ISO/IEC standards on AI
Foundational standards (ISO/IEC 22989, 42001, 25059…)
Standards for AI developers and testers (ISO/IEC 42119 series, ISO/IEC 4213, Natural Language Processing…)
Trustworthiness standards (transparency, XAI, bias, logging…)
^ ISO/IEC JTC 1/SC 42
Context
ISO/IEC JTC 1/SC 42 “Artificial intelligence” is the international committee for AI standardisation, held as a collaboration between ISO/IEC under Joint Technical Committee 1 “Information Technology”. It has been created in 2017 but has known a rapid expansion to match the pressing needs from the AI ecosystem, for which it won the LDE award in 2023. Volunteer experts from 50 countries across all continents are participating in the work, and 25 more countries are attending as observers.
ISO/IEC JTC 1/SC 42 collaborates closely with several other subcommittees of JTC 1, other committees within ISO and IEC, and has liaisons initiated to or from various organisations across the world (international organisations such as WTO or OECD, industry consortia, civil society and NGOs, other standards developing organisations, etc.). It has a special collaboration, under the Vienna Agreement, with CEN-CENELEC JTC 21 as the European committee mandated by the European Commission to develop the standards in support of the AI Act.
ISO/IEC JTC 1/SC 42 is Chaired by Wael Diab (USA) and its Secretariat is held by Heather Benko from ANSI.
Structure
ISO/IEC JTC 1/SC 42 comprises 5 working groups, 6 joint working groups in collaboration with other committees, one joint advisory group and two ad-hoc groups for more organisational matters.
The 5 working groups cover the main aspects of AI system development and use:
WG 1 “Foundational standards”, led by Marta Janczarski (Ireland)
WG 2 “Data”, led by David Boyd (USA)
WG 3 “Trustworthiness”, led by David Filip (Ireland)
WG 4 “Use cases and applications”, led by Nobuhiro Hosokawa (Nobuhiro)
WG 5 “Computational approaches and computational characteristics of AI systems”, led by Ning Sun (China)
The 6 joint working groups and the joint advisory group focus on particular aspects that are interdisciplinary and at the interface with other committees:
JWG 2 (with ISO/IEC JTC 1/SC 7 "Software and systems engineering"), on AI testing and software engineering practices for AI, led by Adam Leon Smith (UK) and co-led on SC 7 side by Stuart Reid (UK)
JWG 3 (with ISO/TC 215 "Health informatics") on “AI enabled health informatics”, led by Shusaku Tsumoto (Japan)
JWG 4 (with IEC TC65/SC65A "Industrial-process measurement, control and automation — System aspects"), on “Functional safety and AI systems”, led by Riccardo Mariani (Italy)
JWG 5 (with ISO/TC 37 “Language and terminology), on “Natural language processing”, led by Lauriane Aufrant (France) and co-led on TC 37 side by Avashlin Moodley (South Africa)
JWG 6 (with ISO/CASCO "Committee on conformity assessment") on “Conformity assessment schemes for AI systems”, led by Martina Paul (Switzerland) and co-led on CASCO side by Graeme Drake (Australia)
JWG 7 (with ISO/TC 68 "Financial services"), on AI in finance, led by Aditya Mohan (Ireland) and co-led on TC 68 side by James Northey (USA)
JAG (with ISO/IEC JTC 1/SC 39 "Sustainability, IT and data centres"), on “AI and sustainability”, led by Derick Adil (Philippines) and co-led on SC 39 side by Phil Isaak (USA)
The 2 ad-hoc groups are AHG 4 “Liaison with SC 27”, led by Elaine Newton (USA), and AHG 8 “Best practices for new proposals”, led by Olivier Blais (Canada).
Work programme
As of October 2025, ISO/IEC JTC 1/SC 42 has published 39 ISO standards and 46 others are under development. Several of them have been initiated specifically with a view to support the AI Act, and a few more are relevant for the AI Act and are being considered by CEN-CENELEC JTC 21 as a basis or reference for its own specifications towards regulatory compliance.
In this page are only listed a few key standards from ISO/IEC JTC 1/SC 42.
See also:
The ISO/IEC JTC 1/SC 42 page on the ISO website describes the structure, status and relevant contact points of the committee.
