AI Act and Standards

Free sponsorships

UPS - Facoltà di Scienze della Comunicazione sociale
CeSIntES
Stati Generali Innovazione
AIP ITCS - Associazione Informatici Professionisti
GUFPI ISMA
ISO 25000
AQCLab
Accademia di Comunicazione
ISO 25000
dqTeam
DATA QUALITY LAB

VERSIONE ITALIANA

The ongoing work “Mapping International Standards and AI Act” was proposed in 2024 by UNI TC 533 to CEN/CENELEC JTC21/AI (3 May, N632), with acknowledgement from the UK (20 May, N667) and presented during the plenary at the University of Bath (3-6 June, N691). Some aspects and examples were subsequently presented in JTC21 Working Groups (17 Sep. WG3 N454 – Bias); 18 Sep. WG4 N724 – Mapping); 25 Sep. WG1 N410 – Definitions); 27 Sep. WG2 N424 – Mapping). 

Based on these premises, available for members of JTC21, the UNI TC 533 technical committee, with the hosting support of the AIopenmind.it association, has started this work, also agreed with UNINFO, with the aim of sharing the results with other TCs, Working Groups, Stakeholders. 

368 Mapped Terms connected with:
– AI Act: 180 Whereas, 113 Articles, 13 Annexes
84 Standards (work in progress)
– Data Act: 119 Whereas, 50 Articles
– Data Governance Act: 63 Whereas, 38 Articles

The data, as presented, have a research value and not an exclusively legal value.

In the European context, the standards published by CEN/CENELEC are considered as “harmonised’, prescriptive and will comply with the AI Act. The existing standards defined by ISO/IEC, or those developed by other organisations, can be considered as source voluntary and complimentary. 

The current term-based methodology, aims to reinforce correspondence between European standards and law. At the same time mapping of existing standards gives a source of reference to elicit considerations on eventual gaps or redundancies among new and old standards, legislation, institutions, and bodies.
In other words, a global vision of standards associated to law through terms, is revealing a way for facilitating the consistency of the system and for giving elements  to improve the alignment of existing terms. The result of mapping can be considered a guide to creating new terms, where necessary, avoiding duplication and taking into account  the ad hoc rules defined by the European directives, such as for example the prescription of using only terms defined in the articles of AI Act or considering the permission of using terms if they are officially defined in some standards.

The tool of ‘Mapping International Standards and AI Act’ is an excellent resource because it enhances the clarity of terminology and provides valuable support for advancing new standardization requests, highlighting terminological gaps not covered by any standard or European regulation, and carrying out more harmonisation. Increasing the basis of analysis, has introduced a further in-depth insight due to the interconnection between the Whereas, Annexes and Articles of the AI Act, the Data Act, the Data Governance Act and the GDPR. 

The tool goes even further and works as a catalog of “best practices” (especially those included in ISO standards). It can facilitate the implementation of the AI Act requirements, the request for new standards, the adoption of the law. It could be considered a very useful catalog of “best practices” and being perfectly linked to all articles of the AI Act takes on much more value not only as a mapping for the community of standardizers, legal experts and developers, but also for commercial enterprises, stakeholders, researchers and end users.

Additionally, a goal is to enrich our analytical framework by incorporating the NIS 2 Directive and other relevant standards related to cyber risk management within the context of AI. The automatic mapping and analysis of links added in the following list, aims to facilitate the autonomous research of definitions of terms to reach the maximum level of consistency. 

The automatic mapping and analysis of links aims to facilitate the research of definitions of terms, if not present in the AI Act. In general the clause 3 of the identified standards contains definitions of terms. Article 3 of the AI Act also contains definition of terms from a regulation point of view. 

Adoptable process discovering standards, terms and definitions of AI

5 November 2024

  • 1) Mapping & Terminology – Global vision of AI Act (Article, Whereas, Annexes), Standards, Data Act and Data Governance Act (pdf)
  • 2) Terms and articles (pdf)
  • 3) Articles and terms/standards (pdf)
  • 4) Standards and terms/articles (pdf)
  • 5) Articles and sub-articles connections (pdf)
  • 6) Whereas and relation with other EU norms (pdf)
  • 7) Annexes and relation with other EU norms (pdf)

