Standards in support of the AI Act
Process-oriented standards (quality, risk, conformity)
Product specifications (data, accuracy & robustness, AI cybersecurity, logging & oversight, transparency)
^ CEN-CENELEC JTC 21
Context
CEN-CENELEC JTC 21 “Artificial Intelligence” is the European committee for AI standardisation. It has been created in June 2021, in the context of the early preparations for the AI Act.
While JTC 21’s activity is not solely focused on AI Act-related standards and also develops some other lines of work, the AI Act has been the priority of the committee since its creation. It collaborates closely with the European Commission, which has issued a standardisation request to JTC 21 and monitors the progress of JTC 21’s work programme in response.
JTC 21 is composed of volunteer experts from all EU countries (with varying degrees of involvement), as well as UK, Switzerland, Norway and Iceland. Four non-European countries have the status of observers and can provide comments on the work: Canada, Australia, Israel and Japan. In addition, several European or international organisations are involved and can send experts to represent the views of the organisation: social partners such as ANEC (consumers), ETUC (trade unions) and SBS (small businesses), other organisations that have established a liaison (e.g. Equinet as the network of equality bodies), and there are additional collaboration mechanisms with ETSI (European standardisation in telecommunications) or ENISA (cybersecurity) for instance.
Structure
CEN-CENELEC JTC 21 comprises 5 Working Groups:
WG 1 “Strategic Advisory Group (SAG)” deliberates on the general directions of the work and provides support to other groups. It also hosts two tasks groups:
Task Group “Technical Coherence Forum” which investigates issues of cross-standards interplay and terminology.
Task Group “Inclusiveness” which distributes a newsletter on the status and progress of the committee.
WG 2 “Operational aspects” works on the process-oriented standards, such as quality management, or procedures around regulatory compliance.
WG 3 “Engineering aspects” focuses on the most technical standards (data, metrics, logging…).
WG 4 “Foundational and societal aspects” has various activities around ethics, sustainability, fundamental rights and human factors, but is also the host of some entry-point standards for product specifications of the AI Act.
WG 5 “Joint standardization on Cybersecurity for AI systems” collaborates with ETSI and CEN-CENELEC JTC 13 “Cybersecurity and data protection” to develop standards focused on AI-specific vulnerabilities.
Collaboration with ISO: the Vienna Agreement
For decades, the WTO has been cautious to avoid unfounded divergences from international standards at local level. The TBT (Technical Barriers to Trade) Agreement sets a principle whereby international standards (ISO) supersede European standards (CEN) and diverging standards can only be developed locally if there is a clear European specificity. In the context of standards meant to directly support a European regulation, and the various European-specific constraints that apply to the nature, form and content of these standards, there are a number of such specificities, but it is a constant debate to identify which exact standard should legitimately diverge or should build on ISO ones.
To reduce divergences, the Vienna Agreement formalises the cooperation between ISO and CEN committees, with several mechanisms from simple exchange of information, adoption of ISO standards by CEN committees or CEN standards by ISO committees, to joint drafting (with one committee leading the work and the other one sending comments) of standards that are in the end published simultaneously at both levels.
CEN-CENELEC JTC 21 has initiated a collaboration with ISO/IEC JTC 1/SC 42 under the Vienna Agreement and has already applied it to a number of standards. This means that part of the AI standards with an ISO/IEC number are in fact also JTC 21 standards, some of them created on request from JTC 21, or even specifically for the AI Act. For instance, ISO/IEC 23282 (European numbering: EN ISO/IEC 23282) and ISO/IEC 24970 (EN ISO/IEC 24970) have been created by JTC 21 for the specific purpose of implementing the AI Act and they have known a first phase of drafting in Europe, before moving to an international working group to get inputs from more experts around the world.
See also:
The CEN-CENELEC page on AI describes the context around JTC 21.
The JTC 21 work programme lists the standards currently being developed in the committee, including those supporting the AI Act.
The guidelines for the implementation of the Vienna Agreement detail the various cooperation mechanisms between ISO and CEN and their operationalisation.
