Toward Secure and Compliant AI: Organizational Standards and Protocols for NLP Model Lifecycle Management
It addresses security and compliance issues for organizations deploying NLP in high-risk environments like healthcare and finance, but it is incremental as it integrates existing methods into a structured framework.
This paper tackles the problem of security, privacy, and compliance risks in NLP systems used in sensitive domains by introducing the SC-NLP-LMF framework, a six-phase model developed from a review of 45 sources and aligned with standards like NIST AI RMF and the EU AI Act.
Natural Language Processing (NLP) systems are increasingly used in sensitive domains such as healthcare, finance, and government, where they handle large volumes of personal and regulated data. However, these systems introduce distinct risks related to security, privacy, and regulatory compliance that are not fully addressed by existing AI governance frameworks. This paper introduces the Secure and Compliant NLP Lifecycle Management Framework (SC-NLP-LMF), a comprehensive six-phase model designed to ensure the secure operation of NLP systems from development to retirement. The framework, developed through a systematic PRISMA-based review of 45 peer-reviewed and regulatory sources, aligns with leading standards, including NIST AI RMF, ISO/IEC 42001:2023, the EU AI Act, and MITRE ATLAS. It integrates established methods for bias detection, privacy protection (differential privacy, federated learning), secure deployment, explainability, and secure model decommissioning. A healthcare case study illustrates how SC-NLP-LMF detects emerging terminology drift (e.g., COVID-related language) and guides compliant model updates. The framework offers organizations a practical, lifecycle-wide structure for developing, deploying, and maintaining secure and accountable NLP systems in high-risk environments.