Organizations that develop and deploy regulated AI systems under the EU AI Act face a structural mismatch: the law requires documented, auditable, and risk-managed AI, while existing engineering pipelines are not designed to produce such evidence automatically. This position paper introduces the AIGOps (AI Governance Operations) framework and the concept of Conformity as Code (CaC). The central premise is that regulatory requirements can be expressed as clear, machine-readable rules. These rules are maintained under version control and automatically validated within standard delivery pipelines. Instead of relying on manual and periodic compliance reviews, compliance is integrated into the system and verified continuously. This paper formalizes regulatory requirements in a structured, machine-readable format, identifies conformance gaps, and proposes a three-loop operational model to address them. It further outlines a reference architecture and a Compliance-as-Code approach, supported by MLOps tooling, Infrastructure as Code, and DevSecOps practices. The approach is designed to enable practical and scalable deployment of regulated AI systems. Methods for empirical validation are presented, and directions for future work are discussed.
Gupta Manish (Sun,) studied this question.