Tudor Galos’ Post

View profile for Tudor Galos, graphic
Tudor Galos

On December 18, 2023, the International Organization for Standardization (#ISO) adopted ISO 42001-2023, which sets a voluntary #standard for organizations to implement an #artificial #intelligence (#AI) management system. ISO 42001 may become an enforceable standard for AI #governance. Organizations deploying high-risk systems must demonstrate compliance with the EU AI Act. EU policymakers have indicated that compliance with ISO 42001 may be incorporated into the conformity assessment requirements. #NIST could align some of its future AI-standards setting work with ISO 42001. Given that US regulators are likely to rely on NIST’s AI standards for establishing AI regulatory regimes, this has the potential to translate aspects of ISO 42001 into enforceable obligations in the US. More details, here: https://lnkd.in/dVpU_4Sh

  • No alternative text description for this image
Daniel SUCIU

Data Protection & Governance dude | Founding member of Data Protection City | unCommon Sense "creative" | Proud dad of 2 daughters

8mo

Unpopular opinion: Tudor, please let me disagree with the stated intentions of this standard. As with almost any ISo standard, in the last decades, it is just another bullshit document, with ZERO influence in real life. In my defense, I would quote ISO9001 (for which I'm a qualified auditor) and see the huge difference between its requirements and the real status of those holding that certification. BTW, short time after GDPR, an ISO standard was released for that. I would challenge you to tell me its number without searching it on Google (or ChatGPT) 😁

Like
Reply
7 Reactions
Justin Schmitz

⤷ Certified UX Designer for 50M+ Enterprise Users. I secure the growth of your software by combining analytical prowess with scalable designs. | B2B | SaaS | Enterprise

8mo

Yes, regulatory compliance can be daunting; as someone deeply involved in health and finance sectors, I wonder how this standard could influence the balance between innovation and regulation. Despite Daniel's valid cautionary tale on the real-life impact of such standards, do you think there's potential for ISO 42001 to enhance responsible AI deployment, or might it follow the same path? 

Like
Reply
1 Reaction
See more comments

To view or add a comment, sign in

More Relevant Posts

  • View profile for Joep Mertens, graphic
    Joep Mertens

    Commercial Director BeNeLux

    **AI as accelerator or slowing down your IT landscape?** The impact of AI within your IT landscape is probably growing, with help of the ISO 5338 you can safeguard you're not creating the tech debt of tomorrow 👇

    View profile for Rob van der Veer, graphic
    Rob van der Veer

    Pioneer and veteran in AI, security, and software engineering | Senior principal expert at SIG | AI Act security standard co-editor | Advisor to ISO/IEC, OWASP, ENISA | Results: ISO/IEC 5338, owaspai.org and opencre.org

    Immediate Action Strongly Advised: 📣 Apply ISO/IEC 5338 📣 to Comply with the Imminent AI Act. Recent revelations have made clear that this standard is a must for your organization’s AI readiness. The European AI Act, which is expected to be shared in a few days, explicitly requires to 'apply the state of the art including as reflected in harmonized standards.’ This was already present in the draft version and remains in the new text that was recently leaked. The 5338 covers how to design, build, validate, and manage AI systems. As your colleague I strongly advise you to take responsibility now: obtain the standard and use it as a checklist to make your existing practices AI-ready. This will drive your AI success and prevent future complications, including operational failures, regulatory penalties, and litigation. It's more than advice—it's a call to action to protect your interests before the Act is in full force. Please help spread this important message. ISO - International Organization for Standardization and IEC (International Electrotechnical Commission) #ai #aiact #responsibleai

    To view or add a comment, sign in

  • View profile for Srajan Gupta, graphic
    Srajan Gupta

    Security Engineering @ Dave | Threat Modeling, AppSec | AI Security

    If you are into AI, check out the ISO 5338 which talks about how to design, build, validate and secure your AI systems.