The list of standards published and under development in ISO/IEC JTC 1/SC 42 provides further details on the scope and development stage of each standard, and allows to view samples of the already published ones.
^ Foundational standards
Terminology standards: ISO/IEC 22989:2022 and ISO/IEC 23053:2022
ISO/IEC 22989:2022 “Artificial intelligence concepts and terminology" provides definitions for a series of terms related to AI. It also introduces a number of concepts (e.g. some AI technologies and approaches), together with several foundational frameworks, such as the delineation of stages within the lifecycle of an AI system.
It is complemented by ISO/IEC 23053:2022 “Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML)" which provides additional terminology that is specific to machine learning and details further some concepts.
These two standards are intended for a broad audience that is not necessarily technical. As a result they are meant to be compatible with the terminology used in technical circles, but they do not dive into technical subtleties of delineating these concepts and they do not cover technically specific terms and concepts. Stakeholders with advanced technical needs can refer to dedicated standards on each topic, for more specific information and terminology that can support their work.
ISO/IEC 22989:2022 is available free of charge on the ISO website and its terms and definitions can be viewed directly online on the ISO Online Browsing Platform.
An amendment of both standards is in preparation, for integrating additional terms related to generative AI. It is foreseen to be published in the first half of 2026.
Management system: ISO/IEC 42001:2023
ISO/IEC 42001:2023 “Artificial intelligence — Management system” establishes a management system (set of procedures and policies for internal organisation and efficiency) for organisations developing or using AI systems.
ISO/IEC 42001:2023 follows a similar approach and relies on similar concepts with ISO/IEC 27001:2022 (information security management system), ISO/IEC 23894:2023 (guidance on AI risk management) which is in turn based on ISO 31000:2018 (risk management guidelines), ISO/IEC 42005:2025 (AI system impact assessment) and other related management systems. ISO/IEC 42006:2025 establishes the competencies required for audit and certification to ISO/IEC 42001:2023.
It is a recurring question whether ISO/IEC 42001:2023 can be used to fulfill the obligations in the AI Act. It cannot, because it pursues different objectives from those of EU legislation and regulatory compliance:
ISO/IEC 42001:2023 focuses on requirements on organisations, whereas the AI Act is a product safety legislation, hence concerned with requirements that apply and are verified on the product itself. A well-organised provider can still produce a non-compliant product (e.g. if technology is not mature enough), and vice versa.
ISO/IEC 42001:2023 relies on the uncertainty-oriented concept of risk (more risk appetite can give more opportunities), while the AI Act targets the harm-related concept of risk (severity and likelihood of a harm, which is by design undesirable and to be minimised), which is substantially different and legally incompatible. See the “Main principles of the AI Act” page for more details on the risk-based approach in EU legislation.
ISO/IEC 42001:2023 considers the organisation’s own interests and objectives (e.g. profit, customer satisfaction) when making trade-offs. The AI Act solely pertains to legal obligations and the impact on individuals and society, for which trade-offs cannot be made with business objectives for instance. Being profitable is not a legal obligation set by the AI Act.
ISO/IEC 42001:2023 is designed to establish a common framework around the organisation’s processes but not be too prescriptive on the specific processes, and let the organisation decide what practices they deem relevant in their own case and want to be certified for. The AI Act seeks to bring guarantees, and standards used for regulatory compliance cannot leave room for arbitrary choices.
Compliance with ISO/IEC 42001:2023 will therefore not help a provider to comply with the AI Act.
However, ISO/IEC 42001:2023 can help a provider to reflect on their own practices, establish more efficient processes, improve internal communication or planning, and ultimately develop better AI systems. It can therefore be applied in a voluntary manner, in addition to any process for regulatory compliance. The standards developed in support of the AI Act (in particular the Quality Management System standard for the AI Act) are meant to be compatible with ISO/IEC 42001:2023, in the sense that they can be implemented jointly if the provider wishes to, but this is an independent decision from the regulatory compliance.
