In Part 1, we diagnosed the compliance crisis. In Part 2, we examined the specific technical challenges that make Security Objective identification and traceability management so difficult. Now we address the question that follows directly: how do large language models change the calculus, and what does a programme that uses them actually look like?
This article is more concrete than the previous two. We explain the technical architecture of LLM-powered DO-326A analysis, describe the specific tasks where automation provides the greatest leverage, and — in the interest of intellectual honesty that is essential in a safety-critical domain — we are explicit about what automation cannot and should not replace.
Why DO-326A Is a Natural Fit for LLM Analysis
Not every complex process is a good candidate for LLM automation. DO-326A compliance is a strong candidate for reasons specific to the nature of the task.
The inputs are unstructured natural language. ICDs, safety assessments, system architecture documents — the documentation that DO-326A analysis must process is written in technical English, not structured data. It contains implicit relationships, cross-references, and context-dependent terminology that rule-based parsers cannot reliably handle. LLMs, trained on vast corpora of technical documentation, are well-suited to extracting structured information from unstructured text.
The analytical task requires semantic understanding, not just pattern matching. Identifying that an interface carries navigation data with integrity implications requires understanding what navigation data is, why integrity matters for navigation, and what failure conditions are associated with navigation integrity loss. This is semantic reasoning, not keyword search.
The output must be structured and traceable. LLM outputs can be directed toward specific structured formats — Security Objective templates, threat condition records, traceability matrices — that match the expectations of certification authorities.
The volume of work exceeds human capacity at the required quality level. A thorough DO-326A analysis for a large aircraft programme involves hundreds of LRUs, thousands of interfaces, and a traceability chain that must be maintained across years of design evolution. LLMs scale in a way that human expert pools do not.
The Technical Architecture of CompliAir
CompliAir is built on a foundation of LLM capabilities specifically adapted for aviation compliance analysis.
Document ingestion and preprocessing. CompliAir accepts the primary documentation types used in aircraft certification: ICDs, FHAs, PSSAs, SSAs, system architecture documents, and software design documents. The preprocessing layer extracts structured information — interface definitions, parameter descriptions, failure condition classifications, architectural relationships — and builds an internal representation of the system under analysis.
Aviation-tuned LLM reasoning. The core reasoning engine is a large language model fine-tuned on DO-326A, DO-356A/ED-204A, ED-202A, and a curated corpus of aviation system documentation. Fine-tuning on aviation-specific content is essential. A general-purpose LLM will understand "integrity" in a general sense but will not reliably apply DO-326A's specific definition of integrity Security Objectives, or understand the relationship between an ARINC 429 label and the failure condition it feeds.
Security Objective extraction. Given the internal document representation, the LLM reasoning engine identifies candidate Security Objectives for each system function. For each candidate, it names the specific function and security property, identifies the linked failure condition and its severity, notes the ICD interfaces most relevant to the objective, and flags interfaces that cross trust boundaries.
Threat condition derivation. For each confirmed Security Objective, CompliAir derives candidate threat conditions using its aviation threat taxonomy — informed by VulnAirabilityDb vulnerability intelligence for the specific protocols in use. For an objective covering AFDX data integrity, the threat conditions include VL spoofing scenarios, frame injection attacks, and bandwidth starvation techniques documented in VulnAirabilityDb — not generic "network attack" categories.
Traceability generation. As Security Objectives and threat conditions are confirmed by engineers, CompliAir maintains the traceability record automatically. When documentation is updated, change impact analysis identifies which elements are potentially affected.
Report generation. The final output is a structured compliance evidence package formatted to EASA and FAA DER expectations — directly usable in a certification submission.
The Productivity Numbers
Document processing time. A 500-page ICD that would require two to three weeks of focused engineer time to analyse for security relevance can be processed by CompliAir in under ten minutes.
Security Objective identification. For a complex LRU with a 500-page ICD and a comprehensive safety assessment, CompliAir typically identifies 25 to 45 candidate Security Objectives in a single analysis run. An experienced engineer reviewing these candidates will typically confirm 80 to 90 percent without modification, modify 10 to 15 percent, and add a small number the automated analysis missed. Total review time: two to four days — compared to four to eight weeks for manual identification.