^ Standardisation request from the European Commission
Context
Article 40 requires the preparation of harmonised standards for certain Articles of the AI Act, for which the European Commission has chosen CEN-CENELEC. Only the harmonised standards for high-risk AI systems have been requested so far.
A first draft standardisation request has been shared with CEN-CENELEC and assigned to JTC 21 in May 2022. After iterations and refinements in collaboration between CEN-CENELEC and the European Commission, the final standardisation request (M/593) has been submitted on 22 May 2023, which CEN-CENELEC (through JTC 21) has accepted and replied to with a proposed work programme. Since the AI Act was not adopted yet, that standardisation request did not ask for harmonised standards but for an initial set of standards that would likely form the basis of future harmonised standards (assuming adoption of the AI Act). The deadline was end April 2025.
Once the AI Act has been adopted mid-2024, a new standardisation request has been drafted in November 2024 and submitted on 23 June 2025, clarifying the legal needs and tying the standardisation work to specific Articles to provide presumption of conformity for. As a result of the delays in the AI Act adoption, the deadline has been moved to end August 2025.
Standardisation areas and additional requirements
The standardisation request asks for harmonised standards and other standardisation deliverables in 10 areas:
Risk management system for AI systems (covering Article 9). The standardisation request further clarifies that ‘risk’ means here the combination of the probability of an occurrence of harm and the severity of that harm, and also reminds of the concept of risk management in the AI Act.
Data and data governance (covering Article 10)
Record keeping through logging capabilities (covering Article 12)
Transparency and provision of information to deployers (covering Article 13)
Human oversight (covering Article 14)
Accuracy specifications for high-risk AI systems (covering Article 15(3)). The standardisation request further clarifies that ‘accuracy’ refers here to the capability of the AI system to perform the task for which it has been designed, not to the specific metric called ‘accuracy’. It requires first a methodology for ensuring an appropriate level of accuracy, and associated requirements for the selection, declaration, measurement and validation of the metrics and corresponding levels. It also requires the establishment of tools and metrics for measuring accuracy, including some that are specific to certain AI systems if needed.
Robustness specifications for high-risk AI systems (covering Article 15(4))
Cybersecurity specifications for high-risk AI systems (covering Article 15(5)). The standardisation request emphasizes on the need to consider the essential requirements from the Cyber Resilience Act when covering Article 15(5).
Quality management system for providers of high-risk AI systems, including post-market monitoring process (covering Article 17)
Conformity assessment for AI systems. The standardisation request requires procedures and processes for conformity assessment activities related to high-risk AI systems and quality management systems of AI providers (corresponding to Article 43). This includes both the case of conformity assessment carried out by the provider itself (corresponding to internal control in Annex VI) and by involving a professional external third party (corresponding to notified bodies in Annex VII).
The standardisation request specifies standardisation areas, not a specific list of deliverables. It is up to the standardisation body to decide whether to prepare a single deliverable for an area, multiple deliverables for an area, or a single deliverable for multiple areas.
Articles 11 and 15(1) are additionally required to be covered, not as part of a certain area, but jointly across the set of deliverables. Article 43 is also meant to be covered as part of the standardisation request (especially area 10), but has a different legal status since it pertains to the compliance process rather than product requirements, and therefore no presumption of conformity to Article 43 is envisioned.
Articles 72 and 73 are also to be considered in the frame of the standardisation request, even if they are not explicitly to be covered, due to their tight relationship with multiple other Articles in the standardisation request (especially the quality management system in area 9).
Status and timeline
As of October 2025, no harmonised standard has been published by JTC 21, nor cited in the Official Journal of the EU by the European Commission. This means that both the initial and the extended deadlines have been missed by JTC 21. However, the European Commission has not cancelled the standardisation request and is still awaiting candidate harmonised standards from JTC 21.
See also:
^ Process-oriented standards
Quality management system
EN 18286 “Quality management system for EU AI Act regulatory purposes” seeks to provide means to comply to Article 17. It also targets a minor part of Article 11 (on the way to prepare the technical documentation) and contains relevant material for Articles 72 (post-market monitoring) and 73 (reporting of serious incidents) due to their link with Article 17.