Quality model: ISO/IEC 25059:2023
ISO/IEC 25059:2023 “Quality model for AI systems” is part of the “Software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE)” set of interrelated standards. It extends ISO/IEC 25010:2011 “System and software quality models”, which defines the general quality characteristics for software (e.g. functional suitability, reliability, integrity, testability) and ISO/IEC 25059:2023 complements it with AI-specific characteristics or sub-characteristics. It provides a framework for unambiguously discussing the desired characteristics of a given AI system.
ISO/IEC 25010 has been revised in 2023 to become two complementary standards, ISO/EIC 25010:2023 “Product quality model” and ISO/IEC 25019:2023 “Quality-in-use model”. ISO/IEC 25059 is therefore being revised in turn to account for these changes.
ISO/IEC TS 25058:2024 “Guidance for quality evaluation of artificial intelligence (AI) systems” complements ISO/IEC 25059:2023 by offering insights on how to assess each of the defined quality characteristics. It is similarly undergoing revision.
^ Standards for AI developers and testers
AI testing: ISO/IEC 42119 series
The ISO/IEC 42119 series “Testing of AI” builds on the ISO/IEC 29119 series “Software testing” and seeks to provide an entry point for all activities related to testing AI systems. It currently comprises ISO/IEC TS 42119-2 “Overview of testing AI systems” and ISO/IEC TS 42119-3 “Verification and validation analysis of AI systems” which are about to be published, and ISO/IEC TS 42119-7 “Red teaming” and ISO/IEC TS 42119-8 “Quality assessment of prompt-based text-to-text systems that utilize generative AI” which are under development. Several other parts are already planned, focusing on different types of AI systems and their specificities for testing.
The ISO/IEC 42119 series is developed as part of a collaboration with ISO/IEC JTC 1/SC 7 “Software and systems engineering”, which maintains the ISO/IEC 29119 series.
Metrics: ISO/IEC 4213:—
ISO/IEC 4213:— “Performance measurement for AI classification, regression, clustering and recommendation tasks” defines metrics to measure performance (in the sense of the suitability of the output) for four generic tasks in AI. This includes for instance precision, recall, F1-score, precision @ K, root mean square error, Kullback-Leibler divergence, normalized mutual information or the adjusted Rand score. The metrics are defined in a generic way which can be either used as is for those four tasks, or built upon to derive more specific metrics for other AI tasks.
ISO/IEC 4213:— is the ongoing revision of the previously published ISO/IEC TS 4213:2022 which was focused on classification only.
Natural language processing: ISO/IEC TR 23281, ISO/IEC 23282, PWI 25526
ISO/IEC TR 23281:— “Overview of AI tasks and functionalities related to natural language processing” identifies and organises a large set of tasks belonging to natural language processing, in the broad sense of any processing involving natural language (as input or output, as text or speech or other modalities, including multimodality). This includes more than 60 tasks such as machine translation, automated speech recognition, named entity recognition, sentiment analysis, speaker diarization, but also question answering, automatic summarization, constrained text generation, language modelling, source code documentation. It also includes some additional functionalities beyond tasks, such as domain adaptation. For each task or functionality, ISO/IEC TR 23281:— defines precisely its expected inputs and outputs, as well as the specific intended processing. In many cases, the task actually encompasses multiple settings or variants (slightly different processing, output under a different formalism…), which are formally identified and distinguished, in order to enable non-ambiguous designation of the exact task that is referred to.
ISO/IEC 23282:— “Evaluation methods for accurate natural language processing systems” builds on ISO/IEC TR 23281:— to specify relevant evaluation methods corresponding to each of the identified tasks, or variants thereof. This includes both automated metrics (from simple formulas to trained metrics, including LLM-based ones) and reproducibility-oriented protocols for human evaluation (e.g. leveraging crowd-sourcing to capture human subjective assessment on various dimensions). For each metric, detailed specifications are provided to ensure reproducibility and comparability of evaluation results, by identifying all varying parameters between different ways to apply or implement these metrics, so that the specific form of the metric used can be formally referenced and communicated. The document also provides reference points of typical values for each metric given a task, depending on the type of language or characteristics of the use case, as well as insights on what these metrics model and how to meaningfully interpret a high score. ISO/IEC 23282:— directly builds on ISO/IEC 4213:—, reusing its specifications for the metrics that derive from one of the generic metrics (which is the case of some tasks, but not all).