    View profile for Rob van der Veer, graphic
    Rob van der Veer

    Pioneer and veteran in AI, security, and software engineering | Senior principal expert at SIG | AI Act security standard co-editor | Advisor to ISO/IEC, OWASP, ENISA | Results: ISO/IEC 5338, owaspai.org and opencre.org

    Immediate Action Strongly Advised: 📣 Apply ISO/IEC 5338 📣 to Comply with the Imminent AI Act. Recent revelations have made clear that this standard is a must for your organization’s AI readiness. The European AI Act, which is expected to be shared in a few days, explicitly requires to 'apply the state of the art including as reflected in harmonized standards.’ This was already present in the draft version and remains in the new text that was recently leaked. The 5338 covers how to design, build, validate, and manage AI systems. As your colleague I strongly advise you to take responsibility now: obtain the standard and use it as a checklist to make your existing practices AI-ready. This will drive your AI success and prevent future complications, including operational failures, regulatory penalties, and litigation. It's more than advice—it's a call to action to protect your interests before the Act is in full force. Please help spread this important message. ISO - International Organization for Standardization and IEC (International Electrotechnical Commission) #ai #aiact #responsibleai

    To view or add a comment, sign in

  • View profile for Femke van Velthoven, graphic
    Femke van Velthoven

    Marketing Communications Professional

    Are you building AI systems, or are you planning to and you want to do it right? Then take a moment to watch this short video by my colleague Rob van der Veer, and benefit from the insights.

    View profile for Rob van der Veer, graphic
    Rob van der Veer

    Pioneer and veteran in AI, security, and software engineering | Senior principal expert at SIG | AI Act security standard co-editor | Advisor to ISO/IEC, OWASP, ENISA | Results: ISO/IEC 5338, owaspai.org and opencre.org

    Immediate Action Strongly Advised: 📣 Apply ISO/IEC 5338 📣 to Comply with the Imminent AI Act. Recent revelations have made clear that this standard is a must for your organization’s AI readiness. The European AI Act, which is expected to be shared in a few days, explicitly requires to 'apply the state of the art including as reflected in harmonized standards.’ This was already present in the draft version and remains in the new text that was recently leaked. The 5338 covers how to design, build, validate, and manage AI systems. As your colleague I strongly advise you to take responsibility now: obtain the standard and use it as a checklist to make your existing practices AI-ready. This will drive your AI success and prevent future complications, including operational failures, regulatory penalties, and litigation. It's more than advice—it's a call to action to protect your interests before the Act is in full force. Please help spread this important message. ISO - International Organization for Standardization and IEC (International Electrotechnical Commission) #ai #aiact #responsibleai

    To view or add a comment, sign in

  • View profile for Sandy Dunn, graphic
    Sandy Dunn

    CISO | Board Member | AIML Security | CIS & MITRE ATT&CK | OWASP Top 10 for LLM Core Team Member | Incident Response |

    Excellent brief overview from Rob van der Veer about ISO/IEC 5338 & the EU AI Act. One important point he mentions is it's about incorporating AI SDLC into an organization's existing Secure Software Development Lifecycle. #sdlc #mlsecops #owasp

    View profile for Rob van der Veer, graphic
    Rob van der Veer

    Pioneer and veteran in AI, security, and software engineering | Senior principal expert at SIG | AI Act security standard co-editor | Advisor to ISO/IEC, OWASP, ENISA | Results: ISO/IEC 5338, owaspai.org and opencre.org

    Immediate Action Strongly Advised: 📣 Apply ISO/IEC 5338 📣 to Comply with the Imminent AI Act. Recent revelations have made clear that this standard is a must for your organization’s AI readiness. The European AI Act, which is expected to be shared in a few days, explicitly requires to 'apply the state of the art including as reflected in harmonized standards.’ This was already present in the draft version and remains in the new text that was recently leaked. The 5338 covers how to design, build, validate, and manage AI systems. As your colleague I strongly advise you to take responsibility now: obtain the standard and use it as a checklist to make your existing practices AI-ready. This will drive your AI success and prevent future complications, including operational failures, regulatory penalties, and litigation. It's more than advice—it's a call to action to protect your interests before the Act is in full force. Please help spread this important message. ISO - International Organization for Standardization and IEC (International Electrotechnical Commission) #ai #aiact #responsibleai

    To view or add a comment, sign in

  • View profile for Bruno Oliveira, graphic
    Bruno Oliveira

    Senior Software Developer at Software Improvement Group (SIG)

    Great stuff, Rob van der Veer!! AI systems need to be handled just like conventional software and be subjected to the same set of quality guidelines and standards, obviously adjusted to consider the way code is being produced, but, an integral approach where AI is looked at from the standpoint of being embedded in the organization is key! #ai #responsibleai #aiact

