Next Article in Journal
Linking Coopetition to Sustainable Delivery in International Engineering Projects: A Dynamic Capability Perspective
Next Article in Special Issue
AI-Driven Automation of Construction Cost Estimation: Integrating BIM with Large Language Models
Previous Article in Journal
Nonlinear Inelastic Analysis of Semi-Rigid Steel Frames with Top-and-Seat Angle Connections
Previous Article in Special Issue
AI-Driven Process Mining for ESG Risk Assessment in Sustainable Management
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Buildings
Volume 16
Issue 2
10.3390/buildings16020409
buildings-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Intelligent Risk Identification in Construction Projects: A Case Study of an AI-Based Framework

by
Kristijan Vilibić
*,
Zvonko Sigmund
and
Ivica Završki
Faculty of Civil Engineering, University of Zagreb, 10000 Zagreb, Croatia
*
Author to whom correspondence should be addressed.
Buildings 2026, 16(2), 409; https://doi.org/10.3390/buildings16020409
Submission received: 18 December 2025 / Revised: 6 January 2026 / Accepted: 8 January 2026 / Published: 19 January 2026
(This article belongs to the Special Issue Applying Artificial Intelligence in Construction Management)
Review Reports Versions Notes

Abstract

Risk management in large-scale construction projects is a critical yet complex process influenced by financial, safety, environmental, scheduling, and regulatory uncertainties. Effective risk management contributes directly to project optimization by minimizing disruptions, controlling costs, and enhancing decision-making efficiency. Early identification and mitigation of risks allow resources to be allocated where they have the greatest effect, thereby optimizing overall project outcomes. However, conventional methods such as expert judgment and probabilistic modeling often struggle to process extensive datasets and complex interdependencies among risk factors. This study explores the potential of an AI-based framework for risk identification, utilizing artificial intelligence to analyze project documentation and generate a preliminary set of identified risks. The proposed methodology is implemented on the ‘Trg pravde’ judicial infrastructure project in Zagreb, Croatia, applying AI models (GPT-5, Gemini 2.5, Sonnet 4.5) to identify phase-specific risks throughout the project lifecycle. The approach aims to improve the efficiency of risk identification, reduce human bias, and align with established project management methodologies such as PM2. Initial findings suggest that the use of AI may broaden the range of identified risks and support more structured risk analysis, indicating its potential value as a complementary tool in risk management processes. However, human expertise remains crucial for prioritization, contextual interpretation, and mitigation. The study demonstrates that AI augments, rather than replaces, traditional risk management practices, enabling more proactive and data-driven decision-making in construction projects.

1. Introduction

Modern construction projects are inherently complex and characterized by a multitude of interconnected activities, stakeholders, and external factors, making them prone to various risks [1].
These risks can be broadly categorized to include [1]
  • Financial risks, encompassing budget overruns due to inaccurate cost estimations, inflation, or unforeseen expenses;
  • Safety risks arising from hazardous working conditions, equipment malfunctions, and human error, potentially leading to accidents and injuries;
  • Environmental risks stemming from pollution, habitat destruction, and non-compliance with environmental regulations, resulting in ecological damage and legal repercussions;
  • Scheduling risks, involving delays caused by poor planning, resource constraints, or external disruptions such as weather conditions, impacting project timelines and overall efficiency;
  • Regulatory risks pertaining to changes in building codes, permit approvals, and other legal and compliance-related issues, potentially causing project disruptions and increased costs.
Ineffective risk management in complex construction projects can lead to significant cost escalations, prolonged delays, and compromised quality standards, jeopardizing project success. Research by Ivić and Cerić [2] highlights that information asymmetry among project participants introduces risks that adversely affect project outcomes. Similarly, Lovrenčić Butković [3] emphasizes the importance of identifying critical success factors in international construction projects to mitigate such risks. These studies underscore the necessity for robust risk management strategies to ensure the successful completion and overall value of construction projects.
Traditional risk assessment methods commonly employed in the construction industry include [4]
  • Expert judgment, relying on the experience and intuition of industry professionals to identify and evaluate potential risks.
  • The use of risk registers, which are time-consuming to compile and maintain.
  • Probabilistic modeling, employing statistical techniques to quantify the likelihood and impact of various risks.
However, these conventional approaches have inherent limitations [1,5]. Expert judgment can be subjective and prone to biases, risk registers are often time-consuming to compile and maintain, and probabilistic modeling can struggle with the complexities of large datasets and may not adequately capture the interdependencies between different risk factors [4]. Furthermore, these methods often require significant manual effort and may not be scalable to handle the vast amounts of data generated in modern construction projects [6].
Recent systematic reviews underline that artificial intelligence is increasingly applied to construction risk management but also reveal notable gaps, such as insufficient integration of diverse data sources and digital platforms into risk processes [7]. While AI tools enhance risk identification, integration with project data platforms remains underexplored, highlighting a need for more advanced integrated approaches. Similarly, Afzal et al. [8] reviewed current AI-driven cost-risk methods, emphasizing challenges in capturing complex interdependencies among risks, particularly cost overruns. These findings reinforce the need for advanced AI-based risk management solutions.
To overcome these challenges and enhance the effectiveness of risk management, artificial intelligence (AI) offers a promising avenue for improving risk identification, assessment, and mitigation in construction projects [4,9]. AI technologies can analyze vast amounts of project data, extract meaningful insights, and automate the generation of documentation, providing project managers with valuable tools to proactively address potential risks [9,10]. AI can assist in areas such as safety and predictive maintenance [6], and AI algorithms can handle the complexity of construction projects, with current applications ranging from large language models to computer vision and sensor-based classification techniques deployed across different project phases [10].
Other reviews also reinforce this trend: Costa et al. [11] conducted a systematic review of AI in project management, identifying its potential for improving forecasting, decision support, and automation, while Regona et al. [12] highlighted adoption barriers such as data fragmentation and limited standardization. Similarly, Chen et al. [13] emphasized the transformative potential of AI in infrastructure construction, particularly in enhancing safety monitoring, quality control, and process optimization. The integration of AI techniques across project management functions, such as schedule optimization, resource allocation, and safety monitoring, marks a paradigm shift in construction engineering and management [14]. Mentioned reviews highlight advancements in predictive analytics for scheduling and risk forecasting, along with emerging trends like deeper integration with Building Information Modelling (BIM) and Internet of Things (IoT), suggesting AI integration is essential for managing complex modern infrastructure projects.
Traditional risk analysis methods each have limitations in capturing project uncertainties comprehensively. Khodabakhshian et al. [15] systematically compared deterministic and probabilistic risk management methods, concluding that no single approach fully addresses uncertainty. Their findings support adopting hybrid or AI-augmented frameworks, motivating this study’s integration of AI-driven risk analysis methods. However, relying on AI introduces additional potential risks, such as algorithmic biases, over-reliance on automated outputs, and interpretability challenges, all of which necessitate careful validation and continuous human oversight to ensure reliability and accuracy in risk assessments [16]. Aladağ [17] recently assessed the performance of ChatGPT for construction risk management and found that while AI-generated risks were generally relevant and comprehensive, their prioritization consistency and contextual interpretation were limited, further underscoring the need for hybrid human–AI validation frameworks.
The methodological approach presented in this study is consistent with current European initiatives aimed at accelerating digitalization, automation, and the green transition in the construction sector. Within this context, the framework aligns with research directions pursued in the Automated Construction Site Progress Monitoring for Green Transition in Construction (AutoGreenTraC) project, where data-driven decision support is essential for improving quality, productivity, and sustainability outcomes across the project lifecycle.
The application of AI models presented in this paper is expected to demonstrate several contributions to project risk management. First, it shows how automation can tackle the labor-intensive aspects of risk identification, potentially identifying a broader range of risks in a shorter time. This is particularly valuable given that human-led risk identification is often constrained by cognitive biases and limited bandwidth-experts may overlook certain risks due to optimism bias or familiarity with routine issues [18]. Second, this study evaluates how well an AI-generated risk structure aligns with an established methodology (PM2); this offers insights into the integration of AI with standard project management practices. Notably, PM2 prescribes maintaining a Risk Log and regularly updating it with new risks and responses [19], but it does not specify how risks should be identified beyond involving the project team. The proposed framework fills this gap by introducing a novel approach designed to perform risk identification in alignment with the PM2 process steps. It is anticipated that the AI can produce a comprehensive baseline of risks, which project managers can then review and refine. This human-in-the-loop model reflects a hybrid approach: AI provides broad initial coverage, and human experts validate feasibility and implement specific mitigation measures. In contrast to prior AI-in-construction risk studies that mainly provide conceptual reviews, this research operationalizes a phase-based prompting framework explicitly mapped to the PM2 lifecycle structure, performs a systematic cross-model comparison of OpenAI GPT-5, Google Gemini 2.5 Pro, and Anthropic Claude Sonnet 4.5, and introduces a four-layer validation protocol. To the authors’ knowledge, this is the first study to combine lifecycle-aligned AI prompting, multi-model triangulation, and expert validation into a single reproducible framework for public-sector construction risk identification.
The following sections detail the methodology, present the results, and discuss the comparison between AI and human risk management performance, and the conclusion presents key findings.

2. Materials and Methods

2.1. Data Collection and Project Selection

This paper presents an initial exploration of an AI-based framework for risk management specifically tailored for construction projects, addressing the unique challenges and complexities associated with this type of development. The effectiveness of this framework is evaluated through a case study on the ‘Trg pravde’ judicial infrastructure project in Zagreb, Croatia [20].
The selected project involves the construction of a centralized judicial complex intended to consolidate multiple courts and legal institutions within a single urban location. The project data was sourced from the Croatian Electronic Public Procurement Bulletin Board, where the official technical specification document was obtained from the tendering documentation [20]. The documentation consists of a comprehensive technical specification package comprising approximately 606 pages and 225,826 words, including a combination of textual descriptions, tabular specifications, and embedded figures. These documents span multiple project phases, covering regulatory requirements, technical design descriptions, contractual obligations, and implementation constraints. This project was selected for its inherent complexity, multi-phase structure, and the availability of comprehensive, structured documentation. As a public-sector and EU-funded initiative, it presents significant regulatory, financial, and operational risks, making it an ideal candidate for evaluating AI-driven risk identification. Moreover, its governance context and funding origin make it well-suited for applying the European Commission’s PM2 project management methodology [19].

2.2. Project Segmentation

To facilitate a structured approach to risk management, the project was divided into four key phases, following established project lifecycle frameworks [19].
The phases defined for this project are
  • Initiating Phase—covering feasibility studies, initial regulatory approvals, initial assessments, and early planning decisions;
  • Planning Phase—covering the development of detailed design documentation, permitting processes (e.g., location and construction permits), stakeholder approvals, and refined cost estimation;
  • Executing Phase—covering the main construction activities, including procurement of materials, on-site construction work, workforce management, and quality control measures;
  • Closing Phase—covering testing and commissioning of the building, final inspections, compliance verification, permit finalization, and formal project handover to the client/operator.
Segmenting the project into these four phases enabled phase-specific risk assessment, ensuring that AI-generated insights were aligned with the particular objectives and challenges of each stage of the project’s lifecycle. This phase breakdown is consistent with the PM2 Project Management Methodology, which defines a project lifecycle comprising four sequential phases: Initiating, Planning, Executing, and Closing [19]. In PM2, each phase is characterized by a dominant set of activities (e.g., initiating activities in the first phase, execution in the third, etc.), and a project advances to the next phase once the goals of the current phase are achieved and formally approved.

