[ETSI EN 304 223] Securing Artificial Intelligence (SAI); Baseline Cyber Security Requirements for AI Models and Systems
Today ETSI announces the publication of its new standard, ETSI EN 304 223, that provides baseline cybersecurity requirements for AI models and systems. Building on the foundational work set out in its recent Technical Specification, it is a first globally applicable European Standard (EN) for AI cybersecurity. The EN has been extensively reviewed, and formally approved by National Standards Organisations voting, giving it a broader international scope and strengthening its authority across global markets.
ETSI EN 304 223 establishes a robust framework to shield AI systems from growing and increasingly sophisticated cyber threats. Reinforcing the principles introduced in ETSI TS 104 223, the new standard guarantees a mature, structured and lifecycle-based set of baseline security requirements for AI models and systems.
Adopting a whole life-cycle approach, ETSI EN 304 223 defines 13 principles and requirements across five phases: secure design, secure development, secure deployment, secure maintenance, and secure end of life. Each one of these phases align with internationally recognised AI lifecycle models, ensuring consistency and interoperability with existing standards and guidance. Relevant standards and publications are referenced at the start of each principle to support implementation and harmonisation within the wider AI ecosystem.
Finally, an upcoming Technical Report, ETSI TR 104 159, will further this work with a domain-specific application of the ETSI EN 304 223 principles to generative AI, focusing on deepfakes, misinformation, disinformation, confidentiality risks, copyright and IPR concerns, while delivering more prescriptive specifications for this domain where necessary.
Date : 15/01/2026
ETSI EN 304 223 on ETSI web Site