Standards for trustworthy AI in the European Union: technical rationale, structural challenges, and an implementation path
Piercosma Bisconti, Marcello Galisai
TL;DR
Problem addressed: translating EU AI obligations into auditable engineering practice through standards. Approach: layered standardization combining horizontal risk management with sectoral profiles and reproducible checks. Contributions: a concrete workable scheme linking hazard analyses, data provenance, evaluation plans, logging, and assurance cases over the lifecycle. Impact: enables scalable conformity assessment by providers, assessors, and authorities, while aligning with global standards and accommodating AI's lifecycle dynamics.
Abstract
This white paper examines the technical foundations of European AI standardization under the AI Act. It explains how harmonized standards enable the presumption of conformity mechanism, describes the CEN/CENELEC standardization process, and analyzes why AI poses unique standardization challenges including stochastic behavior, data dependencies, immature evaluation practices, and lifecycle dynamics. The paper argues that AI systems are typically components within larger sociotechnical systems, requiring a layered approach where horizontal standards define process obligations and evidence structures while sectoral profiles specify domain-specific thresholds and acceptance criteria. It proposes a workable scheme based on risk management, reproducible technical checks redefined as stability of measured properties, structured documentation, comprehensive logging, and assurance cases that evolve over the system lifecycle. The paper demonstrates that despite methodological difficulties, technical standards remain essential for translating legal obligations into auditable engineering practice and enabling scalable conformity assessment across providers, assessors, and enforcement authorities