2.3. Research Design

In this investigation, the potential of an AI-driven risk identification framework was explored in alignment with the project’s phases. The core objective was to examine whether AI could be used to automate risk identification and preliminary analysis across the project lifecycle. This focus on AI-based risk identification is motivated by the recognition that effective risk management begins with comprehensive and continuous risk identification [19]. According to the PM2 methodology, new risks can arise at any point during a project and should be promptly identified and documented in the Risk Log [19].
This study adopts an initial research design to evaluate the potential of general-purpose AI models for risk identification in construction projects. The objective was to determine whether publicly accessible models, specifically GPT-5, Gemini 2.5 Pro, and Claude Sonnet 4.5, can extract relevant risk-related information from technical project documentation through structured prompt-based interaction. Importantly, no domain-specific training or fine-tuning was applied to either model. This approach was intentionally selected to reflect a realistic application scenario, in which industry professionals utilize commercially available AI models without the need for specialized machine learning expertise or access to construction-specific datasets.
To initiate the AI-driven risk management framework, AI models were tasked with analyzing the project’s technical specification document, which was originally in the Croatian language. The models were instructed to process the document in the English language, ensuring that all risk-related aspects were identified and categorized. No preprocessing steps, such as language normalization, content filtering, or anonymization, were applied prior to the analysis, as only publicly available documentation was used, and the documents were submitted in their original form. This step enabled the models to extract relevant project risks across all phases and organize them into a structured assessment format. The same procedure was applied using GPT-5, Gemini 2.5 Pro, and Claude Sonnet 4.5 to enable comparison of performance in terms of assessment consistency, coverage, and interpretability in risk identification.
For each model, a new chat session was initiated, and the models were prompted in an iterative, phase-by-phase manner to extract relevant risk information from the project documentation. For each project phase, specific prompts were crafted instructing AI models to list potential risks, their causes or sources, the areas of the project they might affect, and any relevant categorization (e.g., regulatory, technical, financial). It was ensured that the AI’s risk outputs were aligned with industry-standard risk management terminology, so that they could be easily compared to or integrated with conventional risk registers. For example, the prompts guided AI models to present each risk in a cause–risk–effect format, consistent with the PM2 guideline of formulating risk descriptions as Cause–Risk–Effect [19]. Additionally, the AI was asked to categorize each risk (e.g., as technical, legal, financial, etc.), similar to the Category field in PM2’s Risk Log template, which ties each risk to an affected area or domain (business, technical, legal, etc.) [19]. By designing the AI interaction in this way, it was ensured that AI’s outputs could be directly mapped to a traditional risk log structure.
Following the initial identification of risks, an additional prompting stage was introduced in which the models were instructed to reorganize the previously extracted risks according to predefined filters. The grouping criteria included (1) risk category (e.g., financial, regulatory) and (2) stakeholder affected (e.g., Investor, General Contractor). For a project of this nature, these two categories and stakeholder roles were selected as representative examples due to their significant impact on project financing, execution, and decision-making. This step was not intended to generate new risks, but to examine whether the models could restructure and reframe existing information in response to analytical needs. This procedure allowed the framework to simulate a common workflow in professional risk management, where comprehensive risk lists are subsequently refined into targeted summaries for different project roles.
Throughout this implementation process, the quality and relevance of the AI-generated risks were monitored. The prompting was performed in the same chat session to maintain context, which allowed AI models to “remember” details from earlier phase outputs while analyzing later phases. This approach emulates a knowledgeable risk analyst who becomes increasingly informed about the project as they progress through its lifecycle.
Finally, the operational workflow of the proposed framework can be summarized as follows:
First, the available technical specification document is submitted directly to the AI models without preprocessing. Second, identical phase-based prompts aligned with the PM2 lifecycle are applied across GPT-5, Gemini 2.5 Pro, and Claude Sonnet 4.5. Third, the AI generates risks in a structured cause–risk–effect format and assigns them to standard risk categories compatible with PM2 Risk Log fields. Fourth, the resulting risks are reorganized using predefined labels such as category and affected stakeholder to produce targeted summaries for different project roles and analytical purposes. Fifth, human intervention is applied during validation and interpretation, where experts review and contextualize the AI-generated outputs.

2.4. Validation

A risk register for the “Trg pravde” project was not available at the time of the study, so no ground-truth document existed for direct comparison. As a result, verification relied on a structured, four-layer validation strategy:
  • First, cross-model triangulation was performed by comparing outputs from the three AI models to confirm the consistency of identified risks across systems.
  • Second, all identified risks were examined against patterns reported in established construction risk literature to ensure alignment with previously documented findings.
  • Third, each risk was internally validated against verifiable evidence in the project’s technical documentation, confirming factual grounding and ensuring that every identified item was directly supported by the project data.
  • Fourth, external expert validation was conducted. A targeted search identified three experts with substantial experience in construction risk management, representing academia and industry, and covering local (Croatia), European (Germany), and global (United States) perspectives. After selection, a 30-item questionnaire was administered (see Supplementary Material S5). Each participant received the publicly available technical specification document (identical to that used in the AI analysis), a summary document providing a condensed overview, along with a link to the questionnaire. The questionnaire itself utilized a mixed format of multiple-selection rating scales (e.g., star ratings), multiple-choice questions and open-ended text boxes for qualitative feedback. The expert responses were assessed through cross-comparison between respondents, alignment of their feedback with the comparative table of model-specific output characteristics developed in this study, and, where applicable, verification against evidence reported in the existing construction risk management literature. All documents were provided in both Croatian and English to ensure clarity, and the collected responses were analyzed to evaluate the accuracy and plausibility of the AI-identified risks.
Overall, this four-layer process ensured that the AI-identified risks were rigorously checked from multiple angles. Internal steps verified consistency, literature alignment, and support in project documentation, while external expert review added an additional layer of credibility. Together, these measures provide a reliable basis for interpreting the study’s findings.

3. Results

The results demonstrate how AI models identified phase-specific risks across the project lifecycle, highlighting their potential to support structured and efficient risk analysis.
Below is the initial prompt used to provide project-specific context to the AI models, submitted together with the technical specification document.
Initial prompt used:
“You will be acting as a risk management analyst for a public-sector judicial infrastructure project. I have provided you with a technical specification document (in Croatian) for the project: “Construction of the southern building and underground garage on Trg pravde.”
Your task is to thoroughly read and analyze the provided project document. While the document is in Croatian, you are to process and understand its content in English.
Crucially, please be aware that in our future interactions, we will be extracting specific data from the project document to perform various risk management tasks. Therefore, your understanding of the document’s details is essential.”
Following this initial context setting, the sections below present the AI-generated risk identification results together with the corresponding prompts, organized by project phase, risk category, and stakeholder responsibility.
Financial and Regulatory risks were selected due to their critical influence on project viability and compliance, while the Investor and General Contractor were chosen as key stakeholders responsible for managing these high-impact risk areas. The filtering and grouping were performed using only GPT-5, with the understanding that the same procedure can be reproduced with the other models without introducing methodological differences.

3.1. Initiating Phase

Prompts used:
“Please structure a Risk Identification Table. I want it to be focused on the Initiating Phase (Pre-construction) of the public-sector judicial infrastructure project provided:
‘Construction of the southern building and underground garage on Trg Pravde’.
The table should have 7 columns: Code, Risk Source, Cause/Driver, Risk (delivery, event, occurrence), Affected Area, Risk Category, and Risk Bearer.
-
Keep in mind the important documentation present in this phase: Pre-Investment study, Feasibility study, Conceptual solution, Environmental study…
-
Consider the following stakeholders for this phase: Investor, Government, Designer, Project Manager, Regulatory bodies…”
GPT-5 exported the results as a downloadable Excel file, Gemini generated the output in Google Sheets, and Claude displayed the results in its built-in table viewer. The generated risk identification tables for the Initiating Phase are provided in Supplementary Material S1.
When asked to explain the identified risks, differences were observed among the models in terms of scope, depth, and presentation:
  • GPT-5 produced a concise and well-balanced risk list covering regulatory, environmental, geotechnical, and stakeholder-related risks. Its output emphasized breadth and alignment with standard risk register practice, identifying foundational risks such as unclear functional requirements, early-stage design quality issues, funding uncertainty, permitting delays, and stakeholder misalignment.
  • Gemini 2.5 Pro provided a narrative-style explanation addressing risks connected to project viability, EU NPOO funding conditions, and constraints arising from the project’s historical context. The output included risks related to phased construction assumptions, operational continuity of judicial facilities, transformer station relocation, and regulatory feasibility within a protected urban environment.
  • Claude Sonnet 4.5 generated the most detailed and granular output, producing an extensive set of initiating-phase risks with explicit contextual explanations, numerical references, and policy-level implications. Its analysis strongly emphasized financial feasibility, cost estimation uncertainty, and EU funding conditionality.
The complete AI-generated explanatory outputs for this phase are provided in Appendix A, with the results from GPT-5, Gemini 2.5 Pro, and Claude Sonnet 4.5 presented in Appendix A.1, Appendix A.2 and Appendix A.3, respectively.

3.2. Planning Phase

Prompts used:
“Please structure a Risk Identification Table. I want it to be focused on the Planning Phase (Pre-construction) of the public-sector judicial infrastructure project provided—‘Construction of the southern building and underground garage on Trg Pravde’.
The table should have 7 columns: Code, Risk Source, Cause/Driver, Risk (delivery, event, occurrence), Affected Area, Risk Category, and Risk Bearer.
-
Keep in mind the important documentation present in this phase: Location permit, Design documentation, Master (Main) design…
-
Consider the following stakeholders for this phase: Investor, Government, Designer, Project Manager, Regulatory bodies…”
The generated risk identification tables for the Planning Phase are provided in Supplementary Material S2.
When asked to explain the identified risks, differences were observed among the models in terms of scope, depth, and presentation:
  • GPT-5 generated a structured explanation focusing on risks related to design documentation completeness, permitting procedures, late requirement changes, interdisciplinary coordination, regulatory changes, geotechnical integration, and stakeholder involvement. The output addressed risks affecting project readiness, schedule reliability, and technical completeness prior to procurement and construction.
  • Gemini 2.5 Pro provided a detailed narrative explanation structured around regulatory, schedule, technical, and stakeholder-related risks. The output addressed risks associated with regulatory non-compliance of the Main Design, utility approval processes, procurement delays linked to fixed EU NPOO deadlines, alternative design options triggering redesign, BIM coordination failures, new geotechnical findings, and operational constraints related to uninterrupted judicial activities.
  • Claude Sonnet 4.5 produced an extensive explanation emphasizing design development risks, BIM coordination challenges, adaptation of legacy architectural concepts to current regulatory requirements, structural assumptions related to phased construction, and compliance with nZEB energy performance criteria. The output addressed technical, regulatory, and performance-related risks that may propagate into later project phases if not resolved during planning.
The complete AI-generated explanatory outputs for this phase are provided in Appendix B, with the results from GPT-5, Gemini 2.5 Pro, and Claude Sonnet 4.5 presented in Appendix B.1, Appendix B.2 and Appendix B.3, respectively.

