• workshop_dense_100#slide 22

In RAIDT, Limitations can be defined as the explicit non-claims and boundary conditions that prevent the framework from being mistaken for a guarantee of correctness, safety, or legal adequacy. RAIDT is designed to produce reconstructable accountability for one configured use through a run-level evidence pack and a score profile, with the run as the unit of governance. It therefore evaluates governance readiness, not objective truth. The framework can show whether relevant evidence exists, whether the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability) are supported, and whether influence methods as governance interventions have been logged and reviewed. It cannot guarantee that a generated answer is factually right, eliminate domain risk, provide legal certification, or replace substantive expert judgement.

This distinction matters because RAIDT is intentionally a bounded, mid-range design theory rather than an inflationary claim about trustworthy AI in general. The score profile, including anchors 1=missing / 3=partial / 5=audit-ready, helps organisations assess the quality of governance evidence for a run. It does not certify that a run should be relied upon without further review. By stating limitations explicitly, RAIDT resists compliance theatre: a high score means governance artefacts are inspectable and challengeable, not that downstream harms are impossible. In scholarly terms, limitations matter because they preserve proportionality, support sector calibration, and keep the framework analytically disciplined across domains where evidence depth, oversight duties, and acceptable risk thresholds differ.

In cybersecurity alert triage, a security team may use GenAI to summarise logs and suggest the likely cause of an incident. A well-instrumented run-level evidence pack can capture the alert bundle, prompt template, retrieval or tool-use traces, output hash, and analyst decision. The resulting score profile may show strong auditability and traceability, especially if influence methods as governance interventions were versioned and logged.

The limitation is that this does not prove the recommendation is correct. An attacker may be using a novel technique, the retrieved artefacts may be incomplete, or the model may present a fluent but mistaken explanation. Naming that limitation matters because analysts remain responsible for expert review and containment decisions. RAIDT strengthens contestability and learning after the event; it does not replace incident-response expertise or certify factual correctness in real time.

• 11-RAIDT_Academic_Logic_M_v11
• 12-RAIDT_DSR_Theory_M_v8