Relationship with other AI Act standards: This standard is overarching the whole work programme of AI Act standards, as it establishes the procedural frame in which the provider can identify individual standards to apply for complying with the AI Act requirements from Articles 9 to 15.
Note on complementarity: The standard does not describe a quality management system, but specifications applicable to a quality management system. This means that the provider is still expected to define its own procedures (tailored to its particular context), but in a manner that meets the requirements of this standard. This also means that if the provider already has its own quality management system (e.g. to comply with another regulation), it can still use the same quality management system (possibly with a few additions for certain AI-specific processes) provided that it matches the requirements of EN 18286.
Interaction with ISO standards: This does not specify a quality management system in the ISO sense of ISO/IEC 42001 being a management system. Here the focus is on the set of processes to ensure regulatory compliance of products, which is complementary to an efficiency-focused standard like ISO/IEC 42001 (which does not have legal value and does not enable compliance). EN 18286 is therefore designed to be jointly applicable together with ISO/IEC 42001, if the provider wishes to use ISO/IEC 42001 to improve their efficiency on top of ensuring regulatory compliance through EN 18286. The standard contains a mapping and a number of informative notes to clarify the complementarity of both sets of processes when applying them jointly.
Current status (October 2025): The document has completed its first stage of drafting, first call for comments within the committee, subsequent resolution, and is about to enter the Enquiry voting, during which the draft will be made publicly available for commenting for 3 months.
AI risk management
The standard EN 18228 “AI Risk management” contains two parts: part 1 (risk management system) seeks to provide means to comply to Article 9, while part 2 (risk catalogue) offers guidance material on existing mitigation strategies from the state of the art, which can be helpful for providers to inspire their risk management practices.
Relationship with other AI Act standards: This standard is pivotal for the application of other AI Act standards addressing Articles 10 to 15, given that many requirements from these Articles are risk-based, and EN 18228 provides the frame to identify these risks and feed each other standard with the necessary information to apply it (what risks are identified, with what characteristics, how likely/severe, and deciding when the mitigation strategies are sufficient). The proper interplay of that standard with other AI Act standards is an active topic of work in JTC 21, which the European Commission has repeatedly underlined the importance of, in light of Article 8(1) that explicitly ties Articles 10-15 with the risk management system.
Note on complementarity: This standard does not describe a risk management system, but specifications applicable to a risk management system. This means that the provider is still expected to define its own procedures (tailored to its particular context), but in a manner that meets the requirements of this standard. This also means that if the provider already has its own risk management system (e.g. to comply with another regulation), it can still use the same risk management system (possibly with a few additions for certain AI-specific processes) provided that it matches the requirements of EN 18228.
Interaction with ISO standards: EN 18228 specifies a risk management process that partly differs from certain existing ISO standards (e.g. ISO 31000, or ISO/IEC 27005 in cybersecurity). This is due to the need to fulfill the specific requirements of Article 9, including its terminology and concepts (e.g. hazards), some risk management steps that it explicitly requires (risk estimation, the evaluation of overall residual risk, or revising the assessment based on post-market information), and the priorities set by law between risk elimination, technical mitigation measures and just informing users of the risks. EN 18228 also accounts for reasonably foreseeable misuse, as required by Article 9, and not just the intended purpose of the AI system.
Current status (October 2025): Part 1 has completed its first stage of drafting and first call of comments within the committee, and has just entered the resolution of these comments. It is expected to enter Enquiry by the end of 2025. Part 2 is at an earlier stage and is still undergoing initial drafting.
AI conformity assessment framework
EN 18285 “AI conformity assessment framework” does not directly target Article 43, but seeks to provide a frame in which a conformity assessment scheme (the procedures for the general approach underpinning a conformity assessment activity) can be developed for the AI Act. There is no standard currently developed by JTC 21 for providing means to comply to Article 43 (including Annexes VI and VII depending on the type of procedure).
The European Commission has requested specifications corresponding to both Annex VI (self-assessment by the provider) and Annex VII (third-party assessment by a notified body), but it is also acknowledged that notified bodies are professionals with prior experience in conformity assessment, and many of them (from Annex I regulated sectors) also have an additional year before AI Act entry into force, hence a smaller and less urgent gap to close for Annex VII compared to Annex VI.