3.3. Executing Phase

Prompts used:
“Please structure a Risk Identification Table. I want it to be focused on the Executing Phase (Construction Phase) of the public-sector judicial infrastructure project provided—‘Construction of the southern building and underground garage on Trg Pravde’.
The table should have 7 columns: Code, Risk Source, Cause/Driver, Risk (delivery, event, occurrence), Affected Area, Risk Category, and Risk Bearer.
-
Consider the following stakeholders for this phase: Investor, Government, General Contractor, and Site Engineer…”
The generated risk identification tables for the Executing Phase are provided in Supplementary Material S3.
When asked to explain the identified risks, the models responded as follows:
  • GPT-5 generated a structured explanation addressing operational, financial, regulatory, and environmental risks associated with on-site execution. The output covered issues related to labor and subcontractor availability, site supervision and quality control, cash flow and payment delays, unforeseen site and ground conditions, regulatory and safety compliance, construction planning and sequencing, and environmental disruptions affecting excavation and structural works.
  • Gemini 2.5 Pro provided a detailed explanation focused on execution stage constraints linked to EU NPOO funding requirements and the responsibility of the General Contractor. The output addressed risks related to failure to obtain the Use Permit within the required timeframe, geotechnical and groundwater conditions during deep excavation, critical construction quality defects, and other execution-related compliance and coordination risks.
  • Claude Sonnet 4.5 produced an extensive explanation concentrating on geotechnical and site-related risks during construction. The output addressed ground condition variability, groundwater management challenges, excavation pit support performance, and potential settlement impacts on adjacent heritage and operational buildings. These risks were described in relation to construction safety, structural stability, schedule reliability, cost escalation, and third-party impacts.
The complete AI-generated explanatory outputs for this phase are provided in Appendix C, with the results from GPT-5, Gemini 2.5 Pro, and Claude Sonnet 4.5 presented in Appendix C.1, Appendix C.2 and Appendix C.3, respectively.

3.4. Closing Phase

Prompts used:
“Please structure me a Risk Identification Table. I want it to be focused on the Closing Phase of the public-sector judicial infrastructure project provided—“Construction of the southern building and underground garage on Trg Pravde”.
The table should have 7 columns: Code, Risk Source, Cause/Driver, Risk (delivery, event, occurrence), Affected Area, Risk Category, and Risk Bearer.
Focus on the general risk caused by the delay of Occupancy/Usage Permit issuance.
-
Consider the following stakeholders for this phase: Investor, Regulatory Body…”
The outputs for the Closing phase are provided in Supplementary Material S4.
When asked to explain the identified risks, the models produced the following outputs:
  • GPT-5 generated a structured explanation focusing on risks affecting commissioning, handover, and operational readiness. The output addressed issues related to incomplete or non-compliant permit documentation, delays in final technical and safety inspections, unresolved non-conformities and punch list items, administrative delays within permitting authorities, and gaps in digital as-built documentation, including BIM-based Asset Information Models.
  • Gemini 2.5 Pro provided a detailed explanation emphasizing regulatory, financial, and contractual risks associated with meeting the fixed EU NPOO deadline for the Use Permit. The output addressed risks related to potential withdrawal of EU funding due to permit delays, regulatory refusal of the Use Permit, prolonged correction and re-inspection cycles, major defects triggering immediate corrective obligations, contractual handover disputes, operational readiness and training deficiencies, and political or administrative interference in the permitting process.
  • Claude Sonnet 4.5 produced an extensive explanation concentrating on technical inspection and compliance risks during project closeout. The output addressed risks related to deficiencies in technical inspection documentation, incomplete commissioning of building systems, fire safety compliance failures, and airtightness testing deficiencies affecting nZEB certification. These risks were described in relation to permit approval delays, schedule overruns, cost escalation, and reputational impacts.
The complete AI-generated explanatory outputs for this phase are provided in Appendix D, with the results from GPT-5, Gemini 2.5 Pro, and Claude Sonnet 4.5 presented in Appendix D.1, Appendix D.2 and Appendix D.3, respectively.

3.5. Risk Analysis by Category

Prompt used:
“Filter the risks from the existing Initiating, Planning, Executing, and Closing Risk Identification Tables.
Create two new tables displaying only risks belonging to the ‘Financial’ or ‘Regulatory’ Risk Categories. So, one table for each category.
The table must include the following columns: Code, Risk Source, Cause/Driver, Risk (delivery, event, occurrence), Affected Area, Risk Category, Risk Bearer. Also add an extra column named ‘Phase’ before column ‘Code’ to know which risks belong to what phase.”
Table 1 and Table 2 present the Financial and Regulatory risks filtered by GPT-5, respectively.
When prompted to provide insights on category-based grouping, GPT-5 responded as follows:
“Financial Risks (RCP-03, RCP-17)
Financial risks in the Trg Pravde project arise mainly from funding flow uncertainties and cash management challenges:
  • Delayed public or EU funding approval can stall the initiation of procurement and early works, jeopardizing alignment with the National Recovery and Resilience Plan (NRRP) timelines.
  • Interruptions in payment from the investor during construction can trigger claims, slow down on-site activities, or lead to suspension of works, affecting both schedule and contractor relations.
These risks highlight the importance of financial planning, timely fund allocation, and robust payment mechanisms to maintain project momentum and prevent contractual disputes.
Regulatory Risks (RCP-04, RCP-09, RCP-12, RCP-19, RCP-22)
Regulatory risks span the entire project lifecycle and are especially prominent in the Trg Pravde project due to its urban location, protected cultural context, and public-sector oversight:
  • Permitting delays during concept and design phases (e.g., location/building permits) can push back procurement and construction schedules, especially when cultural heritage or environmental approvals are involved.
  • Regulatory changes during the design phase (such as shifts in procurement or technical standards) may require documentation revisions or even re-tendering, adding administrative burden and timeline risk.
  • On-site inspections or compliance shifts during execution can result in temporary work stoppages, especially if new safety or environmental measures are introduced.
  • Incomplete documentation at closing can delay the issuance of the usage permit, directly impacting handover and operational readiness.
These risks underscore the need for early regulatory engagement, continuous legal monitoring, and proactive coordination with authorities to secure timely approvals and ensure compliance throughout.”

3.6. Risk Analysis by Stakeholder Responsibility

Prompt used:
“Filter the risks from the existing Initiating, Planning, Executing, and Closing Risk Identification Tables.
Create two new tables displaying only risks that are affecting the ‘Investor’ and ‘General Contractor’. So, one table for each stakeholder.
The table must include the following columns: Code, Risk Source, Cause/Driver, Risk (delivery, event, occurrence), Affected Area, Risk Category, Risk Bearer. Also add an extra column named ‘Phase’ before column ‘Code’ to know which risks belong to what phase.”
Table 3 and Table 4 present the stakeholder-grouped risks affecting the Investor and General Contractor, respectively, filtered using GPT-5.
When prompted to provide insights into stakeholder-based grouping, GPT-5 responded as follows:
“The stakeholder-based grouping clarifies how the identified risks translate into responsibilities and potential consequences for each project actor.
1. Investor
The risks associated with the Investor are primarily strategic and regulatory in nature. These include unclear project requirements, changes in scope, funding delays, and incomplete or non-compliant documentation. Such risks directly influence the Investor’s ability to secure financing, maintain project momentum, and ensure regulatory approval. When these risks materialize, the effects are typically seen in cost escalation, schedule delays, and reduced alignment with end-user needs, all of which undermine overall project viability. As the party accountable for project initiation, governance, and compliance, the Investor is the logical bearer of these risks.
2. General Contractor
The risks linked to the General Contractor arise mainly during the Executing phase and relate to construction performance and operational control. These include shortages of skilled labor, planning inefficiencies, unexpected site conditions, and regulatory inspections during construction. If these risks occur, the consequences are generally delays, rework, cost overruns, and quality deviations, directly affecting the contractor’s contractual obligations and ability to deliver the project as agreed. Because the General Contractor manages on-site execution and resource coordination, these risks naturally fall within their operational responsibility.
In summary, the grouping shows a practical alignment between risk type and stakeholder role:
  • The Investor carries risks tied to strategic decisions and regulatory compliance,
  • The General Contractor carries risks tied to executing efficiency and on-site performance.
This distribution reflects typical accountability structures in construction project management and reinforces that the AI-generated grouping is consistent with industry practice.”

3.7. Questionnaire

The questionnaire was used to support the validation of the AI-generated risk identification outputs. Table 5 summarizes selected questionnaire items relevant to perceived usefulness, trust, limitations, and comparative performance of the evaluated AI models. Full questionnaire results are provided in Supplementary Material S5.

