Definition

ISO/IEC 23894

ISO/IEC 23894 provides guidelines for managing risks associated with the development and use of AI systems.

ISO/IEC 23894:2023 applies the ISO 31000 framework to the specific context of artificial intelligence. It addresses technical, ethical, social and governance risks inherent to AI systems throughout their lifecycle.

Key aspects

AI-specific risks

Identifies categories such as algorithmic bias, lack of explainability, data dependency, unsupervised autonomy and emergent risks.

AI system lifecycle

Risks must be assessed across all phases: design, development, training, validation, deployment, operation and retirement.

Complement to ISO 42001

While ISO 42001 establishes the AI management system, ISO 23894 deepens the methodology for evaluating and treating AI-specific risks.

Frequently asked questions

No. It is a guidelines standard that complements ISO 42001 (which is certifiable). It provides risk methodology but not auditable requirements.

Provides a structured framework for meeting risk assessment requirements that the EU AI Act demands for high-risk AI systems.

Comparison

Ready to act on these findings?

Need an assessment in this area?

Request diagnosis→View research→

Loading content…

ISO/IEC 23894

Key aspects

AI-specific risks

AI system lifecycle

Complement to ISO 42001

Frequently asked questions

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?

ISO/IEC 23894

Key aspects

AI-specific risks

AI system lifecycle

Complement to ISO 42001

Frequently asked questions

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?

ISO/IEC 23894

Key aspects

AI-specific risks

AI system lifecycle

Complement to ISO 42001

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?

ISO/IEC 23894

Key aspects

AI-specific risks

AI system lifecycle

Complement to ISO 42001

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?