The AI risk management according to the ISO/IEC 23894 standard

25 Jun 2025 07:00 AM - By itSMF Staff

Reading time: ~ 3 min.

direttiva sulla responsabilità da intelligenza artificiale itsmf blog

ISO/IEC 23894 standard: the risk management of artificial intelligence (AI)

The ISO/IEC 23894:2023 standard on «Information technology — Artificial intelligence — Guidance on risk management» provides an effective guidance for risk management related to Artificial Intelligence (AI) for all kind of organizations that:
  • develop
  • produce
  • deploy
  • use
AI-based products, systems or even services.

This standard is useful also to help organizations to integrate risk management into their AI-related activities and functions. It provides a description of the processes needed for the effective implementation and integration of AI risk management.

The ISO/IEC 23894:2023 standard structure

The ISO/IEC 23894:2023 standard has 6 main chapters and 3 «ANNEX» (A, B and C). This is an overview on its structure:

  • Chapter 1: scope
  • Chapter 2: normative reference
  • Chapter 3: terms and definitions
    • Chapter 4: principles of AI risk management
    • Chapter 5: framework
      • 5.1 General
      • 5.2 Leadership
      • 5.3 Integration
      • 5.4 Design
      • 5.5 Implementation
      • 5.6 Evaluation
      • 5.7 Improvement
    • Chapter 6: Risk management process
      • 6.1 General
      • 6.2 Communication and consultation
      • 6.3 Scope, context and criteria
      • 6.4 Risk assessment
      • 6.5 Risk treatment
      • 6.6 Monitoring and review
      • 6.7 Recording and reporting
      • Annex A (information) common AI-related objectives
      • Annex B (information) common AI-related risk sources
      • Annex C (information) Risk management and AI System life cycle; it provides an example mapping between the risk management processes and an AI system life cycle.

      Our infographic on ISO/IEC 23894:2023 standard

      To better figure out  the «big picture» on the ISO 23894 standard, take a look at our infographic:

      By Andrea Leonardi (Minerva Group Service, Alpemi Consulting & itSMF Swizerland board member).

      The ISO 23894 standard and the main references

      The ISO 23894 standard is not only referred to by ISO 31000:2018. We find references to this guidance also on ISO 42001 standard on «Management Systems for Artificial Intelligence»

      If we take a look at the EU Regulation 2024/1689 (known as «EU Artificial Intelligence Act) we find some correlations between it and the ISO 23894 standard.
      If you want to keep you up-to-date with the most recent news on this topic, don't forget to subscribe to our newsletter: you will get a monthly update with the most relevant and valuable content from our experts!

      SUBSCRIBE TO OUR NEWSLETTER

      Need to know more about it?

      Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

      Subscribe to itSMF Newsletter
      CONTACT US TO SEND YOUR MESSAGE
      DISCOVER OUR EVENT CALENDAR
      Get the benefits of Membership Program

      Our sponsors

      A special thanks to our Advanced Sponsors:

      itSMF Staff

      Categories :
      Tags :