A GNN component slips into a perception stack the same way any model does — it gets an accuracy table, and that table lands in the internal test backlog. Then the reviewer asks one question the table cannot answer: what happens when the input graph is malformed or sparse? That single question is where graph neural network applications diverge from every other model in the stack. A convolutional detector fails on pixels. A GNN fails on structure — on how the graph was built, where the node and edge features came from, and what connectivity the model quietly assumed would always hold. None of that shows up in an accuracy number, and a validation reviewer who has seen graph-based reasoning before knows it. How do graph neural network applications work in automotive perception? A graph neural network operates on data expressed as nodes and edges rather than a fixed grid. Each node carries a feature vector; each edge encodes a relationship. The model passes messages along edges — a node updates its representation by aggregating information from its neighbours — and repeats this for a few rounds until each node’s embedding reflects its local structural context. The output might be a per-node classification, a per-edge prediction, or a graph-level summary. That mechanism is a good fit for the parts of perception where relationships carry the signal. A lane graph is naturally a graph: lane segments are nodes, connectivity (merges, splits, successors) is edges. Agent-interaction modelling — predicting how the vehicle in the next lane will behave given the cars around it — is a graph over agents. Sensor-fusion topologies, where detections from camera, radar, and lidar have to be associated across modalities, are graphs over candidate matches. In each case the model is not reasoning about an image; it is reasoning about a structure someone constructed upstream. The construction step is the part that gets lost. By the time a GNN sees its input, a whole pipeline has already decided which nodes exist, which edges connect them, and what features hang off each. Those decisions are assumptions, and assumptions are exactly what a perception safety reviewer is paid to interrogate. Where GNNs actually appear in the stack It helps to be concrete about the three places graph reasoning shows up, because each one has a different failure surface. Lane-graph reasoning. The map or the online lane estimator produces a graph of drivable lane segments and their connectivity. A GNN reasons over it to assign the ego vehicle to a lane, predict reachable successors, or fuse map priors with live perception. The graph-construction risk here is topology: a missed edge at a merge, an extra edge from a map error, a segment that got split when it should not have. Agent-interaction modelling. Trajectory-prediction models increasingly use graphs over surrounding agents, where edges encode proximity or interaction potential. The construction risk is density — how many agents, what edge-threshold defines “interacting,” what happens in an empty scene with one node and no edges, or a gridlocked intersection with dozens. Sensor-fusion topology. Association graphs match detections across sensors and time. The construction risk is provenance and sparsity — an edge exists only if two detections were deemed candidate matches, and a dropped sensor frame silently removes nodes the downstream model expected to be there. The common thread: in all three, the graph is an artifact of upstream logic, not a raw input. The GNN’s behaviour is only as trustworthy as the contract governing how that graph gets built. The broader question of how perception models reach a signable release state — of which autonomous-cars deep learning pipelines earn a release-signable state — sits above this; the GNN is one component inside it. What GNN-specific evidence does a validation package need? Here is the divergence, stated plainly. An internal test report answers “how accurate is the model on the eval set.” A reviewer-shaped validation package answers “what happens when the assumptions the model was trained on stop holding.” For a GNN, the assumptions are structural, so the evidence has to be structural too. Two evidence sections carry that weight, and neither exists in a standard accuracy table. The first is the graph-construction contract — a written, testable specification of what a valid input graph looks like. What node types exist, what features each carries and where those features come from, what edge-formation rule was used, what connectivity invariants are guaranteed (or explicitly not), and what the valid ranges are for graph size and density. This is the document the reviewer reads to understand what the model was promised at its input boundary. The second is connectivity degradation behaviour — measured evidence of what the model does when the contract is violated. Malformed graphs, sparse graphs, disconnected components, missing edges, out-of-range node counts. Not a claim that it degrades gracefully; a measurement of how it degrades and where the cliff is. GNN validation package: what an accuracy table carries vs. what a reviewer signs against Question the reviewer asks Accuracy table answer Reviewer-shaped GNN evidence How well does it perform nominally? Covered (per-node / per-edge accuracy) Covered, plus topology-invariant metrics What is a valid input graph? Absent Graph-construction contract (node/edge/feature provenance, connectivity invariants) What happens on a malformed or sparse graph? Absent Connectivity degradation curve with the failure cliff located Does the evidence survive retraining? No — numbers move on every release Structural evidence survives; only the accuracy row needs a refresh Where does the component’s responsibility end? Undefined Contract boundary stated; hands off to the safety case The table is the quick version of the argument, but the practical point is the fourth row. Because graph-construction and degradation evidence describe structure, not weights, they survive model retraining and re-weighting. The accuracy row moves on every release; the contract and the degradation characterisation do not, unless the graph-construction logic itself changes. That is the ROI: the GNN component does not re-pay its full justification cost every release. Sign-off stays a single round instead of a multi-week clarification loop where the reviewer keeps asking for the structural section that was never written. How a reviewer probes graph-construction assumptions If you want to know what evidence to prepare, watch how an experienced reviewer actually attacks a graph-based component. In our experience across perception-validation work, the probing follows a recognisable order — this is an observed pattern from reviewer behaviour, not a benchmarked protocol. Provenance first. Where does each node feature come from? If an edge feature is derived