ISO/IEC PWI 25526:— “Taxonomy of computational methods specific to natural language processing” is another extension of ISO/IEC TR 23281:—, reusing the same set of identified tasks to identify the main approaches or specific methods that exist for each. Work is at an early preparatory stage and publication is not foreseen before 2028.
ISO/IEC TR 23281:— and ISO/IEC TR 23282:— are being developed jointly with CEN-CENELEC JTC 21. All three standards are under a collaboration with ISO/TC 37 “Language and terminology”.
^ Trustworthiness standards
Transparency: ISO/IEC 12792:2025
ISO/IEC 12792:2025 “Transparency taxonomy of AI systems” identifies and organises an extensive set of information elements that can be documented or otherwise communicated about an AI system. This includes information about the context of the AI system (e.g. its societal impact), the AI system itself (e.g. its API, its intended purpose), its inner workings at model level (e.g. algorithm, hyperparameters, formats, hardware used) and the documentation of any dataset involved (e.g. its size, data provenance, any transform applied, profile of manual annotators, storage location). Each information element is given an identifier in order to facilitate referencing and enable to build technical documentation based on this taxonomy.
ISO/IEC 12792:2025 has been developed jointly with CEN-CENELEC JTC 21 and its European version can be referenced as EN ISO/IEC 12792:2025.
Explainability and interpretability: ISO/IEC TS 6254:2025
ISO/IEC TS 6254:2025 “Objectives and approaches for explainability and interpretability of machine learning (ML) models and artificial intelligence (AI) systems” establishes a set of criteria to organise the wide diversity of existing methods for explainability and interpretability and relate them with the various types of needs that stakeholders can have with respect to those. It acknowledges that there is no one-size-fits-all method for explainability and details the varying expectations depending on the profile of the targeted audience, their frame activity, the scope of the information provided (local or global), and other properties (completeness, depth, reasoning path, implicit or explicit). On top of addressing different needs, explainability and interpretability methods also follow different approaches, with different forms of explanation and diverse technical constraints. A systematic way to perform this analysis is defined and applied to a large inventory of example methods. The document also provides a lifecycle-based process to integrate these techniques when developing AI systems, based on the analysis of those properties.
Bias: ISO/IEC TR 24027:2021, ISO/IEC TS 12791:2024
ISO/IEC TR 24027:2021 “Bias in AI systems and AI aided decision making” establishes the main concepts around bias, its relationship with fairness, with caveats on the conflation between bias as a desired technical characteristic of algorithms and unwanted bias as an inappropriate difference of treatment. It distinguishes human cognitive biases from technical bias within data or systems, detailing various potential sources of bias. The document also describes a handful of approaches to assess fairness in AI systems, as well as insights into possible measures for treating unwanted bias at each lifecycle stage of an AI system.
ISO/IEC TS 12791:2024 “Treatment of unwanted bias in classification and regression machine learning tasks” further details the good practices that are applicable at each lifecycle stage of an AI system to treat unwanted bias. A number of requirements are supported with implementation guidance, including illustrative examples and possible techniques to apply. A series of methods encompassing both algorithmic interventions and data handling are identified.
ISO/IEC TS 12791:2024 has been developed jointly with CEN-CENELEC JTC 21 and its European version can be referenced as CEN/CLC ISO/IEC/TS 12791:2024.
Logging: ISO/IEC 24970:—
ISO/IEC 24970:— “AI system logging” defines the main requirements for implementing logging capabilities for an AI system (internally or externally to that IA system). It covers general requirements (e.g. integrity of the logs, technical documentation of the capabilities) as well as design aspects such as traceability of the log entries or the central role of risk assessment to identify relevant events to be logged. The document analyses the relationship of logging with operation, human oversight and automated monitoring, including event detection and event mitigation, and derives a base set of triggers for logging (e.g. outlier input, unwanted bias detection, human intervention in the operation, epoch evaluation when training a ML model), together with associated information to log in each case. Specific provisions are including regarding the long-term storage of logs and access conditions depending on the stakeholder.
ISO/IEC 24970:— is being developed jointly with CEN-CENELEC JTC 21 and its European version can be referenced as prEN ISO/IEC 24970:—. It is foreseen to be published mid-2026.