Artificial Intelligence (AI): ISO/IEC 23894:2023

ISO/IEC 23894:2023 is a standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that provides guidance on how organizations can manage risk related to artificial intelligence (AI). The document aims to help organizations that develop, produce, deploy, or use products, systems, and services that use AI to manage the associated risks.

ISO/IEC 23894:2023 provides strategic guidance for managing risks connected to the development and use of AI across all sectors. The standard offers guidance on how organizations can integrate risk management into their AI-driven activities and business functions. The document aims to assist organizations in integrating risk management into their AI-related activities and functions, ultimately resulting in the more effective and secure use of AI.

The document is an international standard, classified under ICS category 35.020, which covers information technology (IT) in general.

The impact of ISO/IEC 23894:2023 on the industry is yet to be seen as it was just recently published. However, it is expected to provide valuable guidance for organizations involved in the development, production, deployment, or use of AI-based products, systems, and services. By providing guidance on managing risks related to AI, the standard may contribute to increasing the trustworthiness and reliability of AI-based products, systems, and services, which may, in turn, enhance their adoption and usage.

Based on the provided web search results, there is no clear mention of technical requirements for certification under ISO/IEC 23894:2023. The standard provides guidance on managing risk related to AI, but it is not a certification standard.

However, it is worth noting that ISO/IEC JTC 1/SC 42, the joint technical committee that develops international standards for AI, has published a new Technical Report (ISO/IEC TR 24028:2020) that provides an overview of topics relevant to building the trustworthiness of AI systems. This Technical Report could be useful for organizations looking to implement trustworthy AI systems and may include technical requirements for certification.

It is also possible that there may be certification programs or schemes that use ISO/IEC 23894:2023 as a reference or basis for certification, but this information is not readily available from the provided web search results. Organizations interested in certification should consult with relevant certification bodies or seek further information from ISO/IEC JTC 1/SC 42.

Here are some potential pros and cons of this standard:

Pros:

• Provides guidance: The standard offers guidance to organizations that develop, produce, deploy or use AI products, systems, and services to manage risk specifically related to AI. This can be helpful in ensuring that AI is developed and used in a responsible and ethical manner.
• International standard: As an International Standard, ISO/IEC 23894:2023 provides a common framework that can be adopted by organizations across the globe. This can promote consistency in AI development and use.
• Integrates risk management: The standard aims to assist organizations in integrating risk management into their AI-related activities and functions. This can help ensure that AI is developed and used in a way that minimizes harm to users and society.

Cons:

• Not mandatory: ISO/IEC 23894:2023 is not a mandatory standard, meaning that organizations are not required to follow it. As such, it may not be adopted by all organizations developing and using AI, which could limit its impact.
• Limited scope: The standard is focused specifically on managing risks related to AI. While this is an important issue, it does not address all of the potential ethical and societal concerns related to AI.
• Limited feedback: As a newly published standard, there is limited feedback available on its effectiveness and implementation in real-world scenarios. This may make it difficult for organizations to fully evaluate the pros and cons of adopting this standard.

In summary, ISO/IEC 23894:2023 is a standard that provides guidance on managing risk associated with the development and use of AI. The document offers strategic guidance to organizations across all sectors for managing risks connected to the development and use of AI. It covers various topics such as identifying and assessing AI risks, developing and implementing risk management plans, and monitoring and reviewing risk management practices.

ISO/IEC 23894:2023 is developed by the ISO/IEC Joint Technical Committee 1/Subcommittee 42 (JTC 1/SC 42) on Artificial Intelligence.

Overall, ISO/IEC 23894:2023 provides a comprehensive framework for managing AI risks and promoting the responsible use of AI technology in organizations.