from a detector confidence, the reviewer now wants that detector’s reliability evidence too, because the GNN inherits it. Then the empty and the full case. What does the model output on a one-node graph with no edges? On the densest graph the construction logic can produce? These are the boundaries where message-passing either has nothing to aggregate or aggregates too much. Then the malformed case. A missing merge edge in a lane graph, a duplicated node, a disconnected component. Does the model produce a confident-but-wrong answer, or does it signal low confidence? Then the drift question. If the upstream construction logic changes — a new lane estimator, a re-tuned association threshold — does the model’s contract still hold, and does the evidence need regenerating? A backlog-shaped report has no section for any of this. A package engineered to these questions carries them as named evidence, which is the difference between a reviewer signing and a reviewer sending a list back. The graph-construction failure modes are best exercised before they reach the package. A robustness audit that deliberately feeds malformed and sparse graphs is where these cliffs surface, and it connects to the broader work of building production AI reliability into the perception stack rather than discovering the gaps at review. Which GNN metrics travel across model updates? Not all metrics are equally durable. An accuracy figure is tied to a specific set of weights and a specific eval split, so it expires the moment you retrain. The metrics worth building the package around are the ones that characterise structural behaviour, because those describe the component’s contract rather than its current parameterisation. Topology-invariant evidence — degradation curves as a function of graph sparsity, sensitivity to a single missing edge, output stability under node-permutation, confidence calibration on out-of-contract inputs — describes how the model responds to structure. These characterisations move only when the graph-construction logic or the architecture changes, not on every retrain. Framing the package around them is what lets the same GNN component be re-signed on a new release with a refreshed accuracy row and an otherwise-intact evidence set. The same durability logic applies to any coverage artifact; a W&B report used as coverage evidence in a perception validation package is durable for the same reason — it documents what was tested, not just what scored. This is observed-pattern reasoning drawn from perception-validation engagements, not a published benchmark of GNN metric stability; treat the specific metric list as a starting rubric, not a fixed standard. Where GNN component validation ends and the safety case begins A GNN validation package is not a safety case. It is one bounded component’s evidence — its input contract, its degradation behaviour, its durable metrics. The safety case is the argument that the whole perception system behaves acceptably in its operational design domain, and it composes evidence from every component including this one. The clean handoff is the graph-construction contract itself. It states what the component guarantees at its boundary and what it assumes of its inputs. The safety case then has to show that those assumptions are met by whatever feeds the graph — that the lane estimator really does produce contract-valid graphs, that the sensor-fusion association really does stay within the density bounds. Draw that boundary explicitly and the component’s evidence stays reusable; leave it implicit and every safety-case revision drags the GNN back into scope. FAQ How do graph neural network applications work, and what do they mean in practice for automotive perception? A GNN operates on data as nodes and edges, passing messages along edges so each node’s representation reflects its structural context. In perception that fits anything relational — lane graphs, agent interactions, cross-sensor association. In practice it means the model reasons over a structure that upstream logic constructed, so its trustworthiness depends on how that graph was built, not just on its accuracy. Where do GNNs actually appear in a perception stack — lane-graph reasoning, agent interaction, sensor-fusion topology? In all three. Lane-graph reasoning treats lane segments as nodes and connectivity as edges; agent-interaction modelling builds a graph over surrounding vehicles for trajectory prediction; sensor-fusion association is a graph over candidate cross-modal matches. Each has a distinct construction risk — topology errors, density extremes, and provenance-or-sparsity failures respectively. What GNN-specific evidence does a validation package need that an internal test report does not? Two sections a standard accuracy table lacks: a graph-construction contract specifying valid node/edge/feature provenance and connectivity invariants, and a connectivity degradation characterisation showing how the model behaves on malformed, sparse, or out-of-range graphs. These answer the reviewer’s structural questions, which accuracy numbers cannot. How does a reviewer probe graph-construction assumptions and malformed or sparse-input degradation? Typically in order: feature provenance first, then the empty and densest cases, then deliberately malformed graphs (missing edges, disconnected components), then whether the contract survives upstream construction changes. The concern is whether the model produces confident-but-wrong output or signals low confidence when the graph violates its assumptions. Which GNN metrics are topology-invariant enough to travel across model updates without rewriting the package? Metrics that characterise structural response rather than a specific weight set — degradation curves versus sparsity, sensitivity to a single missing edge, node-permutation stability, and calibration on out-of-contract inputs. These move only when the graph-construction logic or architecture changes, so they survive retraining while the accuracy row is refreshed. Where does GNN component validation end and the broader perception safety case begin? The component package covers one bounded thing: input contract, degradation behaviour, durable metrics. The safety case argues the whole system is acceptable in its operational design domain and must show the GNN’s input assumptions are actually met by whatever feeds the graph. The graph-construction contract is the explicit handoff boundary between the two. A reviewer who has validated graph-based reasoning before will not ask whether the accuracy is good enough — they will ask what the model does when the graph is wrong. If the perception stack leans on graph reasoning, the question worth settling early is which topology-invariant evidence survives retraining, so the component earns its release signature once rather than re-arguing its structural safety on every release.