    View profile for Rob van der Veer, graphic
    Rob van der Veer

    Pioneer and veteran in AI, security, and software engineering | Senior principal expert at SIG | AI Act security standard co-editor | Advisor to ISO/IEC, OWASP, ENISA | Results: ISO/IEC 5338, owaspai.org and opencre.org

    Immediate Action Strongly Advised: 📣 Apply ISO/IEC 5338 📣 to Comply with the Imminent AI Act. Recent revelations have made clear that this standard is a must for your organization’s AI readiness. The European AI Act, which is expected to be shared in a few days, explicitly requires to 'apply the state of the art including as reflected in harmonized standards.’ This was already present in the draft version and remains in the new text that was recently leaked. The 5338 covers how to design, build, validate, and manage AI systems. As your colleague I strongly advise you to take responsibility now: obtain the standard and use it as a checklist to make your existing practices AI-ready. This will drive your AI success and prevent future complications, including operational failures, regulatory penalties, and litigation. It's more than advice—it's a call to action to protect your interests before the Act is in full force. Please help spread this important message. ISO - International Organization for Standardization and IEC (International Electrotechnical Commission) #ai #aiact #responsibleai

    To view or add a comment, sign in

  • View profile for Eddy Boorsma, graphic
    Eddy Boorsma

    Into AI? Please listen 2 minutes to AI veteran Rob van der Veer, if you want to know more on how to fit AI in you way working (and comply to the ISO/IEC 5338 standard).

    View profile for Rob van der Veer, graphic
    Rob van der Veer

    Pioneer and veteran in AI, security, and software engineering | Senior principal expert at SIG | AI Act security standard co-editor | Advisor to ISO/IEC, OWASP, ENISA | Results: ISO/IEC 5338, owaspai.org and opencre.org

    Immediate Action Strongly Advised: 📣 Apply ISO/IEC 5338 📣 to Comply with the Imminent AI Act. Recent revelations have made clear that this standard is a must for your organization’s AI readiness. The European AI Act, which is expected to be shared in a few days, explicitly requires to 'apply the state of the art including as reflected in harmonized standards.’ This was already present in the draft version and remains in the new text that was recently leaked. The 5338 covers how to design, build, validate, and manage AI systems. As your colleague I strongly advise you to take responsibility now: obtain the standard and use it as a checklist to make your existing practices AI-ready. This will drive your AI success and prevent future complications, including operational failures, regulatory penalties, and litigation. It's more than advice—it's a call to action to protect your interests before the Act is in full force. Please help spread this important message. ISO - International Organization for Standardization and IEC (International Electrotechnical Commission) #ai #aiact #responsibleai

    To view or add a comment, sign in

  • View profile for Regina Preysing, graphic
    Regina Preysing

    Lets create regulatory documentation from the team's work items, instead of adding just documentation tasks for developers

    Do good and talk about it: MatrixRequirements will be a tool to implement this standard - to set up processes and support the documentation that AI organisations will have to provide for compliance with AI act. Integrate with AI lifecycle tools to create one source of truth about your AI application and the activities of your team to make them a market success. Use expertise of our partners to help you getting started fast.

    View profile for Rob van der Veer, graphic
    Rob van der Veer

    Pioneer and veteran in AI, security, and software engineering | Senior principal expert at SIG | AI Act security standard co-editor | Advisor to ISO/IEC, OWASP, ENISA | Results: ISO/IEC 5338, owaspai.org and opencre.org

    Immediate Action Strongly Advised: 📣 Apply ISO/IEC 5338 📣 to Comply with the Imminent AI Act. Recent revelations have made clear that this standard is a must for your organization’s AI readiness. The European AI Act, which is expected to be shared in a few days, explicitly requires to 'apply the state of the art including as reflected in harmonized standards.’ This was already present in the draft version and remains in the new text that was recently leaked. The 5338 covers how to design, build, validate, and manage AI systems. As your colleague I strongly advise you to take responsibility now: obtain the standard and use it as a checklist to make your existing practices AI-ready. This will drive your AI success and prevent future complications, including operational failures, regulatory penalties, and litigation. It's more than advice—it's a call to action to protect your interests before the Act is in full force. Please help spread this important message. ISO - International Organization for Standardization and IEC (International Electrotechnical Commission) #ai #aiact #responsibleai

