Standards Development

Scope

This document is addressed to providers of AI-based products and services, either developing AI systems or integrating AI system into other devices.

This document provides requirements for the characterization of trustworthiness of AI-based products and services.

This document includes:

 A model that provides a set of trustworthiness characteristics for the assessment of trustworthiness of AI, aligning with international standards.

 A list of criteria related to each trustworthiness characteristic, upon which a selection is performed in order to assess the characteristics. The selection depends on the context of the AI service or product (operational design domain, stakeholders, life cycle, etc.). The document details the way the selection is performed.

 A list of observables for each criterion that are applied in order to assess the criterion, with references to existing standards.

This document does not cover the measurable aspects of organisations or processes, unless relevant to the measurement of trustworthiness. The criteria and observables are limited to those that directly affect the measurement of the trustworthiness of a product or service.

Vertical standardizations and applications can use the trustworthiness concepts, adopt or adapt the criteria and controls or even build new ones if needed.

Purpose

The project is to develop a standard on AI trustworthiness characterization ensuring the coherence of all related standards and their easiness of implementation, as requested in the latest version of the Article 40 of the draft AI Act from 15th of July 2022.

In order to respond to the need for both horizontal and application-specific standards, this project supports a single schema for defining the requirements for the characterization of the trustworthiness of AI products and services, as part of the AI system assurance model.

It thus provides the list of all the concepts (the characteristics) underlying the notion of trustworthiness. Each characteristic is broken down in a list of criteria in which the user of the standard shall select the most relevant to their context; the standard details the way this selection is to be performed, including AI lifecycle, intended domain of use, Operational Design Domain (ODD), etc. For each criterion, a list of observables is proposed, with references to existing standards.

In order to ensure the usability of the standard in domain-specific applications, the requirements pertain only to the list of characteristics that are related to trustworthiness, with which high-risk AI service or product is expected to comply with, and the obligation to select the relevant related criteria (the selection being justified through the context of the user of the standard). The methods for assessment can be selected among the list of observables provided in the standard, with the possibility of relying on other existing domain-specific standards.

The usability of the standard in verticals will be verified through examples of application on AI use cases provided in ISO/IEC TR 24030:2021 Information technology —Artificial intelligence (AI) —Use cases. These examples will be presented in an annex to the standard.

In order to maximize the usability of the standard by companies of any size, and to increase the overall usability of the standard, the number of characteristics will be limited, and the user of the standard will be able to select the criteria that apply to their context. Other options for ensuring usability will be discussed with initiatives such as SBS SMEs.

The project intends to align with the requirements specific to the draft AI Act, in particular relative to the European areas of interest and values. This relationship will be presented in Annex Z of the document. The project will also ensure that all trustworthy requirements scoped in this standard are well aligned with the already listed high-risk requirements of the AI Act (chapter 2, articles 9- 15 of the draft) as well as the technical specification defined in related harmonized standards for the AI Act.

In order to be adapted and aligned with the aspects linked to trustworthiness in the AI Act, the standard should fulfill several requirements such as the timeline imposed for the creation of an harmonized standard, the exhaustiveness of the characteristics, the provision of operational methods for their assessment, and a detailed articulation of trustworthiness with other dependent factors such as safety (risks), the stakeholders, AI life cycle, and the Operational Design Domain of the AI system. The group acknowledges the initiatives that tackle in a direct or indirect manner these topics of interest, and has established a strategy for ensuring consistency/alignment where relevant, and ensuring that the project’s standard will provide a significant added value.

Annex I presents the positioning of the standard with respect to other standards. Through continuous concertation, the project will ensure consistency with JTC21 current activities and align with the relevant ISO principles.

Annex II presents a short overview of the consumers’ concerns related to trustworthiness, and highlights potential directions to explore in the project duration to ensure trustworthiness for all stakeholders including the final consumers.