What Is ISO/IEC 23894?
ISO/IEC 23894 is the international standard providing guidance on managing risks specific to the development and use of artificial intelligence.
ISO/IEC 23894 — the international standard providing guidance on managing risks specific to the development and use of artificial intelligence.
ISO/IEC 23894:2023 adapts the general risk-management framework of ISO 31000 to the AI context. Where ISO/IEC 42001 specifies the requirements for an AI management system (the "what"), 23894 provides detailed guidance on the risk-management process within it (the "how") — risk identification, analysis, evaluation, and treatment for AI-specific harms. The two standards are designed to be used together.
Source: ISO/IEC 23894:2023; ISO 31000:2018
Plain-language explanation
ISO/IEC 23894:2023 adapts the general risk-management framework of ISO 31000 to the AI context. Where ISO/IEC 42001 specifies the requirements for an AI management system (the "what"), 23894 provides detailed guidance on the risk-management process within it (the "how") — risk identification, analysis, evaluation, and treatment for AI-specific harms. The two standards are designed to be used together.
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →