HomeNavigating the New ETSI AI Security Standard
ETSI EN 304 223 establishes foundational security requirements for artificial intelligence that organizations should embed within their governance structures.
As enterprises integrate machine learning into core workflows, this European Standard provides specific provisions for protecting AI models and systems. It is the first globally applicable European Standard for AI cybersecurity, formally approved by National Standards Organizations, which reinforces its credibility across international markets.
Serving as a complementary benchmark to the EU AI Act, this standard acknowledges that AI systems carry unique risks—including data poisoning, model obfuscation, and indirect prompt injection—which conventional software security practices frequently overlook. It applies to deep neural networks, generative AI, and basic predictive systems, explicitly excluding only those used exclusively for academic research.
ETSI standard defines the chain of accountability for AI security
One persistent challenge in enterprise AI deployment is assigning risk ownership. The ETSI standard addresses this by delineating three core technical roles: Developers, System Operators, and Data Custodians.
In many organizations, these boundaries become unclear. For example, a financial services company that fine-tunes an open-source model for fraud detection qualifies as both a Developer and a System Operator. This dual role imposes strict responsibilities: the firm must secure the deployment environment while documenting training data provenance and model design audits.
The explicit inclusion of "Data Custodians" as a separate stakeholder group directly affects Chief Data and Analytics Officers (CDAOs). These individuals manage data permissions and integrity—a role now carrying clear security obligations. Custodians must verify that the system's intended use matches the sensitivity of its training data, effectively embedding a security gatekeeper within data management processes.
The ETSI AI standard emphasizes that security must not be an afterthought added only during deployment. In the design phase, organizations must perform threat modeling that accounts for AI-specific attacks, such as membership inference and model obfuscation.
One requirement mandates that developers limit functionality to minimize the attack surface. For example, if a system employs a multimodal model but only processes text, the unused modalities—such as image or audio processing—become risks that need mitigation. This pushes technical leaders to rethink the common habit of deploying large, general-purpose foundation models when a smaller, more specialized model would be sufficient.
The standard also mandates rigorous asset management. Developers and System Operators must keep a detailed inventory of assets, covering interdependencies and connectivity. This facilitates discovery of shadow AI—IT leaders cannot protect models they are unaware of. Additionally, the standard requires disaster recovery plans specifically designed for AI attacks, ensuring that a "known good state" can be restored if a model is compromised.
Supply chain security poses a direct challenge for organizations that depend on third-party vendors or open-source repositories. Under the ETSI standard, if a System Operator opts to use poorly documented AI models or components, they must justify that choice and document the accompanying security risks.
In practice, procurement teams can no longer accept "black box" solutions. Developers must supply cryptographic hashes for model components to verify their authenticity. When training data is obtained from public sources—common for large language models—developers must record the source URL and acquisition timestamp. This audit trail supports post-incident investigations, especially when determining whether a model was affected by data poisoning during training.
Enterprises that provide APIs to external customers must implement controls to counter AI-specific attacks, such as rate limiting to prevent adversaries from reverse-engineering the model or overwhelming defenses to inject poisoned data.
This lifecycle approach continues into the maintenance phase, where the standard views major updates—like retraining on new data—as deploying a new version. Under the ETSI AI standard, such updates require fresh security testing and evaluation.
Continuous monitoring is also systematized. System Operators must analyze logs not only for uptime but also to identify "data drift" or gradual behavioral changes that might signal a security breach. This shifts AI monitoring from a performance metric to a security function.
The standard also covers the "End of Life" phase. When a model is retired or transferred, organizations must engage Data Custodians to ensure secure disposal of data and configuration details. This requirement prevents sensitive intellectual property or training data from leaking through discarded hardware or forgotten cloud instances.
Executive oversight and governance responsibilities
Complying with ETSI EN 304 223 requires revisiting current cybersecurity training programs. The standard demands role-specific training, ensuring that developers grasp secure coding for AI while general employees stay alert to threats like social engineering through AI outputs.
"ETSI EN 304 223 marks a significant milestone in creating a shared, robust foundation for AI system security," said Scott Cadzow, Chair of ETSI's Technical Committee for Securing Artificial Intelligence.
"As AI becomes more embedded in critical services and infrastructure, the value of clear, practical guidance that acknowledges both the complexity of these technologies and the realities of deployment cannot be overstated. The effort behind this framework stems from broad collaboration, enabling organizations to trust AI systems that are resilient, trustworthy, and secure by design."
Adopting the baselines outlined in the ETSI AI security standard creates a framework for safer innovation. Through documented audit trails, well-defined roles, and supply chain transparency, organizations can reduce the risks of AI adoption while building a defensible stance for future regulatory reviews.
A forthcoming Technical Report (ETSI TR 104 159) will apply these principles specifically to generative AI, addressing challenges such as deepfakes and disinformation.
Also read: Allister Frost on tackling workforce anxiety for successful AI integration
Interested in insights from AI and big data experts? Explore the AI & Big Data Expo in Amsterdam, California, and London. This comprehensive event, part of TechEx, is co-located with other leading technology conferences. Click here for details.
AI News is brought to you by TechForge Media. Discover other upcoming enterprise technology events and webinars here.
Related article
Gmail launches personalized AI Inbox, AI Overviews in search, and more
Google introduced a new AI-powered inbox for Gmail that gives you a personalized snapshot of your tasks and keeps you in the loop on key updates. Alongside that, Gmail is rolling out AI Overviews in search and a proofreading tool similar to Grammarly
First Baidu AI Comic Drama Creation Base in Shandong Launches in Zibo
On April 27, Shandong Province reached a milestone in digital cultural creation with the official launch of its first Baidu AI comic drama creation base at Zibo Normal College. This base represents a new chapter in school-enterprise collaboration, ai
Sandberg and Clegg Join Nscale Board as 'Stargate Norway' Startup Hits $14.6B Valuation
As demand surges for data centers capable of delivering AI compute at scale, Nscale, a British AI infrastructure company backed by Nvidia, has reached a valuation of $14.6 billion. That positions it as one of Europe's newest decacorns, alongside Hels
Related Special Topic Recommendations
Comic Creation
AI Character Profile Creators: Generate Detailed Backstories & Visual Refs for Manga Leads
2026 Latest Best AI Character Profile Creators: Discover top-rated tools to generate detailed backstories and visual references for your manga leads. Our curated, weekly-updated list compares free vs paid options based on real-world tests. Find powerful, game-changing solutions to craft compelling characters and streamline your creative workflow. Explore the rankings on XIX.AI and unlock your perfect storytelling ally today.
10 tools
xix.ai
Health & Wellness
AI Pregnancy Copilots: Generate Safe Trimester-by-Trimester Workout & Nutrition Plans
Discover the 2026 best AI pregnancy copilots for safe, personalized trimester-by-trimester workout and nutrition plans. Get top-rated, curated recommendations with free vs paid comparisons and real-world insights. Unlock your healthiest pregnancy journey with XIX.AI's expert guide. Explore now.
10 tools
xix.ai
writing
Best Free AI Undetectable Writers: Turn Robotic Drafts into Natural, Human-Like Prose
Discover the 2026 best free undetectable AI writers at XIX.AI. Our top-rated, curated list helps you transform robotic drafts into natural, human-like prose. Compare free vs paid options with real-world tests and weekly updated rankings. Unlock your AI writing edge today.
10 tools
xix.ai
Image editing
AI Art Generators for Short-Drama Storyboards: Fantasy & Urban Romance Characters
2026 Latest: Discover the best AI art generators for short-drama storyboards. Our curated list features top-rated tools for creating compelling fantasy and urban romance characters. Compare free vs paid options, see real-world test results, and find your perfect creative partner. Get weekly updated rankings and expert insights from XIX.AI. Start visualizing your story today!
10 tools
xix.ai
writing
Best AI Scripting Tools for Radio & Podcasting: Write Engaging Audio Commercials
Discover the 2026 best AI scripting tools for radio & podcasting at XIX.AI. Our curated, top-rated list features powerful, game-changing solutions to write engaging audio commercials fast. Compare free vs paid options with real-world tests and weekly updated rankings. Unlock your creative edge today!