The importance of publishing specifications that can be used by providers to comply with Article 43 in case of self-assessment has been plainly recognised but it is delayed due to the urgency of other parts of the work programme. In the meantime, providers can refer to Annex VI and comply directly with the legal obligations as they are described by the AI Act.
Relationship with other AI Act standards: Conformity assessment procedures live in a separate world from product specifications, due to the so-called ‘separation principle’ that formalises the independence of the compliance to requirements from the verification of that compliance. In short, verifying whether the goal is achieved does not depend on how the goal has been achieved. The relationship between this standard and the other AI Act standards is therefore by design limited. However, mutual monitoring of the work on respective standards remains beneficial, to ensure that they do not produce specifications that would correspond to an incompatible understanding of the legal obligations and their key concepts.
Interaction with ISO standards: Work has been initiated at ISO level for a framework to develop conformity assessment schemes for AI systems (ISO/IEC 42007). However, this work targets conformity in a broad sense (e.g. conformity to a standard) rather than the AI Act sense which is a legal concept of conformity to a regulation, and with specific requirements on the procedure that are already established by Article 43, Annex VI and Annex VII. ISO/IEC 42007 therefore lacks the specificity that would enable it to cover Article 43.
Current status (October 2025): The document is still at an early drafting stage.
^ Product specifications
Datasets and bias
The main standard aiming at providing means to comply with Article 10 is EN 18284 “Quality and governance of datasets in AI”. It specifies the general methodology to manage datasets (including training, validation and testing data, including for machine learning but also other AI systems) then describes more specific requirements on different parts of that methodology: applicable practices for preparing the data itself (including how to select it, collect it, create it if needed), for preparing the annotations added to that data if any (including the management of manual annotators and criteria for annotation quality), but also aspects related to the maintenance of the dataset, to its documentation, or to its proper use in AI (e.g. precautions to ensure the test data remains held-out).
The standard addresses both the general case (including the whole diversity of data types) and some additional specifications that apply when using particular algorithms to develop the AI system, or particular methods for dataset preparation (e.g. when involving another AI system in the process). It also includes content on specific topics such as representativeness or the handling of personal or confidential data, and more generally on dataset quality criteria that detail those established by Article 10.
Article 10(5), which concerns a particular point of interplay with the GDPR (use of personal data for detecting and correcting bias), does not constitute requirements by itself and is therefore out of scope of the standard. It is not foreseen that JTC 21 will develop any standard that provides means to comply with Article 10(5).
Interaction with ISO standards: EN 18284 is complementary to ISO standards such as the ISO/IEC 5259 series (which sets a general framework for data governance), due to the specific focus it makes on the quality characteristics defined by the AI Act for datasets.
Current status: EN 18284 is undergoing initial drafting.
In order to support the part of EN 18284 that concerns bias assessment and mitigation (as required by Article 10(2)(f) and (g)), the work programme also includes a dedicated standard EN 18283 “Concepts, measures and requirements for managing bias in AI systems”, which targets specifically unwanted bias (as identified by the risk management system). It primarily focuses on dataset biases with a view for Article 10, but it is designed in a way to be usable both for datasets and for AI systems, so that the practices remain consistent with the management of system bias, which is slightly different but is required in part by other Articles of the AI Act.
Interaction with ISO standards: EN 18283 is complementary to ISO/IEC TR 24027:2021 (also adopted by JTC 21) and ISO/IEC TS 12791:2024 (jointly developed with JTC 21), due to its comprehensiveness (encompassing all types of AI technologies, the dual level of datasets and AI systems, various forms of biases) and a style that is more oriented towards compliance (specification of a process, inclusion of more practical metrics, identification of applicable mitigations for each case in a comprehensive manner).
Current status: EN 18283 is still in its first stage of drafting but is approaching the first call for comments within the committee, which is foreseen by end 2025.
Accuracy and robustness
EN 18229-2 “AI trustworthiness framework — Part 2: Accuracy and robustness” seeks to provide means to comply with Article 15(3) and 15(4) on accuracy and robustness, and with the part of Article 15(1) that concerns those. It also provides supporting technical material for other parts of the AI Act, for instance Article 13 which includes some documentation requirements related to accuracy.
