ETSI has released its latest standard, ETSI EN 304 223, introducing a comprehensive set of baseline cybersecurity requirements specifically for AI models and AI‑driven systems. Based on the groundwork established in its earlier Technical Specification, this publication becomes the first globally applicable European Standard (EN) dedicated to AI security. After an extensive review process and formal approval by national standards bodies, the standard now carries significant international legitimacy and influence.
ETSI EN 304 223 delivers a structured framework designed to protect AI systems against an expanding field of sophisticated cyber threats. Building on the principles previously outlined in ETSI TS 104 223, the new EN defines a mature, lifecycle‑oriented set of core security expectations for both AI models and the systems using them.
The document recognises that AI introduces challenges fundamentally different from those posed by traditional software. While classic software development first illuminated the need for cybersecurity, AI technologies bring new risk categories that demand tailored defence strategies. These include threats such as data poisoning, model manipulation, indirect prompt injection, and weaknesses introduced by intricate data handling and operational environments. The new EN integrates established cybersecurity good practices with novel controls specifically crafted for AI ecosystems.
Using a full lifecycle perspective, ETSI EN 304 223 articulates 13 principles grouped across five phases:
- Design,
- Development,
- Deployment,
- Maintenance, and
- End‑of‑life
Each phase aligns with globally recognised AI lifecycle models, ensuring compatibility with a wide range of existing guidance. At the start of every principle, relevant standards and publications are referenced to support harmonised implementation across the broader AI landscape.
The standard is aimed at all actors in the AI value chain—including suppliers, integrators, and operators—and offers a coherent, consistent baseline for securing AI technologies. Its scope includes systems using deep neural networks, such as generative AI models, and is designed with real-world deployment scenarios in mind. Its development reflects the combined knowledge of international organisations, governmental authorities, and experts from the cybersecurity and AI communities, ensuring that the result is both globally relevant and practically usable across diverse industries.
Source
| ETSI EN 304 223 | EN 304 223 – V2.1.1 – Securing Artificial Intelligence (SAI); Baseline Cyber Security Requirements for AI Models and Systems |