4. Discussion

The use of AI models for risk identification in this case study provides an interesting point of comparison between AI-generated risk outputs and human expert risk management. Overall, the AI demonstrated an ability to rapidly produce a broad set of risks that are relevant to the project, many of which align closely with what experienced project managers might identify. For example, classic construction risks such as permit delays, design errors, or equipment failures appeared in the AI’s output just as they would likely feature in a human-generated risk register. This suggests that AI models (with appropriate prompting) can leverage their training on vast textual data (including likely project management and engineering knowledge) to emulate a seasoned expert’s brainstorming session. This claim of broad, relevant risk coverage is supported by a conducted expert survey (Supplementary Material S5). For example, Respondent 1 under Q11 noted that each AI tool “identified a large number of serious risks” across different approaches, indicating that AI indeed casts a wide net. In fact, recent research found that ChatGPT (GPT-4 model) was able to generate more comprehensive risk management plans than human experts on average, covering a wider range of risks and strategies [4]. In this study, AI models similarly cast a wide net, capturing multi-dimensional risks (technical, financial, legal, etc.) across all project phases without apparent bias toward one category. This comprehensive coverage is a notable strength as it addresses one of the known issues in human risk identification, where individuals might focus too much on familiar risk types and neglect others. The questionnaire feedback further supports this strength in coverage. All three experts rated AI’s overall usefulness for initial risk identification very highly (Q22: Very and extremely useful). Respondent 1 emphasized that the different AI outputs together reveal “more than enough” serious risks, confirming that AI tends to list diverse issues.
However, a clear difference emerged in terms of specificity and context awareness. Human risk experts bring deep contextual knowledge of the particular project environment and can incorporate tacit knowledge (like organizational politics, individual stakeholder personalities, or very project-specific technical nuances) into their risk assessments. In contrast, AI models might generically identify “stakeholder opposition” as a risk, but a human expert with local knowledge might specify this as “Opposition from Village X due to required relocation of utilities,” a nuance the AI wouldn’t know unless it was explicitly in the documents. Additionally, practical constraints and the “messy” real-world feasibility of responses are where human judgment excels. Experts strongly validated these points about AI’s limitations. Every respondent mentioned context or constraints as the main missing element in AI outputs (Q24 responses). For example, one noted that without human oversight, AI can produce very convincing but unverified suggestions. As Respondent 3 wrote, “it formulates the info in such a detailed/structured/convincing way it can be incredibly misleading” unless a human checks it. Likewise, Respondent 2 has stressed that the AI failed to flag potential conflicts between end-user requirements and funding authority limitations, a primary driver of early contractual disputes. Overall, all three experts agreed (Q25: “Yes, definitely”) that AI must be paired with human review. This was further supported in the mentioned study, where it was noted that while ChatGPT’s risk strategies were quantitatively abundant, they lacked practicality and specificity in some cases [4]. Human experts, conversely, tend to formulate more realistic and detailed action plans (e.g., exactly how to approach the local council for permits, or which subcontractor might help mitigate a delay).
Another area of comparison is bias and consistency, as humans are subject to cognitive biases. Optimism bias may lead them to underestimate the likelihood of delays, or anchoring might cause them to fixate on certain known risks while overlooking new ones [18]. The AI, not having emotions or personal stakes, provided an unbiased look at the scenario based purely on the information given and its generalized knowledge. This means it dutifully listed even those risks that project teams sometimes downplay (e.g., significant schedule delays or budget overruns) due to organizational pressure or optimism. On the other hand, AI systems have their own limitations: they might over-generalize or include risks that are theoretically possible but less relevant in context. It was observed that the tested AI models did not introduce any completely implausible risks, likely because the prompt was grounded in the actual project document. But if an AI were working with limited context, it might list extraneous items. Humans are better at filtering such irrelevancies using common sense and context knowledge.
In comparing the three AI models examined in this study (GPT-5, Gemini 2.5 Pro, and Claude Sonnet 4.5), clear differences emerge in output format, level of detail, and focus in risk identification.
Table 6 summarizes the key distinctions in how each model captured and presented risks across all phases of the project.
From this comparison, all three models captured many relevant risks, but with varying specificity and volume. GPT-5 and Gemini 2.5 Pro tended to highlight the most salient points in a concise format, whereas Claude Sonnet 4.5 offered an exhaustive list covering virtually every conceivable risk. The experts’ model preferences largely align with these observations. All three respondents chose GPT-5 to produce the clearest risk analyses (Q28) and would rely on its output as a primary reference if managing the project from the study (Q30). By contrast, Respondent 2 and Respondent 3 found Claude Sonnet 4.5 to be the most accurate overall (Q27), while Respondent 1 and 2 noted that it best understood the project constraints (Q29). In other words, the experts saw GPT-5 as quick and clear and Claude Sonnet 4.5 as most comprehensive. In practical terms, a human project team might use GPT’s or Gemini’s output as a quick starting checklist or to focus attention on critical issues (e.g., the hard funding deadline or major design flaws), while Claude’s output could serve as a comprehensive reference to ensure no category is overlooked. Notably, none of the AI-generated lists included implausible or irrelevant risks, as each model stayed on target given the prompt context. This suggests that with proper context, AI can reliably surface pertinent risks across technical, financial, legal, and other domains, leveraging its broad training knowledge. Overall, each AI model demonstrated strengths that could augment human risk management efforts: one provides brevity and speed, another offers structured insights on key threats, and the third delivers depth and thoroughness. A project manager could choose the AI output that best fits their needs or even combine them, such as using a quick broad list together with a more detailed deep dive, and then apply contextual judgment to validate, prioritize, and develop actionable plans for the identified risks. The AI-generated risks are intended to function as an initial baseline for the project Risk Log rather than as finalized decisions. Prioritization in terms of likelihood and impact is therefore envisaged as a step performed by project managers and designated risk owners, while future developments may enable AI systems to provide more advanced support for this task. Responsibility for monitoring and updating risks is assumed to remain with the project team in accordance with standardized project management methodologies, with AI support positioned as an assistive input that may be revisited at regular project control points.
Regarding risk prioritization, which is a crucial next step after identification, humans often apply intuition and experience to rank risks by significance. The AI in this exercise mainly performed identification and classification; prioritization would require either additional prompting or human input. Literature suggests that AI can assist with quantitative risk assessment (for example, using data to predict probabilities), but when it comes to nuanced judgment calls, human expertise is still key. A recent study assessing ChatGPT for risk management in construction noted that the AI’s performance was less effective in the consistency of risk assessment and prioritization [17]. This might be because prioritizing risks often requires subjective trade-offs and organizational value judgments (e.g., is a safety risk with low probability more critical than a cost risk with high probability?), which AI cannot easily make without clear criteria provided. The questionnaire results reinforce that expert judgment is crucial for prioritization. All respondents rated their trust in AI’s lists as only “Moderately trustful” (Q23), indicating they would not blindly follow AI rankings.
When considering human responses in risk management, it is important to note how risk identification is traditionally performed: often through workshops, checklists, previous project reviews, and expert knowledge. Human teams excel at discussing and debating risks, which can lead to creative insights or the discovery of risks that a single individual might miss. However, group dynamics can also introduce biases like groupthink, where certain risks might be dismissed too quickly if they challenge the group’s assumptions. There is evidence that major project failures are sometimes traced back to “unknown unknowns” or risks that were not identified at all or seriously underestimated by project teams (often due to cognitive biases or lack of information) [18]. Here, AI could complement human teams by ensuring a baseline of due diligence: the AI can act as a tireless assistant, bringing up an array of considerations (drawn from global knowledge and similar projects) that humans can then confirm or reject. This changes the typical workflow: instead of humans compiling the initial list and maybe missing some items, the AI compiles a broad list, and humans curate it. Moreover, all interviewed experts agreed that the best use of AI is as an assistant. They found AI very useful (Q22) for flagging issues across numerous domains, providing a comprehensive starting checklist. But they also insisted on human curation: one wrote that without an expert’s review, AI’s convincing narratives can be misleading.
The consensus that a hybrid model is most promising, combining AI processing with human judgment, is also strongly discussed in the reviewed studies [4,17]. AI models demonstrated speed, breadth, and adherence to formal structures (like including cause and effect, categories, etc.). Human experts bring depth, realism, and ethical judgment. For example, the AI might flag a risk like “contractor delay leads to penalty,” but a human project manager will gauge the actual likelihood based on the contractor’s track record and maybe decide it is medium priority rather than high. Conversely, the AI might catch a regulatory nuance (if it was in the documents) that a human overlooked in hundreds of pages of specs. The literature review reveals a consensus that AI is not here to replace human risk managers, but to augment them. AI tools can process enormous information and provide analytical insights (monitoring project data for early signs of risks, as suggested in the mentioned study), freeing human managers to focus on decision-making and communication [17]. Moreover, AI’s suggestions can challenge human planners to reconsider assumptions. For instance, if an AI lists a very bad-case scenario that the team assumed wouldn’t happen, it forces a healthy discussion: “Could this really happen? Do we have a contingency just in case?”.
In direct comparison to this case study, had a human team performed a risk register for the Trg Pravde project, they would likely have identified many of the same major risks (the overlap is encouraging). They might have also identified some hyper-specific local risks (like “risk of encountering unexploded ordnance from past conflicts”). The AI might have listed some general risks that in reality are either very low in this context or already managed (for example, it might mention “currency exchange risk” which is negligible if the project currency is stable or contracts are in local currency). In practice, the human team would prune those out. Essentially, AI provides quantity and coverage, humans provide quality control and nuanced judgment. Broader evaluations of AI in construction management highlight similar patterns observed in this study. Researchers found that AI significantly enhances early project planning through accurate forecasting and risk identification, but also identified adoption barriers such as data fragmentation [12]. Others highlight AI’s significant role in enhancing safety monitoring and process management in infrastructure construction [13].
In terms of performance, AI can generate in seconds what might otherwise require days of human workshops, yet without expert interpretation, its output remains a preliminary list that may omit context-specific constraints, introduce hallucinated issues, or be shaped by the structure of the input documentation. The project manager must still devise and execute appropriate responses for each risk, as human factors such as leadership, accountability, and team communication ultimately determine whether risks are effectively mitigated. AI does not handle these responsibilities; it does not convene coordination meetings, assess organizational dynamics, or negotiate with stakeholders. The survey results and prior studies consistently indicate that the most effective outcomes arise from a combination of AI support and human expertise [4,17]. In this study, these considerations are reflected through the application of the validation measures and review procedures described earlier in the methodology, which aim to moderate the limitations inherent in AI-generated risk identification.

5. Conclusions

This study demonstrates that an AI-based framework can support structured and efficient risk identification in complex construction projects by rapidly generating a broad set of phase-specific risks directly from technical documentation, and its application to a large public-sector judicial infrastructure project showed that AI models can interpret extensive tendering materials and translate them into risks aligned with typical patterns found in public construction. By structuring the analysis around the PM2 lifecycle, the framework enabled these AI-generated risks to be captured in a format directly compatible with PM2 artifacts such as the Risk Log, using a cause–risk–effect formulation and stakeholder-based accountability to ensure alignment with PM2’s emphasis on clarity, traceability, and continuous updating. Across all phases, the outputs were consistent with established construction risk patterns, and the validation process confirmed both their internal coherence and external credibility. The expert survey further indicated that the identified risks were comprehensive and useful as a baseline, while also highlighting the continued need for human judgment to interpret context, assess feasibility, and prioritize mitigation actions. These findings mirror trends reported in the recent literature, which similarly conclude that AI models can broaden early risk identification but still rely on human oversight for contextual interpretation and practical decision-making.
Comparative analysis showed that different AI models offer distinct advantages: some provide concise and actionable overviews suitable for early management decision-making, while others deliver highly detailed, context-rich risk descriptions that support comprehensive review. Used together, they form a robust foundation that human practitioners can refine to match local constraints, policy requirements, and institutional expectations. The findings suggest that AI does not replace expert-driven risk management but meaningfully enhances it by improving coverage, reducing initial effort, and mitigating common cognitive biases in early-stage identification. In public projects where delays, funding conditions, and regulatory compliance carry significant consequences, this ability to rapidly surface critical risks is particularly valuable.
Moreover, in comparable research contexts such as the AutoGreenTraC project, data-driven approaches are being explored to support improved construction safety, delivery reliability, and quality, while targeting reductions in inefficiencies and environmental impacts. By enabling earlier identification of execution, regulatory, and coordination risks, the framework presented in this study can strengthen decision-making and performance monitoring across the project lifecycle and further illustrate the role of AI as an enabling technology for sustainable and digitally integrated construction practices.
Overall, the results indicate that AI-driven risk identification can be a strong complement to established project management methodologies. Further development of the framework should extend it beyond risk identification into a more comprehensive, data-driven risk management system, including AI-supported risk prioritization, probabilistic assessment of likelihood and impact, and the automated generation of mitigation strategies to form complete risk registers rather than initial lists. Additional investigation is also needed into how AI-generated outputs can be systematically mapped to standard PM2 Risk Log fields to support structured integration into existing workflows and how the framework performs across methodologies such as PMBOK, PRINCE2, and AACE TCM to enable broader applicability. Moreover, future studies should examine how the framework is expected to scale with increasing volumes of project documentation, including associated time and cost implications, and how it can be sustainably implemented in practice while ensuring document confidentiality and ethical use of AI tools. Such developments would move AI from a supportive tool to an integral component of construction risk governance, improving the reliability and consistency of project decision-making.

Supplementary Materials

The following supporting information can be downloaded at: https://zenodo.org/records/18245157, accessed on 7 January 2026. Supplementary Materials S1–S4 present AI-identified risks across the Initiating, Planning, Executing, and Closing phases, including results generated with GPT-5, Gemini 2.5 Pro, and Claude Sonnet 4.5. Supplementary Material S5 contains the Expert Validation Questionnaire Results.

Author Contributions

Conceptualization, K.V.; methodology, K.V. and Z.S.; validation, K.V.; formal analysis, K.V.; investigation, K.V.; resources, Z.S. and I.Z.; data curation, K.V.; writing—original draft preparation, K.V.; writing—review and editing, Z.S.; supervision, Z.S. and I.Z.; funding acquisition, Z.S. All authors have read and agreed to the published version of the manuscript.

Funding

The APC was funded by the European Union NextGenerationEU project and the support of the Croatian Ministry of Science, Education and Youth and the University of Zagreb, Faculty of Civil Engineering as a part of the project Automated Construction Site Progress Monitoring for Green Transition in Construction (AutoGreenTraC). The content of the publication is the sole responsibility of the University of Zagreb Faculty of Civil Engineering.

Data Availability Statement

All data generated or analyzed during this study are included in this published article and the corresponding Supplementary Materials.

Conflicts of Interest

The authors declare no conflicts of interest.

