W E a- I 18 V a3 0 E 2 02 R ) 23 2 i t/ 8- P .a is 2 h /s 0 D e s 24 R t rd - .i : a tr A s d d c- D rd ar an ie N a d st o- n / is A d ta og / T n s l 1 S a ll ta 4a st u a 0 h ( F /c fd e ai 6 T h. 0 i e 7a TECHNICAL .it 9 s -1 rd 3 REPORT a b7 nd -9 ta 2 /s 2a :/ -4 ps b tt e h 44 ISO/IEC TR Information technology — Artificial intelligence — Overview of trustworthiness in artificial intelligence 24028 Technologies de l'information — Intelligence artificielle — Examen d'ensemble de la fiabilité en matière d'intelligence artificielle First edition PROOF/ÉPREUVE ISO/IEC TR 24028:2020(E) Reference number © ISO/IEC 2020 ISO/IEC TR 24028:2020(E) W E a- I 18 V a3 0 E 2 02 R ) 23 2 i t/ 8- P .a is 2 h /s 0 D e s 24 R t rd - .i : a tr A s d d c- D rd ar an ie N a d st o- n / is A d ta og / T n s l 1 S a ll ta 4a st u a 0 h ( F /c fd e ai 6 T h. 0 i e 7a .it 9 s -1 rd 3 a b7 nd -9 ta 2 /s 2a :/ -4 ps b tt e h 44 © ISO/IEC 2020 All rights reserved. UnlessCOPYRIGHT otherwise specified, PROTECTED or required inDOCUMENT the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester. ISO copyright office Phone:CP +41 401 22 • Ch. 749 de 01 Blandonnet 11 8 CH-1214 Vernier, Geneva Website:Fax: www.iso.org +41 22 749 09 47 Email: [email protected] ii Published in Switzerland PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved ISO/IEC TR 24028:2020(E) Contents Page Foreword ..........................................................................................................................................................................................................................................v Introduction ................................................................................................................................................................................................................................vi 1 Scope ................................................................................................................................................................................................................................. 1 2 Normative references ...................................................................................................................................................................................... 1 3 Terms and definitions ..................................................................................................................................................................................... 1 4 Overview ....................................................................................................................................................................................................................... 7 5 Existing frameworks applicable to trustworthiness ....................................................................................................... 7 ................................................................................................................................................................................................ 7 ...................................................................................................................................................... 8 5.1 Background ............................................................................................... 8 5.2 Recognition of layers of trust ...........................................................................................................................................10 5.3 Application of software and data ............................................................................................................................................. quality standards 10 5.4 Application of risk management 6 Stakeholders ..........................................................................................................................................................................................................11 5.5 Hardware-assisted approaches ................................................................................................................................................................................11 W a- .............................................................................................................................................................................................................IE 8 12 V 31 6.16.3 GeneralAssets ........................................................................................................................................................................................................... concepts a 20 12 E 32 0 ...........................................................................................................................................................................................................R ) 2 2 6.2 Types i t/ 8- 13 P .a is 2 h /s 0 7 Recognition of high-level concerns ................................................................................................................................................D e s 24 13 6.4 Values R t rd - .i : a ........................................................................................................tr 13 A s d d c- ............................................................................................................................................................................................................D d r an ie 14 r da t - N a n /s so 7.1 Responsibility, accountabilityA d and governancea g /i 8 Vulnerabilities, threats and challenges .....................................................................................................................................t lo 1 14 7.2 Safety T n l s a a ........................................................................................................................................................................................................S ta l t 4 s u ca 0 14 h ( F i/ fd e .........................................................................................................................................................a 6 15 iT h a0 8.1 General ...................................................................................................................................................................................te 7 15 .i 19 8.2 AI specific security threats ................................................................................................................................................................ds - 15 r 73 8.2.1 General a ......................................................................................................................................................b 15 nd -9 8.2.2 Data poisoningt .................................................................................................................................................................a 2 16 /s 2a 8.2.3 Adversarial attacks:/ -4 .....................................................16 ps b tt e ..........................................................................................................................................................16 8.2.4 Model stealingh 44 8.2.5 Hardware-focused................................................................................................................................................................................... threats to confidentiality and integrity 16 8.3 AI specific privacy threats .............................................................................................................................................................16 8.3.1 General .............................................................................................................17 8.3.2 Data acquisition ......................................................................................................................................................................17 8.3.3 ................................................................................................................................................................................................................. Data pre-processing and modelling 17 8.3.4 Model query ..................................................................................................................................................................................17 8.4 Bias .............................................................................................................................................................................................18 8.5 Unpredictability ........................................................................................18 8.6 Opaqueness ................................................................................19 8.7 Challenges related to the specification of AI................................................................................................................... systems 19 8.8 Challenges8.8.2 Modelling related .............................................................................................................................................................................to the implementation of AI systems 19 8.8.1