EN 18229-2 serves as an entry point and adds some necessary material to bridge the technical content with the legal obligations, but it primarily builds on a set of other standards that provide more technically detailed specifications, given the breadth of the accuracy and robustness topics.
On accuracy, EN 18229-2 contains a general methodology for proper assessment and reporting of the assessment results, then relies on three more specific standards for the specifications on applicable metrics and reference points for threshold definition:
ISO/IEC 4213:— “Performance measurement for AI classification, regression, clustering and recommendation tasks” is a revised and expanded version of the previously published ISO/IEC TS 4213:2022 (focused solely on classification, and limited to machine learning), that is under development in ISO/IEC JTC 1/SC 42, without direct collaboration with CEN-CENELEC JTC 21, but initiated with a view to its relevance for the AI Act. It defines (including mathematically) a set of relevant metrics for each of the four identified tasks, in a way where they can be further built upon by standards for other tasks that use derived metrics. The document has completed its first stage of drafting and first call for comments within the committee and is starting in October 2025 the resolution of these comments.
ISO/IEC 23282:— “Evaluation methods for accurate natural language processing systems” builds upon and complements ISO/IEC 4213:— to specify applicable metrics for a broad set of tasks (60+) from natural language processing, in the broad sense covering both natural language understanding and natural language generation, and all modalities of natural language (text, speech, images containing text…), including multimodality. Particular consideration is given to the comprehensive specification (including any variability parameter and some implementation issues) of the metrics, with a view for reproducibility of the measurements across stakeholders. It also contains additional material to support the identification of appropriate thresholds, as well as other means for evaluation (human evaluation protocols designed for reproducibility) when purely automated metrics are infeasible or insufficient. For the list of tasks it covers, ISO/IEC 23282:— relies extensively on ISO/IEC TR 23281:— “Overview of Al tasks and functionalities related to natural language processing” that provides a structured inventory of these tasks and a precise definition for each of them, including a clear identification of their expected inputs and outputs. Both standards are now developed jointly between ISO/IEC JTC 1/SC 42 and CEN-CENELEC JTC 21, after some initial drafting in JTC 21. They have completed their first stage of drafting and are both entering their first call for comments within the three committees involved (SC 42, JTC 21 and the ISO committee on language).
EN 18281 “Evaluation methods for accurate computer vision systems” follows a similar approach to ISO/IEC 23282:— for specifying metrics that are applicable to 40+ tasks from computer vision, including both image and video. It also builds upon ISO/IEC 4213:— by providing the additional specifications that are needed to make its generic formulas usable and non-ambiguous when applied to certain computer vision tasks. EN 18281 similarly relies on another standard for the precise definition of the tasks concerned, EN 18288 “Taxonomy of AI tasks in computer vision”. Both standards are currently developed in CEN-CENELEC JTC 21, but are considered for joint development with ISO/IEC JTC 1/SC 42 given the global relevance of their content. They are still undergoing initial drafting.
On robustness, EN 18229-2 aims at containing more material (including on identifying phenomena to be robust against, on the technical and organisational measures for robustness and their interplay, and on the definition of robustness thresholds) given the breadth of Article 15(4), but as regards the assessment of robustness it relies on the ISO/IEC 24029 series developed by ISO/IEC JTC 1/SC 42. ISO/IEC 24029-3 “Assessment of the robustness of neural networks — Part 3: Methodology for the use of statistical methods” is framed for neural networks but in practice applicable to all AI systems, and provides complementary ways to assess robustness, some of which relying in turn on accuracy metrics. It has completed its first stage of drafting and first call for comments within the committee, and is entering the resolution of these comments. ISO/IEC 24029-2:2023 “Assessment of the robustness of neural networks — Part 2: Methodology for the use of formal methods” complements it with alternate ways to assess robustness, through formal methods, but which are only applicable to certain machine learning-based AI systems. It is already published.
Article 15(4) on robustness also contains a specific requirement for the mitigation of feedback loops (specific cases where the outputs of a machine learning-based AI system influence, directly or indirectly, the future versions of that AI system), which will be addressed directly in EN 18229-2.
