A world first: the ETSI global cybersecurity standard for AI

The security requirements within the standard will uplift and strengthen essential security controls, setting consistent baseline protections that ensure robust assurance across the AI supply chain.
By building on global cyber security best practices, ETSI EN 304 223 offers clarity and consistency for developers, regulators, and businesses navigating the AI landscape. It sets out 13 principles across the five stages of an AI lifecycle: Design; Development; Deployment; Maintenance; End of Life.

The EN was originally published as the specification ETSI TS 104 223 alongside a detailed implementation guide (ETSI TR 104 128) for specific AI use cases (e.g. a company’s LLM Chatbox for customer interactions; a hospital’s LLM Chatbox for health advice and appointment scheduling; a tech company’s use of a new multimodal LLM capable of generating text, audio and images; a mid-size software company’s ML-based fraud detection system; a law firm leveraging an open-access LLM combined with confidential casework to accelerate legal research; etc). The framework has now been upgraded to a full European Standard (EN) through the rigorous EN Approval Procedure (ENAP) of consulting and gathering feedback from industry, governments and academia from the National Standards Bodies of over 30 European countries .

This upgrade matters because EN status means wider adoption, stronger credibility, and alignment with European legislation, including the EU AI Act. For businesses, it means lower compliance costs, greater interoperability, and a clear framework for trusted innovation.

Standards don’t emerge in isolation. This work is the product of a multistakeholder and collaborative effort throughout the lifecycle of its development.

Key players include:

• The members of ETSI’s Technical Committee on Securing AI (TC SAI), providing their unique expertise as AI cyber security experts and standards professionals.
• The UK National Cyber Security Centre (NCSC) and UK Department for Science, Innovation & Technology (DSIT), leveraging their insights and building on their globally consulted documents (“Guidelines for Secure AI System Development” and “Cyber Security of AI Code of Practice”) that received feedback from hundreds of organisations and government departments from over 20 countries from all continents across the globe (minus Antarctica obviously!)
• Global industry and academia partners specialising in AI and cyber security, providing technical expertise and real-world perspectives.
• Government cyber and technology departments across the globe, supporting to shape the security requirements.
• CEN and CENELEC, including the experts in JTC 21 who are responsible for the development of standards that will underpin the EU AI Act, ensuring alignment with continental frameworks.
• National Standards Bodies across Europe, facilitating engagement at the country level.
• Other standards bodies, including the experts in ITU-T SG17 and ISO/IEC SC27 and SC42, helping to maintain global compatibility through drawing on existing standards and those under development.

This collaborative model ensures the standard is robust, practical, and future-proof—ready to evolve with new technological developments and security risks. Only through this inclusive approach can we develop standards that are much more likely to be both technically high-quality and relevant to ensure they are fit for adoption.

While ETSI EN 304 223 is classed as a “European Standard”, we welcome and encourage the adoption of the standard from all across the world. Alongside mapping to the EU AI ACT (ETSI TR 104 065), ETSI has mapped its requirements to initiatives such as NIST’s AI Cyber Profile and Singapore’s AI security guidelines to facilitate and encourage international harmonisation. The standard is also positioned to support implementation of the cyber security provisions from the EU AI Act, particularly for high-risk systems where transparency, risk management, and human oversight are critical.

ETSI EN 304 223 is more than a technical document – it’s a milestone in shaping the future of AI security. By establishing clear, baseline requirements and fostering global collaboration, this standard provides the foundation for trust, resilience, and innovation in an increasingly AI-driven world. Its principles don’t just protect systems; they protect people, businesses, and societies that will increasingly rely on AI every day.

As cyber threats evolve, so must our collective response. ETSI EN 304 223 proves that when standards bodies, industry, academia and governments work together, we can create standards that are not only technically robust but globally relevant. The message is clear: collaboration isn’t optional—it’s the gold standard for securing AI.