compliance adapter was active during a regulatory drafting task.
• Reviewer explanation linking domain-specific output style to the attached PEFT artefact rather than to the base model alone.

Dependability

This item supports Dependability because reliable operation depends not only on choosing the right base model but on controlling the fine-tuned artefacts layered onto it.

Example evidence / implication:

• Version comparison showing whether a newer adapter release improved or degraded output quality.
• Ability to rollback to a previous adapter when incident patterns emerge after deployment.

Traceability

Adapter ID / PEFT lineage is especially strong for Traceability because it creates a direct line from one run to the exact adaptation artefact that influenced its behaviour.

Example evidence / implication:

• Chain linking run ID, base model, adapter ID, checkpoint hash, and downstream reviewed output.
• Evidence showing when an adapter was introduced, updated, retired, or replaced across comparable runs.

This item affects all five pillars, but it is particularly consequential for Auditability, Dependability, and Traceability because each weakens quickly if adapter provenance is not recorded.

In general AI governance, provenance may be treated as a broad technical notion covering model origin, training data, or software supply chain history. In RAIDT, Adapter ID / PEFT lineage has a more specific operational meaning: it is the run-linked evidence that identifies which modular adaptation artefact shaped the output in a given use event.

The RAIDT meaning is more operational because it is tied to concrete reconstruction, evidence-pack assembly, five-pillar scoring, and governance readiness. It is not enough to know that adapters exist in the system. RAIDT asks whether the exact adapter lineage for this run is captured well enough for review, challenge, comparison, and corrective action.

Misunderstanding

Adapter lineage is only an engineering concern and does not belong in governance documentation.

Correction

That view misses how modern GenAI behaviour is configured in practice. If lightweight adapters materially alter what a system says, how it frames outputs, or which domain patterns it reproduces, then recording those artefacts is not merely technical housekeeping. It is part of accountable governance. For example, if a public-sector drafting tool silently switches from an approved policy-writing adapter to an experimental summarisation adapter, the governance issue is immediate. RAIDT therefore treats adapter lineage as evidence needed for meaningful oversight, not as optional backend detail.

Adapter ID / PEFT lineage does not prove that an adapter is safe, fair, effective, or lawful. It also does not replace broader evaluation, red-teaming, procurement review, security assurance, or human oversight. The item tells reviewers which adaptation artefact influenced the run; it does not by itself validate that artefact's quality.

The concept also depends on the existence of a disciplined registry and versioning practice. If adapters are poorly named, informally exchanged, or insufficiently hashed, the field may appear populated while still being weak as evidence. RAIDT handles this limitation by treating adapter lineage as one component of run-level evidence that must be interpreted alongside task context, outputs, reviews, and other artefacts rather than as a standalone guarantee.

Manual implementation

A researcher or small team can record adapter lineage manually in a run template by noting the adapter name, PEFT method, base model, version or checkpoint identifier, and any dataset reference used to describe where the adapter came from.

Semi-automated implementation

Semi-automated implementation can pull adapter metadata from a model registry or experiment tracker into structured run records while still asking users or reviewers to confirm that the adapter was appropriate for the task.

Fully automated implementation

At scale, a wrapper, orchestration layer, deployment gateway, or governance pipeline can automatically log the active adapter, base model, checkpoint hash, approval status, and environment metadata for every run, then feed that information into evidence packs, dashboards, drift analysis, and review workflows.

Within the RAIDT project, this item is especially useful for Paper 08 Foundations because it shows that run-level evidence must cover the real behavioural configuration of the system, not only the nominal model label. It helps articulate RAIDT's claim that evidence architecture needs to keep pace with modular GenAI deployment practices such as PEFT.

For Paper 09 Empirical Validation, adapter lineage is important when comparing runs across deployments, testing whether reviewers can reconstruct behaviour, and examining whether governance scores change when provenance detail is strengthened or omitted. For Paper 10 Policy Pathways, it provides a concrete example of how technical versioning practices become governance controls when translated into structured evidence requirements.

The item also has value in sector playbooks, evidence-pack design, scoring rubrics, and governance interventions. In supervision, viva defence, and journal positioning, it helps answer a pointed question: how does RAIDT handle the fact that modern GenAI behaviour may depend on lightweight, swappable adaptation artefacts rather than on the base model alone? This note provides that answer in operational terms.

Q1. Why is adapter lineage necessary if the model provider and version are already known?

Because the base model does not always explain the behaviour seen in the run. A PEFT artefact may be the component that introduced domain style, task bias, or behavioural change, so governance evidence must capture both layers.

Q2. Does this item matter only for highly technical organisations training their own models?

No. It matters wherever organisations deploy or receive adapted models, even if the adaptation is supplied by a vendor. The governance need is to know what behavioural layer was active, not necessarily to have built it internally.

Q3. Is recording adapter lineage enough to explain a bad output?

Not on its own. It improves explanation by identifying one important causal layer, but reviewers still need prompt context, inputs, outputs, reviewer notes, and task conditions to make a defensible judgement.

Q4. What if multiple adapters are stacked or dynamically selected?

Then the run record should capture that stack or selection logic explicitly. RAIDT is concerned with reconstructability, so the evidence should reflect the real configuration rather than forcing a simplified single-adapter narrative.

Q5. How does this strengthen organisational governance rather than only technical debugging?

It supports approval control, rollback, incident review, change management, and defensible scoring. In other words, it turns model adaptation history into evidence that a governance process can actually use.

• parameter-efficient fine-tuning governance and accountability
• LoRA provenance and version control in generative AI deployment
• model lineage and artefact traceability for foundation model adaptation
• AI auditability of modular fine-tuning components
• software supply chain concepts for machine learning artefacts
• governance of domain-adapted large language models
• reproducibility and checkpoint lineage in applied machine learning
• organisational control of fine-tuned model variants
• MLOps metadata practices for adapter registries
• traceability of model customisation in regulated AI use

Adapter ID / PEFT lineage records which lightweight fine-tuning artefact actually shaped a particular GenAI run. In RAIDT, that matters because the base-model label is often not enough to explain behaviour. A run may use the same underlying model as another run while producing different outputs because a different LoRA or other PEFT adapter was attached. By capturing the adapter identifier, method, checkpoint, and provenance link, RAIDT makes the real behavioural configuration reviewable. This strengthens the evidence pack, improves five-pillar scoring, and helps organisations investigate drift, justify rollback, and distinguish between a prompt issue, a base-model issue, and an adapter issue. In short, the item translates modern model-customisation practice into governance evidence tied to the run.

Adapter ID / PEFT lineage is the run-level record of which fine-tuning artefact shaped behaviour because RAIDT needs evidence of the actual configured model state, not just the base-model name.

• S4.01 · run_id
• S4.02 · Timestamp
• S4.03 · User role / operator role
• S4.04 · Task and domain label
• S4.05 · Prompt registry
• S4.06 · Prompt ID and version
• S4.07 · Prompt hash
• S4.08 · Model/provider/version identifier
• S4.09 · Decoding parameters
• S4.10 · Retrieval query and index ID
• S4.11 · Retrieved document IDs and hashes
• S4.12 · Tool-chain trace
• S4.14 · Alignment policy ID
• S4.15 · Output hash
• S4.16 · Review decision and reviewer notes
• … and 1 more

• Q043: Why must Adapter ID and PEFT lineage be recorded?
• Q133: Why do adapter IDs matter?
• Q228: Adapter ID / PEFT lineage — definition, example, and why it matters in RAIDT