European requirements group ETSI has launched a brand new set of technical specs designed to function an “worldwide benchmark” for securing AI fashions and methods.
ETSI TS 104 223 is titled Securing Synthetic Intelligence (SAI); Baseline Cyber Safety Necessities for AI Fashions and Methods.
It describes a set of 13 core ideas, increasing to a complete of 72 trackable ideas, throughout 5 lifecycle phases: safe design, improvement, deployment, upkeep and finish of life.
It’s going to profit all related stakeholders within the AI provide chain, from builders and distributors to integrators and operators, the requirements physique claimed.
The specs incorporate not solely tried-and-tested safety greatest practices, but in addition novel approaches aligned with the distinctive challenges offered by AI methods and fashions. These embody information poisoning, mannequin obfuscation, oblique immediate injection and vulnerabilities tied to complicated information administration, ETSI mentioned.
Scott Cadzow, chair of ETSI’s Technical Committee for Securing Synthetic Intelligence, described the specification as a “international first” in setting a transparent baseline for securing AI.
“In an period the place cyber-threats are rising in each quantity and class and negatively impacting organizations of each form, it’s critical that the design, improvement, deployment, and operation and upkeep of AI fashions is protected against malicious and undesirable inference,” he added.
“Safety have to be a core requirement, not simply within the improvement part, however all through the lifecycle of the system. This new specification will assist do exactly that – not solely in Europe, however all over the world.”
No Point out of UK’s Position
ETSI claimed that the doc was developed by its Technical Committee (TC) on Securing Synthetic Intelligence (SAI), which it mentioned consists of representatives from worldwide organizations, authorities our bodies and cybersecurity consultants.
Nevertheless, on first look it seems indistinguishable from the UK government’s AI Code of Practice, printed in February. Its 13 ideas and 5 lifecycle phases are an identical.
The truth is, the federal government on the time claimed that its code, “produced in collaboration with international companions,” would type the idea of a world ETSI normal.
This text was up to date with the under assertion on April 25, 2025.
An ETSI spokesperson despatched Infosecurity the next assertion:
“The technical specification wouldn’t be potential with out the collaboration with the UK’s [Department for Science, Innovation and Technology] DSIT and the Nationwide Cyber Safety Centre, who wrote the precursor steering. As main safety organizations, their work and consultancy have been foundational to the ETSI technical specification (TS) improvement, which will likely be clearer as soon as the technical report related to the TS is printed. ETSI’s members are vastly grateful for the partnership in growing this normal.”