Appendix A. AI-Generated Explanatory Outputs for the Initiating Phase

Appendix A.1. GPT-5

“The Initiating Phase represents the foundational stage of the Trg Pravde project, focused on feasibility assessments, conceptual planning, stakeholder engagement, and early regulatory and environmental evaluations.
The risk identification model for this phase highlights several critical exposures that can affect downstream activities:
-
Requirement Definition Risks—stemming from insufficiently developed functional needs in early studies (e.g., Pre-Investment or Feasibility Study). If future user needs (courts, academies) are not clearly captured, it could lead to scope misalignment and downstream design changes.
-
Design Quality Risks—associated with incomplete or underdeveloped conceptual solutions. Weak early-stage design increases the risk of rework, especially when integrated with BIM workflows and AIM expectations.
-
Funding and Budget Uncertainty—delays in confirming EU funding or government allocations may postpone procurement, increase opportunity cost, and affect public confidence in project execution.
-
Permitting and Regulatory Delays—a frequent risk in public-sector projects, particularly where location permits and urban planning approvals intersect with protected cultural zones. These can delay project mobilization or lead to scope modifications.
-
Environmental Constraints—including heritage-listed buildings and protected trees within the site boundary. These impose physical and legal limitations on design freedom and may require costly mitigation or redesign if not managed proactively.
-
Geotechnical Uncertainty—related to variable soil and groundwater conditions. If not accurately captured during this phase, it may lead to cost escalations or structural redesigns during execution.
-
Stakeholder Misalignment—insufficient early engagement with judicial institutions or public authorities can result in planning facilities that do not meet operational needs, creating downstream dissatisfaction and operational inefficiencies.
Identifying these risks in the Initiating Phase is crucial for setting realistic schedules, securing permits and funding, and aligning all stakeholders. Proactive mitigation such as strengthening requirements gathering, enhancing geotechnical studies, and streamlining permitting pathways helps avoid costly revisions and delays in future phases.”

Appendix A.2. Gemini 2.5 Pro

“The Initiating Phase risks are high-impact exposures originating from the project’s historical context, financing rules, and preliminary design decisions. They threaten to undermine project viability before construction even begins.
1. Project Viability & Financial Threat
This category addresses external factors that could halt the project, which is critical given its public-sector nature and troubled past.
  • Risk: Hard NPOO Deadline (I-003)
    Explanation: The use of EU NPOO funding imposes a non-negotiable Q2 2026 Use Permit deadline. The core risk is that the sheer scale of the conceptual project (a large building and 49,000 m2 garage) is unachievable within this fixed timeline. Any early-phase delay makes the financial loss of the EU funding almost certain.
  • Risk: Political & Funding Instability (I-001)
    Explanation: The project has a documented history of being stopped and restarted (e.g., failed JPP attempt). This past behavior is a strong indicator that funding or political support could be withdrawn again, nullifying all conceptual and preparatory work.
2. Design Integrity & Liability
These risks stem from the initial design process and the structural requirements imposed on Phase 1 for future phases.
  • Risk: Flawed Design Capability (I-002)
    Explanation: The Main Project design, provided by the Client, was procured under a procedure that limited formal vetting of the designer’s BIM/AIM capability. This creates a high risk that the conceptual design is technically deficient for modern BIM workflows and contains errors that will lead to mandatory rework and costly scope disputes.
  • Risk: Phasing Assumptions (I-007)
    Explanation: The concept requires Phase 1 to build the garage with structural anchors for three future, currently un-designed buildings. If the conceptual assumptions about future loads or geometry are incorrect, the flaw is locked into the foundation structure, guaranteeing failure and remedial costs in later phases.
3. Site & Regulatory Feasibility
These risks focus on the constraints imposed by the live site and regulatory environment.
  • Risk: Heritage Constraints (I-004)
    Explanation: The site is in a protected Cultural-Historical Entity. Regulatory bodies have the power to reject conceptual design or excavation plans that threaten protected status or adjacent buildings, causing major permitting delays.
  • Risk: Geotechnical Uncertainty (I-005)
    Explanation: The large, deep garage design is based on limited preliminary geotechnical data (only nine boreholes). There is a significant risk that actual soil and groundwater conditions are worse, rendering the initial design for the excavation pit protection fundamentally inadequate and forcing a costly redesign before construction can be permitted.
  • Risk: Operational Interface (I-006)
Explanation: The concept mandates uninterrupted court operations, yet requires the relocation of two live transformer stations that power these courts. The complex logistical sequence of power migration and demolition presents a high risk of operational failure, directly violating a core project requirement and creating massive liability.”

Appendix A.3. Claude Sonnet 4.5

“FINANCIAL & FUNDING RISKS
IP-F-01: EU Recovery and Resilience Facility Funding
Context: The project is funded through the National Recovery and Resilience Plan (NPOO) 2021-2026, Component C2.5 “Modern Justice Ready for Future Challenges” with a strict Q2 2026 completion deadline.
Why it’s critical: EU Recovery Funds have stringent milestone requirements and performance conditions. If the project fails to meet intermediate milestones (location permit by certain date, construction start, progress benchmarks), funding can be suspended or withdrawn. The documentation indicates this is “bespovratna sredstva” (non-repayable grant), but only if conditions are met.
Real implications:
  • The Ministry has limited control over EU policy changes
  • Political changes at EU level could affect disbursement
  • Delay in any phase could trigger milestone failures
  • No funding = project termination at concept stage
IP-F-02: Pre-Investment Study Cost Estimation
Context: The project involves approximately 71,507 m2 of highly specialized judicial facilities with complex technical requirements (nZEB, BIM, structural glazing, underground garage).
Why it’s critical: At concept stage, cost estimations are typically based on benchmarks and preliminary designs. However:
  • The architectural competition design from 2008 needs adaptation to current standards
  • nZEB requirements add 15–25% to conventional construction costs
  • BIM implementation adds complexity and costs
  • Underground excavation in urban environment is expensive and unpredictable
  • Specialized façade systems (4 types) have limited supplier competition
Real implications:
  • If the pre-investment study estimated €70M but actual market costs are €90M, the 29% shortfall must be found or scope reduced
  • Government budget approval is required for any increase
  • Budget increases require returning to Parliament—months of delay
  • Insufficient budget = value engineering = compromised design intent
(…further explanation excluded for brevity).”

Appendix B. AI-Generated Explanatory Outputs for the Planning Phase

Appendix B.1. GPT-5

  • “The Planning Phase of the Trg Pravde judicial infrastructure project focuses on obtaining the location and building permits, developing the Main Design documentation, and finalizing technical and legal requirements before procurement and construction begin.
  • The risk identification process for this phase highlights several important challenges that could impact project readiness and timeline:
-
Design documentation risks—errors or gaps in the Main Design documentation may lead to rework, incomplete permit applications, or cost escalations during execution. Ensuring high-quality and coordinated design outputs is essential at this stage.
-
Permitting delays—prolonged issuance of location or building permits from regulatory bodies could postpone the construction start date. These risks are particularly relevant due to the heritage-protected nature of the site and its location in a sensitive urban context.
-
Late requirement changes—if the investor introduces changes to project scope or functional needs after design finalization, it may trigger costly redesigns or invalidate parts of the permitting process.
-
Coordination failures—inadequate integration across design disciplines or between documentation packages may result in inconsistencies that only become evident during construction, affecting quality and schedule.
-
Regulatory shifts—changes in public procurement or building codes during the design finalization process could lead to compliance issues or require the project team to revise documentation or restart parts of the permitting process.
-
Geotechnical integration gaps—insufficient incorporation of soil and groundwater conditions into structural and foundation design could lead to unsafe assumptions or unanticipated cost increases.
-
Stakeholder misalignment—limited involvement of end-users such as courts and justice sector institutions could result in facility layouts that don’t meet operational requirements, undermining long-term functionality and satisfaction.
  • Addressing these risks during the Planning Phase is critical to secure regulatory approvals, ensure technical completeness, and align all key stakeholders. Proactive risk management at this stage supports a smoother transition into procurement and construction, minimizing disruptions and cost escalations later in the project lifecycle.”

Appendix B.2. Gemini 2.5 Pro

“Here is a detailed explanation for each of the identified risks in the Planning (Pre-construction) Phase of the Trg Pravde project, focusing on the completion of the Main Design and the securing of necessary permits.
1. Regulatory & Permitting Risks
These risks center on the Investor’s/Designer’s inability to transform the conceptual plan into a compliant, legally approved Main Design.
  • P-001: Regulatory Non-Compliance in Main Project (Risk Bearer: Investor/Designer)
    Explanation: The Location Permit (a key document in this phase) requires final approval of the Main Project by multiple regulatory and utility bodies (e.g., City Planning, Cultural Heritage, HEP/Gas). This risk captures the event where upon final submission, a regulator identifies a major non-compliance or technical oversight in the completed design. For instance, the excavation plan may be deemed insufficient for the protected heritage buildings, or the utility relocation plan may be rejected, necessitating a costly, time-consuming major design revision that stalls the entire permitting process.
  • P-007: Utility Approval Failure (TS Relocation) (Risk Bearer: Investor/Designer)
    Explanation: The Main Design must finalize the technical solution for the complex relocation of the two live transformer stations (TS). The risk is that the Designer makes assumptions about the utility provider’s (HEP-ODS) requirements for the new power layout, which are later rejected in the final utility review. This rejection forces the redesign of high-voltage cable routes and the internal layout of the new TS, directly delaying the final sign-off required for the Location Permit.
2. Schedule and Contractual Risks
These risks relate to the fixed NPOO deadline and the flexible clauses regarding design responsibility.
  • P-002: Procurement Delay and Time Compression (Risk Bearer: Investor)
    Explanation: Due to the hard NPOO deadline (Q2 2026 Use Permit), any delay in finalizing the Main Design and obtaining the Location Permit directly reduces the time available for the construction contractor. This risk materializes if the planning phase stretches, forcing the Investor to launch the public tender (procurement) late. This results in a severely compressed construction window (shorter time for the Contractor to build), exponentially increasing the risk of failure to meet the final EU funding date.
  • P-004: Alternative Design Triggers Rework (Risk Bearer: Contractor/Investor)
    Explanation: The project specifications grant the eventual Contractor the option to propose an alternative technical solution for the excavation pit and garage structure. The risk is that the Client invests time and resources in finalizing the Main Project only for the selected Contractor to later exercise this option, presenting a technically superior or significantly cheaper alternative. This triggers a mandatory design change procedure and a new Location Permit cycle, delaying the start of construction and creating contractual conflict over liability and schedule.
3. Technical & Quality Assurance Risks
These risks address the completeness and accuracy of the technical deliverables in the Main Design.
  • P-003: BIM Model Failure (Risk Bearer: Designer/Investor)
    Explanation: This phase requires the production of a finalized, coordinated BIM model to serve as the basis for the Main Design. Given the documented challenge in assessing the original designer’s BIM capacity, the risk is that the Designer fails to deliver a compliant, multi-disciplinary coordinated model. This failure results in uncoordinated design documents (e.g., structural and MEP systems clash), leading to unforeseen errors during construction, and ultimately making the required Asset Information Model (AIM) deliverable impossible.
  • P-006: New Geotechnical Findings Invalidate Design (Risk Bearer: Investor/Designer)
    Explanation: While initial data was limited, the Planning Phase often includes more detailed subsurface investigation. This risk is that the new, more extensive geotechnical investigations reveal conditions significantly worse than anticipated (e.g., an unidentified fault line, massive underground obstruction, or higher water table). This necessitates a fundamental re-design of the structural foundation and piloting plan, invalidating the Main Design and potentially requiring a new Location Permit, leading to major cost and schedule overruns.
4. Stakeholder & Operational Risks
This risk addresses the final logistics plan that governs how construction interfaces with the existing judicial campus.
  • P-005: Judicial Stakeholder Rejection of Operational Plan (Risk Bearer: PM/Investor)
    Explanation: The project’s success hinges on uninterrupted court operations. The Main Design includes a finalized construction site organization plan (logistics, traffic, access, noise mitigation). The risk is that the final plan is deemed unacceptable by the Judicial Institutions that must continue operating on the site. Their rejection would force the Project Manager to completely redesign the entire construction logistics strategy, delaying mobilization and increasing the complexity and cost of site management.”