In addition, both topics of accuracy (for the analysis of imbalance among groups) and robustness (for identifying biased outputs and mitigating them in the frame of feedback loops) rely in turn on EN 18283 for providing supporting specifications on bias management.
EN 18229-2 has completed its first stage of drafting and a first call for comments within the committee. However, the need for extensive rework of the draft (mostly as regards robustness) has made it come back to initial drafting and it will undergo again a committee-level call for comments, presumably early 2026.
AI Cybersecurity
EN 18282 “Cybersecurity specifications for AI systems” seeks to provide means to comply with Article 15(5) and with the part of Article 15(1) that concerns AI cybersecurity. It targets the AI-specific vulnerabilities of AI systems and is complementary to general cybersecurity standards that apply to all software systems including AI systems.
EN 18282 has a strong focus on the identification of threats throughout the life cycle of the AI system and how to relate these risks of attacks with potential mitigation measures. The integration of this process within a broader risk management process (compliant with Article 9) is a known challenge that is being actively worked on. EN 18282 also contains specific material on how to test the effectiveness of the implemented mitigation measures.
The document has completed its first stage of drafting and a first call for comments within the committee, and is finalising the resolution of these comments.
Logging, oversight, transparency
EN 18229-1 “AI trustworthiness framework – Part 1: Logging, transparency and human oversight” seeks to provide means to comply with Articles 12 and 14 (logging and human oversight), as well as with Article 13 (transparency). The status of Article 11 (technical documentation), whose content is in part very similar to that of Article 13 but also includes some additional topics that make it more challenging for comprehensive coverage, is currently unclear.
EN 18229-1 mostly provides its own specifications but can rely on three additional standards as foundations:
ISO/IEC 24970:— “AI system logging” is jointly developed by ISO/IEC JTC 1/SC 42 and CEN-CENELEC JTC 21, after some initial drafting in JTC 21. It has been created specifically with a view for Article 12 of the AI Act, but given the intent to make it internationally relevant it avoids detailing aspects that are very specific to the AI Act and mostly targets the general functioning of logging capabilities for AI systems (Article 12(1)). The document has completed its first stage of drafting, first call for comments within the committee, subsequent resolution, and is undergoing the preparations for a simultaneous DIS ballot in ISO and Enquiry in CEN, during which the draft will be made publicly available for commenting for 3 months.
ISO/IEC TS 6254:2025 “Objectives and approaches for explainability and interpretability of machine learning (ML) models and artificial intelligence (AI) systems” establishes a set of criteria to use for characterising potential needs for explainability or interpretability, identifying a method that is suitable to address those needs, and which can in turn be used to document the design choices made when specifying and implementing these capabilities. Part of the current content of EN 18229-1 builds upon these criteria, which are relevant for both Article 14 (for interpretation tools as one possible way to support human oversight) and Article 13 (for the documentation of explainability capabilities if any), but the exact manner in which ISO/IEC TS 6254:2025 will be ultimately leveraged remains to be refined.
ISO/IEC 12792:— “Transparency taxonomy of AI systems” provides an extensive set of information elements that can be documented in relation to an AI system, its context, its internal models, or the datasets involved in its lifecycle. This is an inventory that can be built upon by identifying which information elements are mandatory to document in the instructions for use (Article 13, in particular Article 13(3)), and possibly similarly for the technical documentation (Article 11, in particular Annex IV). However, while ISO/IEC 12792:— is part of the AI Act work programme, it remains currently unclear in which exact manner this material will be leveraged within EN 18229-1. ISO/IEC 12792:— has been developed jointly by ISO/IEC JTC 1/SC 42 and CEN-CENELEC JTC 21, it is now finalised and is currently undergoing secretariat process in preparation for its publication.
EN 18229-1 has completed its first stage of drafting and a first call for comments within the committee, and is currently resolving these comments. However, the extensive rework conducted since then on most of the draft, as well as concerns raised on the alignment of the current content with the AI Act and on its ability to meet the legal expectations on harmonised standards for being granted legal validity, have created uncertainty in the current roadmap.