The European Telecommunications Standards Institute (ETSI) has published a new technical specification for AI cyber security.

The new specification aims to provide all organisations within the AI supply chain, including developers, system operators, data custodians, and end-users, with “clear baseline security requirements to help protect AI systems”.

The content and structure of the specification rely heavily on the work undertaken by the National Cyber Security Centre (NCSC) and Department for Science, Innovation and Technology in their development of the voluntary AI Cyber Security Code of Practice (which we commented upon here).

Like the Code of Practice, the new specification contains 13 principles which are expected to be followed, separated according to the five stages of the AI lifecycle (secure design, secure development, secure deployment, secure maintenance, and secure end of life). Similarly, for each principle, the specification sets out the stakeholders to which it will primarily apply.

Also published alongside the new specification is a technical report aimed at helping organisations to implement its provisions.

Announcing the new specification, the NCSC confirmed that the AI Cyber Security Code of Practice will be updated to reflect the specification as published by ETSI. It also confirmed that the next step will be to work towards a European standard which may well be adopted beyond Europe.

To read more, click here.