End-to-end analysis time. A complete DO-326A analysis for a complex LRU typically takes one to two weeks with CompliAir, compared to three to six months manually.
Change impact analysis. CompliAir's change impact analysis identifies affected Security Objectives and threat conditions in minutes. Manual change impact analysis for a non-trivial design change typically requires one to two days.
For a programme with 40 LRUs requiring DO-326A analysis, these numbers translate to a reduction in compliance effort from approximately 15 person-years to approximately three to four person-years. At loaded rates of €200,000 per year, the difference exceeds €2 million in engineering cost — before accounting for schedule value.
What Automation Cannot Replace
A technology article in a safety-critical domain that does not address limitations is not being honest.
Human engineering judgment is irreplaceable for novel scenarios. LLMs are powerful at identifying patterns consistent with their training data. They are less reliable when faced with genuinely novel system architectures or attack vectors without historical precedent. For novel scenarios, CompliAir flags uncertainty — and human engineers must fill the gap.
Authority dialogue is irreducibly human. EASA and FAA certification review involves dialogue: questions, requests for clarification, negotiation over compliance approaches. This requires human engineers who can defend their analysis and adapt to feedback. CompliAir generates the analysis that supports this dialogue — it does not conduct the dialogue itself.
Final responsibility cannot be delegated to a tool. A DO-326A compliance submission is signed by qualified engineers who take professional responsibility for its adequacy. CompliAir generates candidate Security Objectives and threat conditions. Engineers confirm, modify, and sign off. The human is always in the loop, and the human always bears final responsibility.
Calibration is ongoing. What satisfies an EASA reviewer may differ from what satisfies an FAA DER in specific areas. CompliAir outputs are starting points that must be reviewed against the specific compliance context of the programme.
These are genuine limitations. They define the appropriate scope of LLM-powered compliance analysis: a tool that dramatically reduces the cost and time of analytical scaffolding, while keeping expert humans responsible for confirmation, validation, and authority dialogue.
The Regulatory Picture
Certification authorities care about the quality and defensibility of the compliance evidence — not the process by which it was generated. A Security Objective that is specific, well-formed, correctly linked to a failure condition, and supported by rigorous threat condition analysis will satisfy a certification reviewer regardless of whether it was identified by a human engineer or an LLM-assisted tool.
What matters is the human review layer. CompliAir-generated analysis that has been reviewed, validated, and confirmed by qualified engineers is, from a regulatory perspective, the analysis of those engineers. The tool is an accelerant — not a replacement for qualified judgment.
The Competitive Pressure Is Already Here
Aircraft programmes that adopt LLM-powered DO-326A analysis early will complete certification programmes faster, at lower cost, and with more consistent compliance evidence quality than programmes that do not. This is not a future competitive advantage — it is a present one.
The talent scarcity problem is not going to resolve itself. The pipeline of engineers with deep avionics systems knowledge and cybersecurity expertise is years behind the demand curve. Every new aircraft programme adds to that demand. LLM-powered tools that allow these engineers to work at greater leverage are not optional for programmes that need to deliver on schedule.
Conclusion: The New Altitude of Aviation Security Compliance
DO-326A compliance is broken not because the standard is wrong, but because the process of implementing it has been limited by the tools available. Large language models change this.
CompliAir is the realisation of this capability: an LLM-powered engine specifically built for DO-326A analysis, running entirely on-premise, with the aviation-specific domain knowledge that general-purpose AI tools lack. Alongside VulnAirabilityDb — the only on-premise vulnerability database covering avionics protocol vulnerabilities at the depth DO-326A threat analysis requires — it represents a new foundation for aviation cybersecurity compliance.
The certification clock does not stop running. Programmes that engage with this technology now will have a measurable advantage at the point where DO-326A compliance has historically been most expensive and most uncertain.
If your programme is facing DO-326A compliance challenges, or if you want to understand how CompliAir and VulnAirabilityDb fit into your certification timeline, get in touch. We respond within 48 hours.