EU AI Act: Technical Standards
The EU AI Act sets the rules, but the "Harmonized Standards" will dictate the technical implementation. Here is what engineering teams need to know.
The Role of CEN/CENELEC
The European Commission has issued a standardization request to CEN (European Committee for Standardization) and CENELEC (European Committee for Electrotechnical Standardization).
These bodies are drafting the technical specifications that, if followed, grant a "presumption of conformity" with the AI Act.
Key Standards in Development
While the final texts are still being drafted (expected 2025), we know the key areas they will cover based on the standardization request (M/593).
Risk Management System
Standardizing how to identify, estimate, and evaluate risks to health, safety, and fundamental rights. Likely to draw heavily from ISO/IEC 23894.
Data Governance & Quality
Specifications for training, validation, and testing datasets. Requirements for data relevance, representativeness, and error-freeness.
Human Oversight
Technical measures to enable effective human supervision (human-in-the-loop). Designing interfaces that prevent "automation bias".
Preparing for Compliance
You don't need to wait for the final standards to start preparing. The direction of travel is clear.
- Adopt ISO 42001: It is the closest international proxy and will likely align closely with the EU standards.
- Document Everything: Start building your technical documentation (Annex IV) now. Record your data sources, model architecture, and training process.
- Implement Logging: The Act requires automatic recording of events (logging) to ensure traceability.
Stay Updated
The standards landscape is evolving monthly. Subscribe to our regulatory alerts to get notified when drafts are published.