The governance and security of Artificial Intelligence (AI) is a hot topic in compliance. Over the past two years, businesses have been trying to understand how emerging AI legislation, international standards and Government guidance fit together.
The publication of the UK’s Digital Standards Strategy 2026-2030 provides an important indication of the Government’s direction of travel. While the strategy does not mandate specific ISO standards, it clearly signals that internationally recognised standards will play an increasingly important role in building trustworthy, secure and innovative digital technologies.
Significantly, the strategy explicitly references the ETSI standard on cyber security for AI (EN 304 223) which has been shaped “with significant UK government input from the Department for Science, Innovation and Technology and the National Cyber Security Centre” and draws from the UK’s Code of Practice for the Cyber Security of AI.
Here we look at the impact of ETSI EN 304 223 on ISO 42001, ISO 27001 and AI Governance in general.
From UK Guidance to an International Standard
The origins of ETSI EN 304 223 can be traced directly back to the UK’s AI Cyber Security Code of Practice, published by the UK Government in early 2025.
The Code of Practice was developed by the UK’s Department for Science, Innovation and Technology (DSIT) and the National Cyber Security Centre (NCSC) to provide practical cyber security guidance for organisations designing, developing, deploying and operating AI systems.
Rather than remaining a UK-only publication, the guidance attracted international interest. ETSI adopted the principles and developed them into ETSI TS 104 223, an international Technical Specification that became the first global technical specification dedicated to AI cyber security.
Following review and approval by European National Standards Bodies, the specification has now been published as ETSI EN 304 223, giving it the status of a full European Standard with international relevance.
ETSI EN 304 223 should now be considered one of the first comprehensive internationally recognised baseline standards for AI cyber security
What Does ETSI EN 304 223 Cover?
Unlike traditional information security standards, ETSI EN 304 223 recognises that Artificial Intelligence introduces unique cyber security challenges throughout the AI lifecycle.
The standard establishes baseline security requirements covering five lifecycle phases:
- Secure Design
- Secure Development
- Secure Deployment
- Secure Maintenance
- Secure End of Life
Across these phases, ETSI EN 304 223 defines thirteen core security principles supported by detailed technical requirements addressing AI-specific threats including:
- Data poisoning
- Prompt injection
- Model inversion / inference attacks
- Model theft
- Supply chain compromise
- Training data integrity
- Secure model deployment
- Continuous monitoring
- Incident response
- Secure retirement of AI models
The standard applies to organisations throughout the AI supply chain, including developers, software vendors, cloud providers, integrators and organisations deploying AI in operational environments.
Unlike high-level frameworks, ETSI EN 304 223 includes detailed ‘shall’ and ‘should’ provisions, making it suitable for audit, assurance, and structured implementation.
The UK’s Digital Standards Strategy Signals the Future
The publication of ETSI EN 304 223 closely aligns with the UK’s Digital Standards Strategy 2026-2030.
The strategy identifies Artificial Intelligence and cyber security as strategic priorities and sets out the Government’s ambition for the UK to play a leading role in developing international digital standards rather than relying solely on regulation.
Importantly, the strategy recognises that internationally recognised standards help organisations innovate safely, improve resilience, strengthen international trade and build public confidence in emerging technologies.
Although the strategy does not specifically reference ISO/IEC 42001 or ETSI EN 304 223 by name, its direction of travel is clear. Organisations will increasingly be expected to demonstrate that AI systems are governed, managed and secured using recognised international standards.
The evolution of the UK’s AI Cyber Security Code of Practice into ETSI EN 304 223 is an excellent example of that strategy becoming reality, with UK-developed guidance now forming the basis of an internationally recognised standard.
How ETSI EN 304 223 Relates to ISO/IEC 42001
ETSI EN 304 223 DOES NOT replace ISO/IEC 42001, as the two standards address different aspects of responsible AI.
ISO/IEC 42001 is an Artificial Intelligence Management System (AIMS) standard. It provides the governance framework for managing AI across an organisation, including leadership, policy, risk management, documented information, performance evaluation and continual improvement.
ETSI EN 304 223 focuses specifically on protecting AI systems from cyber threats.
A useful way to think about the relationship is:
- ISO/IEC 42001 answers How should we govern AI?
- ETSI EN 304 223 answers How should we secure AI?
Together, they provide a comprehensive framework for trustworthy Artificial Intelligence.
Where ISO/IEC 27001 Fits
Many organisations already operate an Information Security Management System certified to ISO/IEC 27001.
This provides an excellent foundation for implementing ETSI EN 304 223.
ISO/IEC 27001 establishes controls for information security, including asset management, access control, supplier security, vulnerability management, incident response and continual improvement.
ETSI EN 304 223 builds upon these established practices by introducing controls that are specific to Artificial Intelligence.
Rather than replacing ISO/IEC 27001, organisations should view ETSI EN 304 223 as an extension that addresses AI-specific cyber security risks not fully covered by traditional information security standards.
Why Organisations Should Act Now
Artificial Intelligence is becoming embedded within products, services and business operations at an unprecedented pace.
Customers, regulators and supply chain partners increasingly expect organisations to demonstrate that AI systems are not only innovative but also secure, well governed and trustworthy.
By implementing recognised standards such as ISO/IEC 42001, ISO/IEC 27001 and ETSI EN 304 223, organisations can demonstrate a structured approach to AI governance, cyber security and risk management while preparing for future regulatory developments.
Early adoption can also provide a competitive advantage by increasing customer confidence and reducing cyber security risks before they become costly incidents.
How Assent Risk Management Can Help
Assent Risk Management helps organisations build secure, trustworthy and well-governed AI systems. We have analysed and mapped ETSI EN 304 223 to existing frameworks and we’re ready to help.
Our services include:
- Gap analysis against ETSI EN 304 223
- ISO 42001 implementation and certification readiness
- Integration with ISO 27001 Information Security Management Systems
- Internal audits and management reviews
- AI governance and cyber security training
- Outsourced AI Governance Roles.
Whether your organisation is beginning its AI journey or looking to strengthen existing AI controls, our consultants can help you implement practical management systems aligned with the latest international standards. Contact Us!
Speak to Our AI Governance Specialists
If you are developing, deploying or procuring AI systems, now is the ideal time to review your governance and cyber security arrangements.
Contact Assent Risk Management to discuss ISO/IEC 42001 implementation, ISO/IEC 27001 integration and alignment with ETSI EN 304 223, helping your organisation build secure, trustworthy and resilient Artificial Intelligence. Contact Us!

