AI Technical Standards

1. Overview

Technical standards translate high-level AI governance principles into concrete, implementable requirements. They are increasingly referenced in legislation (the EU AI Act explicitly references harmonised standards) and serve as the practical bridge between policy intent and engineering practice.

Key Standards Bodies

Organization	Type	AI Standards Scope	Website
ISO/IEC JTC 1/SC 42	International	Foundational AI standards; management systems; trustworthiness; data quality	iso.org
IEEE SA	International	Ethically aligned design; autonomous systems; algorithmic bias; transparency	ieee.org
NIST	US (widely adopted)	AI Risk Management Framework; trustworthy AI; evaluation methods	nist.gov
CEN/CENELEC	European	Harmonised standards for EU AI Act compliance; AI management; risk assessment	cencenelec.eu
ETSI	European	AI security; securing AI in networks; trustworthy AI architecture	etsi.org

2. ISO/IEC 42001 — AI Management System

ISO/IEC 42001:2023 is the world’s first international standard for AI management systems. Published December 2023, it provides a certifiable framework for organizations developing, providing, or using AI systems. It follows the Annex SL structure familiar from ISO 9001 and ISO 27001.

2.1 Structure

Clause	Title	Key Requirements
4	Context of the Organization	Understanding the organization, interested parties, scope, and AIMS
5	Leadership	Management commitment; AI policy; roles and responsibilities
6	Planning	Risk assessment; AI impact assessment; objectives and plans
7	Support	Resources; competence; awareness; communication; documented information
8	Operation	AI system lifecycle processes; data management; third-party considerations
9	Performance Evaluation	Monitoring; internal audit; management review
10	Improvement	Nonconformity; corrective action; continual improvement

2.2 Annex Controls

Annex A provides 38 controls across 8 domains; Annex B provides implementation guidance. The controls cover AI policy, responsible AI, impact assessment, AI system lifecycle, data for AI, information for interested parties, use of AI systems, and third-party relationships.

3. NIST AI Risk Management Framework (AI RMF 1.0)

3.1 Background

Published January 2023, the NIST AI RMF is a voluntary framework designed to help organizations manage risks associated with AI systems. Referenced by the US Executive Order on AI (EO 14110) and widely adopted internationally.

3.2 Core Structure

Function	Description	Key Categories
GOVERN	Cultivate a culture of risk management; establish policies, processes, procedures	Governance structure; risk management strategy; organizational roles
MAP	Context is recognized and risks related to context are identified	Intended use; stakeholder identification; risk characterization
MEASURE	Identified risks are assessed, analyzed, or tracked	Testing; metrics; bias evaluation; monitoring
MANAGE	Risks are prioritized and acted upon	Response plans; risk treatment; post-deployment monitoring

3.3 Companion Resources

AI RMF Playbook: Practical guidance with suggested actions for each subcategory
AI RMF Generative AI Profile (2024): Extends the framework specifically for generative AI risks including hallucination, CBRN, CSAM, and dual-use concerns
Crosswalks: Mappings between AI RMF and ISO 42001, EU AI Act, OECD principles

4. IEEE AI Standards

4.1 P7000 Series (Ethically Aligned Design)

Standard	Title	Status	Scope
IEEE 7000-2021	Model Process for Addressing Ethical Concerns During System Design	Published	Ethical value-based design process for any system
IEEE 7001-2021	Transparency of Autonomous Systems	Published	Measurable transparency levels for autonomous systems
IEEE 7002-2022	Data Privacy Process	Published	Privacy engineering for AI and autonomous systems
IEEE 7003-2023	Algorithmic Bias Considerations	Published	Bias detection and mitigation across AI lifecycle
IEEE P7004	Child and Student Data Governance	In development	Protecting minors’ data in AI systems
IEEE P7005	Employer Data Governance	In development	Workplace data governance for AI
IEEE P7006	Personal Data AI Agent	In development	Standards for AI agents managing personal data
IEEE P7007	Ontological Standard for Ethically Driven Robotics and Automation Systems	In development	Ontology for ethical robotics
IEEE P7008	Ethically Driven Nudging for Robotic, Intelligent, and Autonomous Systems	In development	Ethical persuasion in AI systems
IEEE P7009	Fail-Safe Design of Autonomous and Semi-Autonomous Systems	In development	Fail-safe engineering for AI
IEEE P7010	Wellbeing Metrics Standard for Ethical AI and Autonomous Systems	In development	Measuring human wellbeing impact