—– SUMMARY of TERMS and STANDARDS —–

___________ link __________

Legislative norms

  • Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act).
    – AI Act (Whereas, Articles, Annexes)
    a) Articles (doc)
    b) Article 3 – Definitions (doc)
    c) Whereas (doc)
    d) Annex (doc)
  • First Draft of the General-Purpose AI Code of Practice published, written by independent experts
    Downloads
  • Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (Text with EEA relevance).
    Data Act
  • Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) (Text with EEA relevance).
    Data Governance Act
  • Eur-Lex
    European strategy for data (EU, 2020).
    Open data Directive (EU, 2019/1024).
  • Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 laying down rules for the application of Directive (EU) 2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers
    Regolamento di esecuzione (ue) 2024/2690 della Commissione (17 October 2024)
  • Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (Text with EEA relevance)Text with EEA relevance
    Consolidated text (14 December 2022)
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)
    Document 32016R0679 (27 April 2016)

Technical norms and standardization 

Italian initiative on AI

_____________________

Following the legislative principles of the EU AI Act, it is also possible to apply its implicit capability of categorization of existing standards. When possible, standards can be connected to the articles of the AI Act, based on the commonality of terms with syntactic accuracy used in both texts. The aim is to provide assistance for the semantic accuracy of terms and therefore to their definitions, correlating the meanings that terms assume between laws and standards. The connected standards can give practical and technical contributions to the applicability of aspects of legislative regulations.

The European Regulation AI Act sets out rules on artificial intelligence to promote the adoption of human-centric and trustworthy AI, while ensuring the protection of health, safety, fundamental rights, including democracy, environmental protection, and innovation.

Existing Standards developed for scientific purposes by standardization organizations, such as ISO, can help to support the application of the Union laws in terms of quality of processes, products, data and services.

In general, a single standard is not adequate to cover all requirements of an AI Act article and does not contain all the aspects needed for SR Standardization Requests. The integrations of AI Act and Standards are an opportunity to create harmonized legislative and technical documents to support the development and maintenance of AI systems. 

ai act standards

The most common problem when comparing texts is the frequent use of synonyms or the use of the same terms with divergent meanings. To better clarify the concept and adopt a more precise classification criteria approach, it is interesting to consider that the situation of terminology is derived from the experience of the technical experts and the native language of people working in different committees and organizations. 

This work in progress aims to give a comparative view among the contents of the AI Act articles and the standards, possibly facilitating the considerations for new proposals concerning harmonized EN standards. Furthermore, the applied method helps to find an alignment of terminology.

It is understood that what is reported in the AI Act, including aspects of directly related standards, is mandatory, while what is complementary in specific additional contents of standards, is voluntary.

It is also useful to reduce the risk of difficult interpretation of terms to distinguish at the origin the standards that contain them among: governance, management, process, product or service domains.

Another critical issue is the specificity of the combinations and the complementarity of some qualitative characteristics considered. With these limitations and promoting new AI solutions, readers can have a structured overview of the situation and gain cognitive benefits in standardization, research, learning and teaching.

The prevalent occurrences of the terms are shown in the following graph

The data, as presented, have a research value and not an exclusively legal value.

Screenshot
Terms among interrelated phases of production

AI-KET Artificial Intelligence – Knowledge Engineering Toolset – 5 September August 2024.

AI-KET Artificial Intelligence: Schema of the tool

UNI CT 533 volunteer Experts on Mapping

CC BY-NC-ND

Historical series previous updates

27 October 2024

  • 1) Mapping & Terminology – Global vision of AI Act (Article, Whereas, Annexes), Standards, Data Act and Data Governance Act (pdf)
  • 2) Terms and articles (pdf)
  • 3) Articles and terms/standards (pdf)
  • 4) Standards and terms/articles (pdf)
  • 5) Articles and sub-articles connections (pdf)
  • 6) Whereas and relation with other EU norms (pdf)
  • 7) Annexes and relation with other EU norms (pdf)

23 October 2024

20 October 2024

13 October 2024

09 October 2024354 Mapped Terms connected with 54 Standards

03 October 2024

27 September 2024

26 September 2024

16 September 2024

12 September 2024

10 September 2024

31 August 2024

  • 1) AI Act (pdf) Under review – 113 Articles AI Act
    • 1a) Simplified list of Articles Under review
  • 2) Standard (pdf) Under review – 53 Standards
    • 2a) Simplified list of Standards Under review
  • 3) Mapping by terms (pdf) Under review – 6 Unmatched terms
    • 3a) Simplified list of Terms in 113 Article AI Acts (Syntactic) Under review
  • 4) Terminology (pdf) Under review – 340 Terms

28 August 2024

26 August 2024

25 August 2024

19 August 2024

09 August 2024

07 August 2024

06 August 2024

05 August 2024

04 August 2024

31 July 2024

28 July 2024

24 July 2024

22 July 2024