ETSI Introduces AI Cybersecurity Baseline Standard

ETSI approved the EN 304 223 European Standard introducing baseline AI cybersecurity requirements for enterprises, covering deep neural networks, generative AI, and predictive systems while excluding academic research. It defines three primary technical roles—Developers, System Operators, and Data Custodians—and mandates asset inventories, provenance logging, cryptographic hashes, threat modelling, lifecycle security testing, and monitoring to address AI-specific risks like data poisoning and model obfuscation.
Key Points
- 1Defines baseline AI security requirements covering deep neural networks, generative AI, and predictive systems
- 2Establishes clear roles—Developers, System Operators, Data Custodians—to assign security responsibilities
- 3Requires asset inventories, provenance logs, cryptographic hashes, monitoring, and lifecycle security controls
Scoring Rationale
Official ETSI standard with comprehensive, industry-wide controls; formalises existing best practices rather than introducing radical new approaches.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

