Our Project

Developing Standards for Trustworthy AI: Overview

Establishing Trustworthy AI Standards

The Center for Trustworthy AI (CTAI) is currently in its first project phase from 2022 to 2025, dedicated to conducting extensive research on establishing trustworthy AI standards.

Our strategy involves combining legal and ethical evaluations with scientific and engineering studies to create measurable trustworthiness metrics. These metrics will be designed to be integrated by AI developers and other participants at different stages throughout the entire lifecycle of AI systems, including data preprocessing, model training, model post-processing, and post-release monitoring.

CTAI's objective is to articulate legal and ethical requirements through quantifiable and comparable metrics and tools, rather than relying on abstract principles. This approach is expected to empower AI developers to efficiently incorporate trustworthy AI components into the systems they create. CTAI takes a context-specific approach, instead of a one-size-fits-all method, by considering the diverse contexts in which AI operates, which may vary by domain, layer/level, and specific use cases.

To establish the specific direction of the standards, CTAI is reviewing trustworthy AI standards in major jurisdictions:

ISO/IEC JTC 1/SC42 Standards

U.S. National Institute of Standards and Technology(NIST) Standards

Future Standardization Procedure of European Standardization Organizations

ISO/IEC JTC 1/SC42 Standards

U.S. National Institute of Standards and Technology(NIST) Standards

Future Standardization Procedure of European Standardization Organizations

The NIST has announced the following standards:

NIST AI 100-1, Artificial Intelligence Risk Management Framework (AI RMF 1.0) (2023) : This standard is established under the authority of the National Artificial Intelligence Initiative Act of 2020 (P.L. 116-283). It addresses key challenges in AI Risk Management Framework (AI RMF), which are categorized into risk measurement, risk tolerance, risk prioritization, and organizational Integration and management of risk. While classifying AI risks and trustworthiness into validity/reliability, safety, security/resilience, accountability/transparency, explainability/interpretability, privacy enhancement, and fairness/bias management, the core process of AI RMF is presented as governance, mapping, measurement, and management.

NIST AI 100-2e2023 ipd, Adversarial Machine Learning – A Taxonomy and Terminology of Attacks and Mitigations (2023) : This is currently in the initial draft stage. In this draft, Adversarial machine learning is categorized into evasion attacks, poisoning attacks, and privacy attacks.

In addition, the NIST has published special publications and internal reports as follows.

NIST SP 1270, Towards a Standard for Identifying and Managing Bias in Artificial Intelligence (2022)

Bias is categorized into systematic bias, human bias, and statistical/computational bias. To address it, a socio-technical perspective is emphasized, covering aspects such as (i) dataset availability, representativeness, and suitability, (ii) Test, Evaluation, Verification, and Review (TEVV) considerations for measurement and metrics to support testing and evaluation, and (iii) human factors. The publication also provides insights into challenges and directions for each category.

NISTIR 8312, Four Principles of Explainable Artificial Intelligence (2021)

This publication outlines four principles of explainability, which include providing explanations that are meaningful, accurate, and within the limits of knowledge. It focuses on methodologies that can deliver practical explanations.

NISTIR 8367, Psychological Foundations of Explainability and Interpretability in Artificial Intelligence (2021)

This report delves into the psychological basis of explainability and interpretability in AI. It analyzes how explainability is valuable to developers for debugging and system improvement, while interpretability benefits regulators, policy makers, and general users. It emphasizes the need for explainability to ensure interpretability and defines interpretability as contextualizing data within structured background knowledge, presenting it in a simplified manner that captures essential distinctions, and justifying the corresponding output based on human user values.

ISO/IEC JTC 1/SC42 Standards

U.S. National Institute of Standards and Technology(NIST) Standards

Future Standardization Procedure of European Standardization Organizations

The current version of the EU AI Act stipulates that high-risk AI systems and foundation models that align with harmonized standards (HAS) published in the Official Journal of the European Union (OJEU), in accordance with Regulation (EU) 1025/2012, shall be presumed to comply with the requirements outlined in Chapter 2 or Article 28b, to the extent that these standards encompass those requirements.

1a.: The European Commission (EC) is mandated to issue standardization requests covering all the requirements outlined in the EU AI Act Regulation no later than two months following the enactment of the EU AI Act.

1b.: These standardization requests should explicitly address the need to ensure the consistency of standards, including their alignment with the European product safety regulations of the Single Market listed in Annex II.

1c.: Throughout the standardization process, the stakeholders involved are expected to consider the overarching principles for trustworthy AI, as set forth in Article 4(a). They should also aim to foster investment and innovation in AI, enhance competitiveness and growth within the EU Single Market, contribute to bolstering global cooperation on standardization, while acknowledging existing international AI standards that align with EU values, fundamental rights, and interests. Furthermore, they should ensure a balanced representation of interests and enable effective participation by all relevant stakeholders.

The European Standardization Organization (ESO), responsible for developing harmonized standards (HAS), is comprised primarily of the European Committee for Standardization (CEN), which represents national standardization bodies of EU member states, and the European Committee for Electrotechnical Standardization (CENELEC), a non-profit organization. Additionally, the European Telecommunications Standards Institute (ETSI) is expected to provide assistance within its relevant scope. Should the EU AI Act receive approval from the EU Council in early 2024 and become enacted, the two-year grace period is likely to witness intensive preparations for the forthcoming standards.

CTAI recognizes that existing standards often remain at the abstract level of AI ethics or are insufficient to offer specific and comparable metrics that can be directly referenced during development. This limitation arises from their focus on identifying common problem drivers shared by all AI systems. CTAI is actively pursuing alternative approaches to address this challenge. While NIST's AI RMF 1.0 represents progress by delineating the specific context of AI use, mapping associated risks, and presenting a methodology for measurement, it has not yet reached the stage of identifying precise social hazards within each domain, application phase, and usage scenario.

To overcome the shortcomings of current standards and propose new national and international standards, CTAI is taking the following steps:

In addition to preparing and submitting contributions for standard adoption, various metrics and indicators established during the standard development process will be directly applied to create a module for measuring and enhancing the trustworthiness of AI in the second phase (2025 – 2029).