10 tools
xix.ai
Business
Best AI Contract Review Software: Spot Legal Loopholes & Compliance Risks Instantly
Discover the 2026 best AI contract review software on XIX.AI. Our top-rated, curated list features powerful tools that instantly spot legal loopholes and compliance risks. Compare free vs paid options with real-world tests and weekly updated rankings. Find your game-changing solution for secure, efficient contract analysis. Explore the definitive guide now.
10 tools
xix.ai
Comments (0)
0/500
ETSI EN 304 223 establishes foundational security requirements for artificial intelligence that organizations should embed within their governance structures.
As enterprises integrate machine learning into core workflows, this European Standard provides specific provisions for protecting AI models and systems. It is the first globally applicable European Standard for AI cybersecurity, formally approved by National Standards Organizations, which reinforces its credibility across international markets.
Serving as a complementary benchmark to the EU AI Act, this standard acknowledges that AI systems carry unique risks—including data poisoning, model obfuscation, and indirect prompt injection—which conventional software security practices frequently overlook. It applies to deep neural networks, generative AI, and basic predictive systems, explicitly excluding only those used exclusively for academic research.
ETSI standard defines the chain of accountability for AI security
One persistent challenge in enterprise AI deployment is assigning risk ownership. The ETSI standard addresses this by delineating three core technical roles: Developers, System Operators, and Data Custodians.
In many organizations, these boundaries become unclear. For example, a financial services company that fine-tunes an open-source model for fraud detection qualifies as both a Developer and a System Operator. This dual role imposes strict responsibilities: the firm must secure the deployment environment while documenting training data provenance and model design audits.
The explicit inclusion of "Data Custodians" as a separate stakeholder group directly affects Chief Data and Analytics Officers (CDAOs). These individuals manage data permissions and integrity—a role now carrying clear security obligations. Custodians must verify that the system's intended use matches the sensitivity of its training data, effectively embedding a security gatekeeper within data management processes.
The ETSI AI standard emphasizes that security must not be an afterthought added only during deployment. In the design phase, organizations must perform threat modeling that accounts for AI-specific attacks, such as membership inference and model obfuscation.
One requirement mandates that developers limit functionality to minimize the attack surface. For example, if a system employs a multimodal model but only processes text, the unused modalities—such as image or audio processing—become risks that need mitigation. This pushes technical leaders to rethink the common habit of deploying large, general-purpose foundation models when a smaller, more specialized model would be sufficient.
The standard also mandates rigorous asset management. Developers and System Operators must keep a detailed inventory of assets, covering interdependencies and connectivity. This facilitates discovery of shadow AI—IT leaders cannot protect models they are unaware of. Additionally, the standard requires disaster recovery plans specifically designed for AI attacks, ensuring that a "known good state" can be restored if a model is compromised.
Supply chain security poses a direct challenge for organizations that depend on third-party vendors or open-source repositories. Under the ETSI standard, if a System Operator opts to use poorly documented AI models or components, they must justify that choice and document the accompanying security risks.
In practice, procurement teams can no longer accept "black box" solutions. Developers must supply cryptographic hashes for model components to verify their authenticity. When training data is obtained from public sources—common for large language models—developers must record the source URL and acquisition timestamp. This audit trail supports post-incident investigations, especially when determining whether a model was affected by data poisoning during training.
Enterprises that provide APIs to external customers must implement controls to counter AI-specific attacks, such as rate limiting to prevent adversaries from reverse-engineering the model or overwhelming defenses to inject poisoned data.
This lifecycle approach continues into the maintenance phase, where the standard views major updates—like retraining on new data—as deploying a new version. Under the ETSI AI standard, such updates require fresh security testing and evaluation.
Continuous monitoring is also systematized. System Operators must analyze logs not only for uptime but also to identify "data drift" or gradual behavioral changes that might signal a security breach. This shifts AI monitoring from a performance metric to a security function.
The standard also covers the "End of Life" phase. When a model is retired or transferred, organizations must engage Data Custodians to ensure secure disposal of data and configuration details. This requirement prevents sensitive intellectual property or training data from leaking through discarded hardware or forgotten cloud instances.
Executive oversight and governance responsibilities
Complying with ETSI EN 304 223 requires revisiting current cybersecurity training programs. The standard demands role-specific training, ensuring that developers grasp secure coding for AI while general employees stay alert to threats like social engineering through AI outputs.
