The ETSI EN 304 223 standard sets out essential security rules for artificial intelligence systems that companies need to follow. As organizations increasingly rely on machine learning in their operations, this European Standard provides clear guidelines for protecting AI models and systems. It is the first standard of its kind that is applicable across Europe and has gained official approval from national standards bodies, giving it international credibility. This standard is designed to complement existing regulations like the EU AI Act, helping companies manage AI-specific risks.

Understanding AI Risks and Security Measures

AI systems come with unique risks that traditional software security measures often overlook. These include vulnerabilities like data poisoning, where malicious data corrupts the model; model obfuscation, which makes it hard to understand how an AI makes decisions; and prompt injection, which can manipulate AI outputs indirectly. The ETSI standard covers a broad range of AI systems, from deep neural networks and generative AI to basic predictive tools. It explicitly excludes those used solely for academic research, focusing instead on commercial and operational uses.

One of the standard’s key contributions is clarifying who is responsible for AI security within organizations. It defines three main roles: Developers, System Operators, and Data Custodians. However, in many companies, these roles often overlap. For example, a financial firm that customizes an open-source AI model for fraud detection might be both a Developer and a System Operator. Such dual roles come with strict obligations, including securing the deployment environment and documenting how training data was sourced and how the model was developed. This clarity helps organizations assign accountability and streamline their security processes.

Roles and Responsibilities in AI Security

The inclusion of Data Custodians as a distinct role emphasizes the importance of data management in AI security. These custodians control data permissions and maintain data integrity. Their responsibilities now explicitly include ensuring that the data used for training and operation aligns with security standards and usage policies. This role effectively acts as a security gatekeeper within the data management process, helping prevent misuse or compromise of sensitive information.

The ETSI standard makes it clear that security cannot be an afterthought. Security measures should be integrated into the AI design process from the start. This involves conducting threat modeling specifically for AI-native issues, such as membership inference attacks—where an attacker determines if a data point was part of the training set—or model obfuscation techniques aimed at hiding how a model functions. Developers are also encouraged to restrict system functionalities to only what is necessary, reducing potential attack points. For instance, if a model only needs to process text, features like image or audio processing should be disabled to minimize risk.

This requirement pushes companies to rethink the common practice of deploying large, general-purpose foundation models. Instead, it supports using smaller, specialized models that fulfill specific needs, which are easier to secure and manage. Additionally, the standard emphasizes asset management, requiring organizations to keep detailed inventories of AI assets, their dependencies, and how they connect to other systems. This helps uncover hidden AI tools and ensures better overall security and control.

Overall, the ETSI EN 304 223 standard provides a comprehensive framework for building secure AI systems. It encourages organizations to embed security into every phase—from design and development to deployment and maintenance. By following these guidelines, companies can better protect their AI systems against evolving threats and build trust with users and regulators alike.

Inspired by

• https://www.artificialintelligence-news.com/news/meeting-the-new-etsi-standard-for-ai-security/

Sources

• etsi.org
• developer-tech.com