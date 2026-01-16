ETSI has published a new European standard aimed at strengthening cyber security for artificial intelligence systems, setting out requirements to improve resilience and trust. The standard provides a common framework to help organisations address cyber risks associated with AI technologies.

In December, the European Telecommunications Standard Institute (ETSI) released an updated standard titled “Securing Artificial Intelligence (SAI); Baseline Cyber Security Requirements for AI Models and Systems”, formally designated EN 304 223.

This new standard builds on two key internationally grounded documents: the NCSC/CISA Guidelines for Secure AI System Development and the UK Government’s Code of Practice on AI Cyber Security, which underwent extensive global consultation in 2024. The UK Code will soon be updated to align with ETSI’s latest standard, ensuring consistency across jurisdictions.

EN 304 223 sets out minimum-security measures across the entire AI lifecycle, tackling high-risk threats such as data poisoning, model manipulation, indirect prompt injections and operation of differences associated with data management. It builds on ETSI’s earlier technical specification (TS 104 223) and guidance document (TR 104 128), with a conformity assessment (TS 104 216) currently in development.

The global standard maps the principles and requirements into four life cycle stages described in the ISO/IEC 22989:

The secure design and development principles can be applied during the Design and development life cycle stage

The secure deployment principles can be applied during the Deployment stage

Secure maintenance to the operations and monitoring stage

Secure end of life during the Retirement stage

This milestone marks significant progress in aligning global standards to support businesses as they adapt to changing cyber security requirements and build confidence in new technologies.

The Department for Science, Innovation and Technology is now looking to raise awareness and broaden the adoption of EN 304 223 across industry, alongside current efforts to encourage adoption of good cyber practices and identify opportunities for international collaboration.

techUK welcomes the opportunity to support DSIT in its mission to increase the adoption of cyber security principles across the UK.