"ETSI EN 304 223 marks a significant milestone in creating a shared, robust foundation for AI system security," said Scott Cadzow, Chair of ETSI's Technical Committee for Securing Artificial Intelligence.
"As AI becomes more embedded in critical services and infrastructure, the value of clear, practical guidance that acknowledges both the complexity of these technologies and the realities of deployment cannot be overstated. The effort behind this framework stems from broad collaboration, enabling organizations to trust AI systems that are resilient, trustworthy, and secure by design."
Adopting the baselines outlined in the ETSI AI security standard creates a framework for safer innovation. Through documented audit trails, well-defined roles, and supply chain transparency, organizations can reduce the risks of AI adoption while building a defensible stance for future regulatory reviews.
A forthcoming Technical Report (ETSI TR 104 159) will apply these principles specifically to generative AI, addressing challenges such as deepfakes and disinformation.
Also read: Allister Frost on tackling workforce anxiety for successful AI integration
Interested in insights from AI and big data experts? Explore the AI & Big Data Expo in Amsterdam, California, and London. This comprehensive event, part of TechEx, is co-located with other leading technology conferences. Click here for details.
AI News is brought to you by TechForge Media. Discover other upcoming enterprise technology events and webinars here.
Gmail launches personalized AI Inbox, AI Overviews in search, and more
Google introduced a new AI-powered inbox for Gmail that gives you a personalized snapshot of your tasks and keeps you in the loop on key updates. Alongside that, Gmail is rolling out AI Overviews in search and a proofreading tool similar to Grammarly
First Baidu AI Comic Drama Creation Base in Shandong Launches in Zibo
On April 27, Shandong Province reached a milestone in digital cultural creation with the official launch of its first Baidu AI comic drama creation base at Zibo Normal College. This base represents a new chapter in school-enterprise collaboration, ai
Sandberg and Clegg Join Nscale Board as 'Stargate Norway' Startup Hits $14.6B Valuation
As demand surges for data centers capable of delivering AI compute at scale, Nscale, a British AI infrastructure company backed by Nvidia, has reached a valuation of $14.6 billion. That positions it as one of Europe's newest decacorns, alongside Hels
2026 Latest Best AI Character Profile Creators: Discover top-rated tools to generate detailed backstories and visual references for your manga leads. Our curated, weekly-updated list compares free vs paid options based on real-world tests. Find powerful, game-changing solutions to craft compelling characters and streamline your creative workflow. Explore the rankings on XIX.AI and unlock your perfect storytelling ally today.
10 tools
xix.ai
Discover the 2026 best AI pregnancy copilots for safe, personalized trimester-by-trimester workout and nutrition plans. Get top-rated, curated recommendations with free vs paid comparisons and real-world insights. Unlock your healthiest pregnancy journey with XIX.AI's expert guide. Explore now.
10 tools
xix.ai
Discover the 2026 best free undetectable AI writers at XIX.AI. Our top-rated, curated list helps you transform robotic drafts into natural, human-like prose. Compare free vs paid options with real-world tests and weekly updated rankings. Unlock your AI writing edge today.
10 tools
xix.ai
2026 Latest: Discover the best AI art generators for short-drama storyboards. Our curated list features top-rated tools for creating compelling fantasy and urban romance characters. Compare free vs paid options, see real-world test results, and find your perfect creative partner. Get weekly updated rankings and expert insights from XIX.AI. Start visualizing your story today!
10 tools
xix.ai
Discover the 2026 best AI scripting tools for radio & podcasting at XIX.AI. Our curated, top-rated list features powerful, game-changing solutions to write engaging audio commercials fast. Compare free vs paid options with real-world tests and weekly updated rankings. Unlock your creative edge today!
10 tools
xix.ai
Discover the 2026 best AI contract review software on XIX.AI. Our top-rated, curated list features powerful tools that instantly spot legal loopholes and compliance risks. Compare free vs paid options with real-world tests and weekly updated rankings. Find your game-changing solution for secure, efficient contract analysis. Explore the definitive guide now.
10 tools
xix.ai