Appendix B.3. Claude Sonnet 4.5

“DESIGN DEVELOPMENT RISKS
PP-D-01: Main Design (Glavni projekt) Development
Context: The Main Design must coordinate BIM models from 6+ disciplines (architecture, structure, MEP, facade, etc.) at appropriate LOD for permit and tender. Different offices use different software and modeling standards.
Why it is critical: If clashes and inconsistencies are not resolved in the planning phase, they will surface during permit review or on site, when changes are far more expensive and time critical.
Real implications:
  • Undetected clashes force late redesigns, delaying the building permit and tender.
  • Field conflicts lead to RFIs, claims, and rework during construction.
  • Loss of confidence in the BIM model results in parallel 2D workflows and duplication of effort.
PP-D-02: Architectural Adaptation from 2008 Competition Design
Context: The winning design from 2008 predates nZEB, current seismic requirements, and evolved judicial workflows. It must be fully updated while preserving the architectural intent.
Why it is critical: Trying to force a 2008 concept into a 2020s regulatory and functional context risks a design that is either non compliant or compromised in performance and usability.
Real implications:
  • Extensive redesign of envelope, structure, and layouts to meet current codes.
  • Conflicts between architects defending the original vision and engineers demanding changes.
  • Delays in design approvals and potential dissatisfaction of end users with final functionality.
PP-D-03: Structural Design for Phased Construction (Phases 1 to 4)
Context: Phase 1 foundations and structure must safely support future phases 2 to 4, with shared garage and vertical elements already built.
Why it is critical: If future loads, joint locations, and connections are not correctly modeled now, later phases may be impossible or require very costly strengthening.
Real implications:
  • Need for structural retrofits and underpinning when future phases are designed.
  • Inability to connect new phases to existing structures as planned.
  • Budget overruns and disruptions if foundations and connections must be rebuilt.
PP-D-04: nZEB Energy Performance Calculations
Context: The project must meet Croatian nZEB requirements, relying on early energy modeling, airtightness assumptions, and ambitious facade performance.
Why it is critical: Errors at planning stage propagate into the detailed design and tender documents. If energy performance is miscalculated now, compliance may fail at completion.
Real implications:
  • Need for late upgrades to insulation, windows, or HVAC to meet nZEB.
  • Increased CAPEX and OPEX if performance is worse than modeled.
  • Risk of delayed use permit and EU funding exposure if nZEB is not achieved.
(…further explanation excluded for brevity).”

Appendix C. AI-Generated Explanatory Outputs for the Executing Phase

Appendix C.1. GPT-5

“The Executing Phase of the Trg Pravde judicial infrastructure project marks the transition from design to physical construction. It involves coordination between contractors, site supervision, material supply, and regulatory oversight to ensure timely and quality delivery of the southern building and underground garage.
The risk identification model for this phase highlights several operational and compliance-related risks:
-
Labor and subcontractor availability—shortages of skilled labor or poor subcontractor performance may disrupt the construction schedule and cause cascading delays, particularly in specialized trades like structural systems and MEP installations.
-
Site supervision and quality control—insufficient oversight by the site engineer or general contractor can result in non-conforming works, leading to rework, delays, or long-term facility performance issues.
-
Cash flow and funding delays—delayed payments by the investor or interruptions in funding may cause suspension of works, damage contractor cash flow, and increase the risk of claims or disputes.
-
Unforeseen site conditions—unexpected underground obstacles or groundwater complications may require design modifications and delay critical path activities. These risks are amplified due to the complexity of the urban site and the presence of existing infrastructure.
-
Regulatory and safety compliance—sudden inspections or changes in safety legislation can trigger temporary work stoppages or necessitate rework to align with updated requirements.
-
Construction planning deficiencies—ineffective sequencing or poor resource coordination by the contractor can lead to inefficient use of time and materials, causing project overruns.
-
Environmental disruptions—adverse weather or on-site environmental incidents may delay progress or compromise safety. These events are especially impactful during excavation, concrete works, and façade assembly phases.
Identifying and managing these risks during the Executing Phase is essential to maintaining momentum, ensuring quality, and avoiding disputes or cost escalation. Strong contractor oversight, robust site management systems, and responsive issue resolution mechanisms are key to reducing exposure and achieving successful project delivery.”

Appendix C.2. Gemini 2.5 Pro

“Here is a detailed explanation for each of the identified risks in the Executing (Construction) Phase of the Trg Pravde project, focusing on the General Contractor’s responsibility and the project’s critical constraints.
Explanation of the Executing Phase Risks
1.Financial and Schedule Risks
These risks directly threaten the project’s ability to meet its hard, external financing deadline.
  • E-001: Failure to Obtain Use Permit by Q2 2026 (Risk Bearer: GC/Investor)
    Explanation: This is the most critical risk. The project’s NPOO funding mandates a hard deadline for obtaining the final Use Permit (Uporabna dozvola) by Q2 2026. During the Executing Phase, if delays accumulate due to weather, supply chain issues, workforce shortages, or unforeseen site conditions, the Contractor faces an inability to complete the work and pass the technical inspection in time. The consequence is severe: the loss of EU co-financing, triggering massive financial penalties and potentially a contractual default.
2. Technical and Environmental Risks
These risks deal with the physical challenges of the complex underground and structural work.
  • E-002: Geotechnical/Groundwater Failure (Risk Bearer: General Contractor)
    Explanation: The construction involves a deep excavation for a massive 49,409 m2 underground garage. Despite preliminary designs, the actual process of excavation may encounter unexpectedly high groundwater inflow or unstable soil layers not fully mapped in the limited initial studies. A failure in the Contractor’s dewatering system or excavation support structures would cause flooding, collapse potential, major schedule disruption, huge cost overruns, and even pose a safety risk to the adjacent protected buildings.
  • E-004: Critical Quality Defects (Risk Bearer: General Contractor)
    Explanation: The quality of two specific construction elements carries immense long-term risk: waterproofing the massive underground garage and correctly installing the structural anchors/rebar for future phases (Phase 2, 3, 4). Poor workmanship in waterproofing will lead to leakage and massive lifecycle costs for the Investor. Errors in the anchors will structurally compromise the ability to connect future buildings, requiring expensive, difficult, and high-risk structural demolition and rework on the Phase 1 structure.
3. Operational and Interface Risks
These risks stem from the necessity of operating a construction site adjacent to live, functioning judicial institutions.
  • E-003: Operational Disruption via TS Relocation (Risk Bearer: General Contractor)
    Explanation: The Executing Phase requires the physical, complex relocation of two live transformer stations (TS) that power the existing court buildings. This is a high-consequence, high-risk operational task. Any mistake in the power migration sequence (temporary switchover, demolition, final switchover) by the Contractor’s team or subcontractors will result in a power outage for the operational courts, leading to severe legal, operational, and financial penalties due to business interruption.
  • E-005: Design Interface Disputes (Risk Bearer: General Contractor)
    Explanation: If the Contractor exercised the option to design an alternative solution for the excavation pit and garage structure, this risk materializes during construction. It involves structural or utility incompatibility clashes between the Contractor’s design (e.g., structural members or basement penetrations) and the Client’s Main Design for the superstructure (Southern Building). These unresolved clashes lead to construction stoppages, claims, and change orders.
4. Regulatory and Commissioning Risks
These risks threaten the final acceptance and handover of the facility.
  • E-006: Subcontractor System Failure (Risk Bearer: General Contractor)
    Explanation: Construction requires the finalization and commissioning of complex MEP, IT, and specialized systems (e.g., fire suppression, security). The failure of a critical subcontractor (due to poor coordination, lack of resources, or technical deficiencies) to complete, test, and provide documentation for their systems prevents the overall project from passing the technical inspection. This directly delays the issuance of the Use Permit.
  • E-007: Use Permit Refusal (Risk Bearer: General Contractor/Investor)
  • Explanation: This final execution risk is the refusal of the statutory authority to issue the Use Permit (Uporabna dozvola) following the final technical inspection. This is caused by non-compliance with the approved Main Design, missing required as-built documentation (including the final BIM/AIM), or a failure to demonstrate that all installed systems (e.g., fire protection) are fully operational and compliant with the law. This refusal means the building cannot be legally occupied, directly resulting in failure to meet the NPOO deadline (E-001).

Appendix C.3. Claude Sonnet 4.5

“GEOTECHNICAL RISKS
EP-GEO-01: Ground Conditions
Context: Foundation and basement works are based on geotechnical assumptions from a limited investigation (soil layers, bearing capacity, stiffness). Actual conditions may deviate once full excavation is opened.
Why it is critical: If real soil parameters are weaker or significantly different from design assumptions, foundations, retaining structures, and slabs may not perform as intended, directly affecting safety and stability.
Real implications:
  • Need for unplanned ground improvement, additional piles, or deeper foundations.
  • Redesign of structural elements already planned or partially executed.
  • Schedule delays while new designs and approvals are obtained.
  • Cost overruns and potential disputes over who pays for changed conditions.
EP-GEO-02: Groundwater Management
Context: The design assumes groundwater levels at approximately −11.5 m to −13.5 m. During execution, seasonal variations, heavy rain events, or regional aquifer behavior can raise levels above these assumptions.
Why it is critical: Inadequate dewatering capacity or underestimated groundwater pressures can cause flooding, instability, and long term waterproofing issues.
Real implications:
  • Flooded excavation pits, damage to reinforcement, formwork, and early concrete.
  • Need to upgrade pumps, wells, and drainage systems at additional cost.
  • Risk of uplift or buoyancy issues in slabs and foundations.
  • Extensions to construction duration and risk to meeting the EU deadline.
EP-GEO-03: Excavation Pit Protection
Context: The project uses a deep excavation supported by a pile wall system with anchors. Performance depends on correct design assumptions and careful execution.
Why it is critical: Any failure or excessive deformation of the temporary support system poses a severe safety and third party risk.
Real implications:
  • Partial or full collapse of the excavation wall with material and equipment loss.
  • Damage to public roads and adjacent properties, including operational judicial buildings.
  • Injuries or fatalities leading to investigations, work stoppage, and possible criminal liability.
  • Long delays while stabilization, redesign, and legal issues are addressed.
EP-GEO-04: Adjacent Structure Settlement
Context: Excavation and dewatering can induce ground movements that affect nearby heritage and operational court buildings.
Why it is critical: Even relatively small settlements can cause cracking, functional impairment, or structural concerns in older buildings.
Real implications:
  • Visible cracking and distortion of doors, windows, and finishes in adjacent buildings.
  • Operational disruptions to ongoing judicial activities.
  • Expert assessments, monitoring, and remedial works increasing costs.
  • Legal claims, reputational damage, and stricter limits imposed on construction methods.
(…further explanation excluded for brevity).”

