Evidence-Centric Certification Maintenance for Learning-EnabledSystems Under Continuous Change

Security certification struggles with learning-enabled components because system behaviour depends on data and model artefacts and evolves through DevSecOps/MLOps updates. Traditional schemes often certify a fixed target using point-in-time evidence, so the validity of security claims degrades under rapid releases and multi-party supply chains. This paper maps regulatory and standards-driven requirements to concrete, certificationrelevant evidence across IoT, cloud, edge, and mobile deployments, and identifies recurring gaps. Based on this mapping, we introduce an evidence-centric certification maintenance loop: claims are bound to versioned evidence baselines with provenance, requirement support is captured in a traceability graph (requirements, controls, artefacts, tests, results), and a material-change policy triggers delta-bounded evidence refresh and re-testing. Tool support is restricted to auditable decision assistance (structuring, consistency checking, adequacy support, risk triage, drift/anomaly monitoring); adjudication remains human-led. We demonstrate the loop through four vertical use cases and a pilot ESP32-PICO mTLS/OTA instantiation that defines admissible evidence families, change events, and reassessment triggers; the pilot can be extended to learning-enabled systems by adding model/data lineage and shift-related evidence.