    To view or add a comment, sign in

  • View profile for Giovanni Trova, graphic
    Giovanni Trova

    Getting software right for a healthier digital world

    Thinking about implementing #AI systems? Watch this first! 👇

    View profile for Rob van der Veer, graphic
    Rob van der Veer

    Pioneer and veteran in AI, security, and software engineering | Senior principal expert at SIG | AI Act security standard co-editor | Advisor to ISO/IEC, OWASP, ENISA | Results: ISO/IEC 5338, owaspai.org and opencre.org

    Immediate Action Strongly Advised: 📣 Apply ISO/IEC 5338 📣 to Comply with the Imminent AI Act. Recent revelations have made clear that this standard is a must for your organization’s AI readiness. The European AI Act, which is expected to be shared in a few days, explicitly requires to 'apply the state of the art including as reflected in harmonized standards.’ This was already present in the draft version and remains in the new text that was recently leaked. The 5338 covers how to design, build, validate, and manage AI systems. As your colleague I strongly advise you to take responsibility now: obtain the standard and use it as a checklist to make your existing practices AI-ready. This will drive your AI success and prevent future complications, including operational failures, regulatory penalties, and litigation. It's more than advice—it's a call to action to protect your interests before the Act is in full force. Please help spread this important message. ISO - International Organization for Standardization and IEC (International Electrotechnical Commission) #ai #aiact #responsibleai

    To view or add a comment, sign in

  • View profile for Debora Bielecki GCD.D, graphic
    Debora Bielecki GCD.D

    Chair | Corporate Director | Board Advisor | WXN 2022 CEDI Corporate Director award recipient

    Congratulations FAIRLY AI on this important work and for being leaders in Canada in the development of proper governance around AI in machine learning models. For boards directors, this is your new cyber security question …. Now it’s time to ask, how machine learning models are protected against bias and what governance is built into your company’s AI strategy? Set high ethical standards.

    View organization page for Responsible AI Institute, graphic
    Responsible AI Institute

    32,976 followers

    We are so excited for today’s publication of the ISO/IEC 42001 AI Management Systems (AIMS) standard! Standards like ISO/IEC 42001 are key elements of the AI regulatory and assurance ecosystem, and can support the regulatory objectives of laws like the EU AI Act.   RAI Institute was pleased to contribute to the standard via Mirror Committee, by mapping and aligning our frameworks and assessments, and by participating in a pilot with ATB Financial, Standards Council of Canada (SCC) and FAIRLY AI which, on a parallel track, piloted ISO/IEC 42001.   Congratulations to ISO/IEC JTC 1/SC 42 and everyone who contributed to this significant, multi-year effort! 🙌 ▶ Read more about how ISO/IEC 42001 fits in the landscape of other AI governance documents, like the NIST AI RMF: https://lnkd.in/eD4MVVZH ▶ Get the standard here: https://lnkd.in/eBi9fy5R

    ISO/IEC 42001:2023

    ISO/IEC 42001:2023

    iso.org

    To view or add a comment, sign in

  • View profile for Craig Pattison, graphic
    Craig Pattison

    NZ Head of Delegation & Convenor, ISO/IEC JTC 1 SC 42 "Artificial Intelligence" | Risk & Strategy Expert | Digital Transformation | Executive Coaching & AI Governance | Tailored Strategies for Organisational Growth |

    Day 3: The Process of Obtaining ISO/IEC 42001 Certification Key Concept: Exploring the steps required to achieve ISO/IEC 42001 certification. Questions to Ask Yourself: * What are the initial steps to understand and prepare for ISO/IEC 42001 certification? * How to establish and implement an effective AI Management System (AIMS)? * What does the certification audit process entail? Examples of Importance: * Setting clear objectives: Helps in aligning AI strategies with ethical standards. * Resource allocation: Ensures the necessary support for AIMS. * Audit preparedness: Facilitates a smoother certification process. #ISOIEC42001 #CertificationJourney #AIMSSuccess #EthicalAI #AuditPreparation #StrategicAIManagement #ResourceAllocation #AIStandards #QualityAssurance #AIManagementSystem #AIForumNZ

    • No alternative text description for this image

    To view or add a comment, sign in

Tudor Galos

6,626 followers

View Profile

Explore topics