Appendix D. AI-Generated Explanatory Outputs for the Closing Phase

Appendix D.1. GPT-5

  • “The Closing Phase of the Trg Pravde judicial infrastructure project centers on the final steps needed to commission the building and hand it over for operational use. A critical milestone in this phase is the issuance of the Occupancy (Usage) Permit, which legally authorizes the building’s use. Delays in obtaining this permit can significantly disrupt transition planning, user relocation, and public service continuity.
    The identified risks for this phase highlight key vulnerabilities:
-
Incomplete or non-compliant documentation—if the documentation submitted for the usage permit lacks required elements or contains discrepancies, the regulatory authority may delay or reject the application, blocking formal building commissioning.
-
Delays in final inspections—postponements in scheduling mandatory technical and safety inspections due to investor-side inaction can extend the overall project closeout timeline and increase costs associated with extended construction site maintenance.
-
Outstanding non-conformities—unresolved punch list items or quality deficiencies may lead the regulatory body to withhold the permit, triggering contractor claims or requiring emergency remediation.
-
Administrative inefficiencies—high workloads or bureaucratic delays within the permitting authority can slow down the review process even when submissions are compliant, impacting operational launch dates.
-
Digital documentation gaps—failure to submit updated BIM-based as-built documentation (AIM) in accordance with project and regulatory requirements can prevent the occupancy permit from being processed, particularly in digitally integrated public-sector projects.
  • Managing these risks during the Closing Phase is vital to ensure a smooth and timely transition from construction to operation. Ensuring complete, high-quality documentation, proactive stakeholder coordination, and early resolution of outstanding works helps secure occupancy approvals and facilitates the full activation of judicial services within the new facility.”

Appendix D.2. Gemini 2.5 Pro

“Here is a detailed explanation for each of the identified risks in the Closing Phase of the Trg Pravde judicial infrastructure project. This phase is dominated by the urgency of regulatory compliance to secure the Use Permit by the critical NPOO deadline.
1. Financial and Legal Catastrophe
These risks center on the consequences of failing to meet the hard, external deadline.
  • CL-001: NPOO Funding Withdrawal (Risk Bearer: Investor/Government)
    Explanation: This is the project’s existential risk. The use of EU funding (NPOO) dictates a non-negotiable deadline for the final Use Permit (Uporabna dozvola) by Q2 2026. If the permit is issued even a day late due to any other closing phase delays (CL-002, CL-003), the project is non-compliant with the funding agreement. The consequence is the withdrawal or clawback of the EU co-financing, leaving the Investor (the Ministry/Government) with a massive, unbudgeted financial gap that could undermine the entire project’s financial viability.
  • CL-002: Regulatory Refusal of Use Permit (Risk Bearer: General Contractor/Investor)
    Explanation: The regulatory body legally blocks the building’s occupation because the General Contractor fails to deliver complete, certified, and compliant statutory documentation. This documentation includes all technical reports, material attestations, test results, and, crucially, the finalized BIM/AIM (Asset Information Model). A refusal not only means the project missed the NPOO deadline but also that the multi-million dollar asset cannot be legally used by the Judicial Institutions, defeating the project’s purpose.
2. Handover and Technical Compliance
These risks address the final technical steps required to certify the building’s readiness.
  • CL-003: Protracted Correction and Re-inspection Cycle (Risk Bearer: GC/Investor)
    Explanation: The final technical inspection identifies critical, systemic, or unaddressed non-compliances (e.g., fire-stopping deficiencies, structural deviations from the approved plans, or major untestable MEP systems). These issues require significant rework, forcing the Contractor into a protracted correction process. Since the regulatory body must then perform a re-inspection, this automatically consumes valuable time in the closing window, almost guaranteeing the project misses the fixed Use Permit deadline (CL-001).
  • CL-005: Immediate Invocation of DLP for Major Defects (Risk Bearer: GC)
    Explanation: Quality defects that were not fully caught during inspection become immediately apparent upon handover or during the facility’s first operational use. The most likely and costly defects include water leakage in the massive underground garage or failures in specialized, integrated systems. The Investor immediately invokes the Defects Liability Period (DLP), forcing the Contractor to mobilize and execute extensive, costly, and potentially disruptive remedial work under warranty while the building is meant to be operational.
3. Contractual and Operational Transfer
These risks involve the necessary transfer of liability, information, and control from the builder to the operator.
  • CL-004: Contractual Handover Stalemates (Risk Bearer: GC/Investor)
    Explanation: At the moment of handover, the Investor and the General Contractor cannot agree on the final project cost and schedule due to unresolved claims, change orders, or outstanding liquidated damages. This contractual dispute leads to a stalemate, where the Contractor refuses to provide the final necessary statutory sign-offs (e.g., final lien waivers, as-built drawings, or compliance statements) until the dispute is settled. This action legally blocks the final step of the Use Permit application, regardless of the building’s physical completion.
  • CL-006: Operational Deficiencies and Training Failure (Risk Bearer: Investor)
    Explanation: The Investor fails to ensure that the end-users (Judicial Institutions) and the facility management team are successfully trained on the operation of the building’s complex new systems (especially the extensive garage and utility infrastructure). This results in operational delays, immediate maintenance failures, and user-induced damage upon opening, leading to disputes over the completeness of the handover and significantly increasing the facility’s operational costs and the Contractor’s warranty burden.
  • CL-007: Political Interference in Permitting (Risk Bearer: Investor/Government)
    Explanation: Due to the project’s high political visibility and the NPOO deadline, there is a risk that political pressure is applied to the regulatory body. This could result in a technically flawed or rushed Use Permit being issued (compromising safety) or, conversely, an unjustified or protracted refusal to grant the permit due to bureaucratic caution, leading to a legal and political battle over the final acceptance.”

Appendix D.3. Claude Sonnet 4.5

“TECHNICAL INSPECTION AND COMPLIANCE RISKS
CP-T-01: Technical Inspection Commission
Context: Final submission for the occupancy permit requires complete technical inspection documentation, which includes detailed test results, declarations, geodetic surveys, as-built drawings, and compliance statements.
Why it is critical: Any gaps or inconsistencies prevent the technical inspection commission from completing its review.
Real implications:
  • Rejection of permit documentation due to missing or incomplete records.
  • Resubmissions and prolonged administrative cycles.
  • Contractor and investor forced to recompile or reproduce technical documents under time pressure.
  • Delay in initiating the occupancy permit process, affecting the NPOO deadline.
CP-T-02: Building Systems Commissioning
Context: Mechanical, electrical, and specialty systems must be fully commissioned prior to inspection.
Why it is critical: Unresolved performance issues or incomplete commissioning invalidate technical compliance.
Real implications:
  • Technical commission identifies unacceptable system performance.
  • Additional testing, balancing, or system modifications required.
  • Extended schedule for commissioning teams already demobilizing.
  • Permit withheld until deficiencies are fully resolved.
CP-T-03: Fire Safety Compliance Verification
Context: Fire safety authorities verify systems such as sprinklers, hydrants, alarms, detectors, and evacuation routes.
Why it is critical: Fire protection is one of the most stringent prerequisites for occupancy approval.
Real implications:
  • Fire authority rejects the system due to missing components or incomplete tests.
  • Need for corrective work in ceilings, shafts, or technical rooms.
  • Technical inspection halted until fire safety is re-approved.
  • Significant delays if full retesting is required.
CP-T-04: Air Tightness Testing Failure
Context: The building must achieve defined n50 thresholds to obtain nZEB certification and satisfy the technical inspection.
Why it is critical: Airtightness deficiencies typically require invasive remediation.
Real implications:
  • Remediation of thousands of small leaks in the envelope.
  • Repeat blower-door testing cycles.
  • Delay of nZEB certification and occupancy permit.
  • Increased project cost and schedule pressure.
(…further explanation excluded for brevity).”

