ETSI Unveils New Baseline Requirements for Securing AI

Posted on by

European standards organization ETSI has released a new set of technical specifications designed to serve as an “international benchmark” for securing AI models and systems.

ETSI TS 104 223 is titled Securing Artificial Intelligence (SAI); Baseline Cyber Security Requirements for AI Models and Systems.

It describes a set of 13 core principles, expanding to a total of 72 trackable principles, across five lifecycle phases: secure design, development, deployment, maintenance and end of life.

It will benefit all relevant stakeholders in the AI supply chain, from developers and vendors to integrators and operators, the standards body claimed.

Read more on securing AI: AI Safety Summit: OWASP Urges Governments to Agree on AI Security Standards

The specs incorporate not only tried-and-tested security best practices, but also novel approaches aligned with the unique challenges presented by AI systems and models. These include data poisoning, model obfuscation, indirect prompt injection and vulnerabilities tied to complex data management, ETSI said.

Scott Cadzow, chair of ETSI’s Technical Committee for Securing Artificial Intelligence, described the specification as a “global first” in setting a clear baseline for securing AI.

“In an era where cyber-threats are growing in both volume and sophistication and negatively impacting organizations of every kind, it is vital that the design, development, deployment, and operation and maintenance of AI models is protected from malicious and unwanted inference,” he added.

“Security must be a core requirement, not just in the development phase, but throughout the lifecycle of the system. This new specification will help do just that – not only in Europe, but around the world.”

No Mention of UK’s Role

ETSI claimed that the document was developed by its Technical Committee (TC) on Securing Artificial Intelligence (SAI), which it said includes representatives from international organizations, government bodies and cybersecurity experts. 

However, on first glance it appears indistinguishable from the UK government’s AI Code of Practice, published in February. Its 13 principles and five lifecycle phases are identical.

In fact, the government at the time claimed that its code, “produced in collaboration with global partners,” would form the basis of a global ETSI standard.