5. Other ISO/IEC AI Standards

Standard	Title	Year	Key Content
ISO/IEC 22989	AI Concepts and Terminology	2022	Foundational definitions; taxonomy of AI concepts
ISO/IEC 23053	Framework for AI Systems Using ML	2022	Reference architecture for ML-based AI systems
ISO/IEC 23894	AI Risk Management	2023	Risk management guidance specific to AI systems
ISO/IEC 38507	Governance Implications of AI	2022	Board-level governance guidance for AI
ISO/IEC 25059	Quality Model for AI Systems	2023	Quality characteristics specific to AI (extends SQuaRE)
ISO/IEC TR 24027	Bias in AI Systems	2021	Sources of bias; measurement approaches; mitigation
ISO/IEC TR 24028	Trustworthiness in AI	2020	Overview of trustworthiness concerns and approaches
ISO/IEC TR 24029	Assessment of Neural Network Robustness	2021	Methods for evaluating robustness of neural networks
ISO/IEC TR 24030	AI Use Cases	2021	Collection of AI use cases across sectors
ISO/IEC 5259 series	Data Quality for AI	2024	Multi-part standard on AI training/test data quality
ISO/IEC 12792	Transparency Taxonomy	2024	Taxonomy of AI transparency concepts and requirements

6. AI Safety Standards

6.1 Emerging Safety Standards

Standard/Framework	Organization	Focus	Status
ISO/IEC DIS 27090	ISO/IEC	Cybersecurity for AI	Draft
ISO/IEC DIS 27091	ISO/IEC	Privacy protection for AI	Draft
ETSI SAI GR 004	ETSI	Problem statement on securing AI	Published
ETSI SAI GR 005	ETSI	Mitigation strategy for AI threats	Published
NIST AI 100-2e2025	NIST	Adversarial ML — Taxonomy and terminology	Published
NIST AI 600-1	NIST	Generative AI Profile (AI RMF companion)	Published
UL 4600	Underwriters Laboratories	Safety for autonomous products (vehicles, drones, robots)	Published

7. Sector-Specific Standards

Sector	Standard	Scope
Healthcare	IEC 62304 (medical device software); ISO 14971 (risk management); IEC 82304-1 (health software); WHO AI ethics guidance	Medical AI device lifecycle; clinical validation; patient safety
Automotive	ISO 26262 (functional safety); ISO/PAS 21448 (SOTIF); SAE J3016 (driving automation levels); UL 4600	Autonomous vehicle safety; operational design domain; fail-safe requirements
Financial Services	SR 11-7 (OCC model risk management); SS1/23 (PRA/BoE model risk); IEEE 2863 (org governance of ML)	Model validation; explainability; fair lending; anti-money laundering
Aerospace	EASA AI Concept Paper; SAE AIR6988; EUROCAE ED-324	AI in aviation systems; certification; operational approval

8. Standards & Regulatory Compliance

8.1 EU AI Act Harmonised Standards

The EU AI Act relies on harmonised standards developed by CEN/CENELEC to operationalize its requirements. CEN/CENELEC JTC 21 has been tasked with developing standards that, when followed, create a presumption of conformity with the AI Act.

Standard Request Area	Related AI Act Requirement	Expected Standard
Risk management	Article 9	Based on ISO/IEC 23894
Data governance	Article 10	Based on ISO/IEC 5259 series
Technical documentation	Article 11	New CEN/CENELEC standard
Record-keeping	Article 12	Based on ISO/IEC 42001 Annex A
Transparency	Article 13	Based on ISO/IEC 12792
Human oversight	Article 14	New CEN/CENELEC standard
Accuracy, robustness, cybersecurity	Article 15	Based on ISO/IEC 25059, 27090
Quality management	Article 17	Based on ISO/IEC 42001

9. Comparative Analysis

Dimension	ISO/IEC 42001	NIST AI RMF	IEEE P7000 Series
Type	Certifiable management system	Voluntary risk framework	Process standards
Scope	Organizational AI management	AI risk identification and mitigation	Ethical design processes
Certification	Yes (third-party audit)	No (self-assessment)	No (guidance)
Cost	CHF 187 (standard purchase)	Free (publicly available)	Varies by standard
Regulatory linkage	EU AI Act presumption of conformity	US EO 14110 reference	Referenced in policy discussions
Best for	Organizations seeking certification	Organizations wanting flexible risk framework	Engineering teams designing systems

Table of Contents