References

  1. Pejić, M.S.; Terzić, M.; Stanojević, D.; Peško, I.; Mučenski, V. Improving construction projects and reducing risk by using artificial intelligence. Soc. Inform. J. 2023, 2, 33–40. [Google Scholar] [CrossRef]
  2. Ivić, I.; Cerić, A. Risks Caused by Information Asymmetry in Construction Projects: A Systematic Literature Review. Sustainability 2023, 15, 9979. [Google Scholar] [CrossRef]
  3. Lovrenčić Butković, L. A new framework for ranking Critical Success Factors for International Construction Projects. Organ. Technol. Manag. Constr. 2021, 13, 2505–2520. [Google Scholar]
  4. Nyqvist, R.; Peltokorpi, A.; Seppänen, O. Can ChatGPT exceed humans in construction project risk management? Eng. Constr. Archit. Manag. 2024, 31, 223–243. [Google Scholar] [CrossRef]
  5. Reddy, A.S. Risk Management in Construction Industry—A Case Study. Int. J. Innov. Res. Sci. Eng. Technol. 2015, 4, 10058. [Google Scholar]
  6. Baduge, S.K.; Thilakarathna, S.; Perera, J.S.; Arashpour, M.; Sharafi, P.; Teodosio, B.; Shringi, A.; Mnedis, P. Artificial intelligence and smart vision for building and construction 4.0: Machine and deep learning methods and applications. Autom. Constr. 2022, 141, 104440. [Google Scholar] [CrossRef]
  7. Liao, C.; Aminudin, E.; Mohd, S.; Yap, L.S. Intelligent risk management in construction projects: Systematic literature review. IEEE Access 2022, 10, 72936–72954. [Google Scholar] [CrossRef]
  8. Afzal, F.; Shao, Y.; Nazir, M.; Bhatti, S.M. A review of artificial intelligence-based risk assessment methods for capturing complexity-risk interdependencies: Cost overrun in construction projects. Int. J. Manag. Proj. Bus. 2021, 14, 300–328. [Google Scholar] [CrossRef]
  9. Abioye, S.O.; Oyedele, L.O.; Akanbi, L.; Ajayi, A.; Delgado, J.M.D.; Bilal, M.; Akinade, O.O.; Ahmed, A. Artificial intelligence in the construction industry: A review of present status, opportunities and future challenges. J. Build. Eng. 2021, 44, 103299. [Google Scholar] [CrossRef]
  10. Korke, P.; Gobinath, R.; Shewale, M.; Khartode, B. Role of Artificial Intelligence in Construction Project Management. In Proceedings of the 2023 International Conference on Sustainable Technologies in Civil and Environmental Engineering (ICSTCE 2023), Pimpri, India, 15–16 June 2023; Volume 405, p. 04012. [Google Scholar]
  11. Bento, S.; Pereira, L.; Gonçalves, R.; Dias, Á.L.; Costa, R.L. Artificial intelligence in project management: Systematic literature review. Int. J. Technol. Intell. Plan. 2022, 13, 143–163. [Google Scholar] [CrossRef]
  12. Regona, M.; Yigitcanlar, T.; Xia, B.; Li, R.Y.M. Opportunities and adoption challenges of AI in the construction industry: A PRISMA review. J. Open Innov. Technol. Mark. Complex. 2022, 8, 45. [Google Scholar] [CrossRef]
  13. Chen, K.; Zhou, X.; Bao, Z.; Skibniewski, M.J.; Fang, W. Artificial intelligence in infrastructure construction: A critical review. Front. Eng. Manag. 2025, 12, 24–38. [Google Scholar] [CrossRef]
  14. Pan, Y.; Zhang, L. Roles of artificial intelligence in construction engineering and management: A critical review and future trends. Autom. Constr. 2021, 122, 103517. [Google Scholar] [CrossRef]
  15. Khodabakhshian, A.; Puolitaival, T.; Kestle, L. Deterministic and probabilistic risk management approaches in construction projects: A systematic literature review and comparative analysis. Buildings 2023, 13, 1312. [Google Scholar] [CrossRef]
  16. Raisch, S.; Krakowski, S. Artificial Intelligence and Management: The Automation-Augmentation Paradox. Acad. Manag. Rev. 2021, 46, 192–210. [Google Scholar] [CrossRef]
  17. Aladağ, H. Assessing the Accuracy of ChatGPT Use for Risk Management in Construction Projects. Sustainability 2023, 15, 16071. [Google Scholar] [CrossRef]
  18. Emmons, D.L.; Mazzuchi, T.A.; Sarkani, S.; Larsen, C.E. Mitigating Cognitive Biases in Risk Identification: Practitioner Checklist for the Aerospace Sector. Def. Acquis. Res. J. 2018, 25, 52–93. [Google Scholar] [CrossRef] [PubMed]
  19. PM2 Project Management Methodology v3.1, European Commission, Centre of Excellence in PM2. Available online: https://pm2.europa.eu/pm2-methodologies/pm2-project-management_en (accessed on 4 October 2025).
  20. EOJN RH. Izvođenje Radova Izgradnje Južne Zgrade i Podzemne Garaže na Trgu Pravde. Available online: https://eojn.hr/ (accessed on 6 October 2025).
Table 1. Filtered financial risks (generated using GPT-5).
Table 1. Filtered financial risks (generated using GPT-5).
PhaseCodeRisk SourceCause/DriverRisk (Delivery, Event, or Impact)Affected AreaRisk CategoryRisk Bearer
InitiatingRCP-03Government/Funding BodyDelays in budget approval or EU fund allocationPostponement of procurement and mobilizationScheduleFinancial RiskInvestor
ExecutingRCP-17InvestorLate payments or disruptions in funding flowSuspension of works or contractor claimsCash Flow, ScheduleFinancial RiskInvestor
Table 2. Filtered regulatory risks (generated using GPT-5).
Table 2. Filtered regulatory risks (generated using GPT-5).
PhaseCodeRisk SourceCause/DriverRisk (Delivery, Event, or Impact)Affected AreaRisk CategoryRisk Bearer
InitiatingRCP-04Regulatory BodiesProlonged permitting or location permit issuanceDelays in start of procurement phaseScheduleRegulatory RiskRegulatory Authorities
PlanningRCP-09Regulatory BodiesDelays in issuing location or building permitsDelayed start of construction and procurement processesScheduleRegulatory RiskInvestor/Government
PlanningRCP-12Government/Legal FrameworkChanges in construction or procurement regulationsRequired redesign or re-tenderingSchedule, ComplianceRegulatory RiskInvestor
ExecutingRCP-19Government/Regulatory BodiesUnannounced inspections or changes in safety standardsTemporary halts or rework to comply with regulationsSchedule, ComplianceRegulatory RiskGeneral Contractor
ClosingRCP-22Regulatory BodyIncomplete or non-compliant documentation submitted for usage permitDelay in issuance of Occupancy PermitHandover, Operational ReadinessRegulatory RiskInvestor
Table 3. Stakeholder-grouped risks: Investor (generated using GPT-5).
Table 3. Stakeholder-grouped risks: Investor (generated using GPT-5).
PhaseCodeRisk SourceCause/DriverRisk (Delivery, Event, or Impact)Affected AreaRisk CategoryRisk Bearer
InitiatingRCP-01InvestorInadequate definition of functional requirements in the pre-investment phaseMisalignment between final facility design and judicial operational needsProject Scope and QualityRequirements RiskInvestor
InitiatingRCP-03Government/Funding BodyDelays in budget approval or EU fund allocationPostponement of procurement and mobilizationScheduleFinancial RiskInvestor
InitiatingRCP-05Environmental ConstraintsPresence of protected trees and heritage-listed buildingsConstraints on design or need for redesignDesign, Scope, ScheduleEnvironmental RiskDesigner/Investor
InitiatingRCP-06Geotechnical ConditionsUncertainties in subsoil and groundwater conditionsUnforeseen foundation design changes or cost increasesCost, DesignTechnical RiskDesigner/Investor
InitiatingRCP-07Stakeholder EngagementInsufficient consultation with future building usersMisalignment of space planning and user needsFunctionality, QualityStakeholder RiskInvestor/Project Manager
PlanningRCP-09Regulatory BodiesDelays in issuing location or building permitsDelayed start of construction and procurement processesScheduleRegulatory RiskInvestor/Government
PlanningRCP-10InvestorLate changes in project requirements or program scopeDesign changes and cost escalationScope, CostChange Management RiskInvestor
PlanningRCP-12Government/Legal FrameworkChanges in construction or procurement regulationsRequired redesign or re-tenderingSchedule, ComplianceRegulatory RiskInvestor
PlanningRCP-13DesignerInsufficient incorporation of site-specific geotechnical conditionsInaccurate design assumptions or foundation issuesSafety, CostTechnical RiskDesigner/Investor
PlanningRCP-14Stakeholder (Judicial Institutions)Inadequate involvement of end-users during design finalizationMismatch between facility layout and functional needsFunctionality, SatisfactionStakeholder RiskInvestor
ExecutingRCP-17InvestorLate payments or disruptions in funding flowSuspension of works or contractor claimsCash Flow, ScheduleFinancial RiskInvestor
ExecutingRCP-21Environmental ConditionsAdverse weather or environmental incidentsDelays or damages to construction worksSchedule, SafetyEnvironmental RiskGeneral Contractor/Investor
ClosingRCP-22Regulatory BodyNon-compliant documentation submitted for permitDelay in issuance of occupancy permitHandover, Operational ReadinessRegulatory RiskInvestor
ClosingRCP-23InvestorDelays in final inspections and approvalsExtended project closeout timelineSchedule, Commissioning Management RiskInvestor
ClosingRCP-24InvestorOutstanding non-conformities or punch list itemsRegulatory body withholds usage permitQuality, ComplianceQuality Control RiskInvestor/Contractor
ClosingRCP-26InvestorFailure to submit updated BIM-based as-built documentationPermit cannot be processed or approval delayedDocumentation, CommissioningDigital Compliance RiskInvestor
Table 4. Stakeholder-grouped risks: General Contractor (generated using GPT-5).
Table 4. Stakeholder-grouped risks: General Contractor (generated using GPT-5).
PhaseCodeRisk SourceCause/DriverRisk (Delivery, Event, or Impact)Affected AreaRisk CategoryRisk Bearer
ExecutingRCP-15General ContractorShortage of skilled labor or subcontractor performance issuesDelays in construction activities and schedule slippagesScheduleConstruction RiskGeneral Contractor
ExecutingRCP-16Site EngineerInadequate site supervision or quality controlDefective works or non-compliance with design specificationsQualityQuality Assurance RiskGeneral Contractor/Site Engineer
ExecutingRCP-18Construction Site ConditionsUnexpected underground obstacles or groundwater levelsWork stoppages or design modificationsSchedule, CostTechnical RiskGeneral Contractor/Designer
ExecutingRCP-19Government/Regulatory BodiesUnannounced inspections or changes in safety standardsTemporary halts or rework to comply with regulationsSchedule, ComplianceRegulatory RiskGeneral Contractor
ExecutingRCP-20General ContractorPoor planning or sequencing of construction worksInefficient resource use and project delaysCost, ScheduleConstruction RiskGeneral Contractor
ExecutingRCP-21Environmental ConditionsAdverse weather or environmental incidentsDelays or damages to construction worksSchedule, SafetyEnvironmental RiskGeneral Contractor/Investor
Table 5. Summary of expert questionnaire results (n = 3).
Table 5. Summary of expert questionnaire results (n = 3).
QuestionFocusObserved Responses
Q11Missing or misclassified risksAll experts provided qualitative feedback, reporting no missing risks but noting that some risks were defined too broadly and could be specified more precisely.
Q22Usefulness of AI for initial risk identificationRated Very useful (2/3) and Extremely useful (1/3).
Q23Trust in AI-generated risk listsRated Moderately trustful by all experts (3/3).
Q24Main limitation of AI-generated outputsResponses varied, highlighting overgeneralization, dependence on provided project context, and missing critical constraints.
Q25Effectiveness of a hybrid human–AI approachAll experts answered Yes, definitely (3/3).
Q27Most accurate overall AI modelClaude Sonnet 4.5 (2/3), GPT-5 (1/3).
Q28Clearest explanations of risk analysis outputGPT-5 selected by all experts (3/3).
Q29Best understanding of project constraintsClaude Sonnet 4.5 (2/3), Gemini 2.5 Pro (1/3).
Q30Chosen AI model as primary referenceGPT-5 selected by all experts (3/3).
Table 6. AI model comparison for risk identification.
Table 6. AI model comparison for risk identification.
AspectGPT-5Gemini 2.5 ProClaude Sonnet 4.5
Output format & sizeExported a table (Excel) with 26 risks total; brief text summary.Provided a table in Google Sheets with 28 risks total; structured narrative explanation in a few thematic groups.In-chat table with ~240 detailed risks total; extensive written analysis for each risk item.
Depth of explanationConcise: Summarized broad risk categories in a few bullet points (focused on key issues like requirements, design, funding, etc.).Moderate: Grouped risks into key clusters (e.g., viability, design, etc.) with clear bullet explanations highlighting causes and impacts.High: Elaborated on each risk with context (e.g., specific data, regulations) and detailed implications; essentially a mini-report for every risk.
Coverage of categoriesBroad but shallow: Touched on major domains (strategic, design, financial, etc.) with roughly one risk example each.Focused breadth: Covered critical phase-specific domains (financial, technical/design, etc.) but not every possible category; prioritized the most pressing areas identified.Comprehensive: Systematically addressed all domains, often listing multiple distinct risks per category for thorough coverage.
Practical usefulnessQuick overview: Easy to scan and kickstart discussion, but would need further detail from human experts for mitigation planning.Targeted insight: Highlights top high-impact issues across the project phases, aiding prioritization; less overwhelming and context-rich, though some categories (e.g., quality, market conditions) are not explicitly covered.In-depth resource: Very rich detail supports thorough risk planning and understanding, though the volume of information may require time for a team to digest and filter for relevance.
Notable strengthsEfficient broad-strokes identification; output aligns with typical high-level risk checklists a human might start with.Balanced context-specific details with structured grouping, making the output digestible and directly relevant to the project’s situation.Extremely detailed and context-aware, capturing nuances (e.g., funding conditions, technical specs, site history) that others omit—similar to an expert’s comprehensive report.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Vilibić, K.; Sigmund, Z.; Završki, I. Intelligent Risk Identification in Construction Projects: A Case Study of an AI-Based Framework. Buildings 2026, 16, 409. https://doi.org/10.3390/buildings16020409

AMA Style

Vilibić K, Sigmund Z, Završki I. Intelligent Risk Identification in Construction Projects: A Case Study of an AI-Based Framework. Buildings. 2026; 16(2):409. https://doi.org/10.3390/buildings16020409

Chicago/Turabian Style

Vilibić, Kristijan, Zvonko Sigmund, and Ivica Završki. 2026. "Intelligent Risk Identification in Construction Projects: A Case Study of an AI-Based Framework" Buildings 16, no. 2: 409. https://doi.org/10.3390/buildings16020409

APA Style

Vilibić, K., Sigmund, Z., & Završki, I. (2026). Intelligent Risk Identification in Construction Projects: A Case Study of an AI-Based Framework. Buildings, 16(2), 409. https://doi.org/10.3390/buildings16020409

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop