ISO/IEC 23894:2023 provides organisation-level guidance for managing risks that arise from the development, deployment and use of AI systems. It sets out processes to identify, analyse, evaluate, treat, monitor and communicate AI-specific risks within existing enterprise risk management. The standard applies across the AI lifecycle and to all actors that “develop, produce, deploy or use products, systems and services that utilize artificial intelligence (AI)” and aims to help them “integrate risk management into their AI-related activities and functions,” describing processes for effective implementation and integration. It is positioned as general guidance that can be adopted by diverse sectors and paired with domain standards or regulatory duties.
Date
Citation
ISO/IEC 23894:2023
Instrument Type
Jurisdiction
Institution