Aviation SMS software vs
safety intelligence platform.

See the highlighted block above the contents list. The rest of this article walks through each platform shape and the buyer checklist.

SMS software is the system of record for ICAO Annex 19 artefacts. Its responsibilities are well-defined:

• Occurrence intakeacross mandatory, voluntary and confidential channels. Mobile-first reporting forms; investigation workflow; classification against the operator's taxonomy.
• Hazard register with each hazard linked to its operational area and current state.
• Risk matrix with severity × likelihood scoring tailored to the operation.
• CAPA pipeline with corrective and preventive actions, typed owners, due dates and effectiveness verification.
• Audit programmes for internal compliance monitoring with finding lifecycle.
• Document control for safety manuals, procedures and safety bulletins.
• SPI definitions with thresholds and ownership.

SMS software is necessary. Every regulated airline above a certain size needs one. The question is what comes on top.

Aviation safety intelligence renders the operational picture on top of the record. The picture is built from cross-module reasoning — reading one operational graph rather than several modules.

Occurrence → hazard → barrier propagation. A classified occurrence automatically updates the relevant hazard, recalculates the bowtie barriers that the hazard depends on, and adjusts the composite risk score for the top events those barriers belong to.

Live SPI dashboards. The SPI counter ticks the moment the occurrence is classified. Threshold breaches surface as alerts. Trends are visible to the accountable manager weekly, not quarterly.

Live Safety Risk Profile. The SRP aggregates SPI state, barrier health, open CAPA, recent occurrences and audit findings into the operational picture the accountable manager reads. Updated in near real-time by the underlying records.

Cross-module weak-signal detection. A combination of a training expiry, an open audit finding and a recent occurrence on a related barrier produces a weak signal that no single module would catch on its own. AI agents surface these signals under human-in-the-loop review.

Audit-grade traceability. Every artefact links to its evidence. A regulator can trace from policy to outcome in two clicks per step.

AI in aviation safety is not a feature; it is an operating-model change. Three workloads were historically constrained by human throughput:

Classification.Every occurrence has to be classified against the operator's taxonomy. Human classification is slow, inconsistent across reviewers, and the throughput bottleneck of every safety team. AI classification agents propose categories with confidence scoring; humans approve. The throughput change is significant; the consistency change is more significant.

CAPA drafting. Drafting a corrective action against an open finding is a 20-minute job per finding. AI drafting agents produce a starting draft against the finding, the relevant procedure section and the previous action history. The human edits and approves. The total time drops without weakening the outcome.

Weak-signal detection.Spotting a cross-module pattern — training expiry plus barrier degradation plus recent occurrence cluster on the same hazard — was historically the work of a senior safety analyst with time on their hands. AI agents do this continuously and surface candidates for human review.

Throughout, the AI never decides alone. The pattern is human-in-the-loop; the AI proposes, the human approves. This is what makes AI in aviation safety defensible to a regulator.

Human-in-the-loop (HITL) is the structural pattern that distinguishes defensible aviation AI from undefensible aviation AI. The pattern has four components:

1. The AI proposes.Classification, draft, summary, signal — the AI agent produces a candidate.
2. The system records. The audit trail captures the agent, the model, the prompt, the inputs, the proposed output and the confidence.
3. A qualified human reviews and decides. The named human, appropriate to the task (safety manager for a classification, head of safety for a CAPA closure, accountable manager for an SRP shift), approves, edits, or rejects.
4. The platform replays. Three years later, the regulator can replay the agent run, see the inputs, see the proposal, see the human approval, see the outcome.

The HITL pattern is what makes AI in aviation safety useful and defensible. Platforms that ship AI features without it are an audit risk.

Use this checklist to test whether a candidate platform is SMS software, an aviation safety intelligence platform, or something in between.

1. Operational graph. Are occurrences, hazards, barriers, SPIs, SRP, CAPA, audits, training and document control nodes on one graph? Or modules connected by APIs?
2. Occurrence-to-SRP trace. Pick a real occurrence. Can you walk it from intake to SRP in two clicks per step?
3. Live SPI dashboard. Does the SPI counter update the moment an occurrence is classified, or on a nightly batch?
4. AI agents with HITL. Are AI outputs recorded with agent, model, prompt, confidence, and named human reviewer? Can a run be replayed three years later?
5. CAPA effectiveness verification. Is it a hard gate before closure, with a named verifier and an audit-grade trail?
6. ICAO + EASA + FAA + IOSA vocabulary. Native, or bolted-on?
7. Tenant isolation. Where the platform serves multiple AOCs, is isolation enforced at the database layer?
8. Data residency and export. Where is the data stored? What happens on termination? What export format?

A platform that scores high on all eight is an aviation safety intelligence platform. A platform that scores high on items 1, 5, 6, 7 and 8 but lower on 2, 3 and 4 is SMS software. Both are valid; the choice depends on what the airline needs.