pith. sign in

arxiv: 2604.22789 · v1 · submitted 2026-04-07 · 💻 cs.CY · cs.AI

UGAF-ITS: A Standards Harmonization Framework and Validation Tool for Multi-Framework AI Governance in Distributed Intelligent Transportation Systems

Talal Ashraf Butt , Muhammad Iqbal , Razi Iqbal This is my paper

Pith reviewed 2026-05-10 18:54 UTC · model grok-4.3

classification 💻 cs.CY cs.AI
keywords AI governanceintelligent transportation systemsstandards harmonizationEU AI ActISO/IEC 42001NIST AI RMFcompliance frameworkdistributed systems
0
0 comments X

The pith

UGAF-ITS consolidates obligations from ISO 42001, EU AI Act, and NIST AI RMF into 12 unified controls for three-tier ITS deployments that reach 91.7 percent coverage with 45.9 percent less evidence.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper addresses overlapping but incompatible AI governance demands in intelligent transportation systems by introducing a single harmonization layer. UGAF-ITS applies a five-phase crosswalk to merge 154 source obligations into 12 controls across eight domains and assigns each control to vehicle, edge, or cloud tiers where evidence production is practical. Twenty versioned artifacts form a reusable backbone that supports one audit package for all three frameworks. Validation on an open-source engine across four deployment scenarios shows high coverage, substantial evidence savings, and full bidirectional traceability, with results released for replication.

Core claim

UGAF-ITS is a standards harmonization framework that uses a reproducible five-phase crosswalk to merge 154 source obligations from ISO/IEC 42001, the EU AI Act, and the NIST AI Risk Management Framework into 12 unified controls spanning eight governance domains. A three-tier operating model assigns each control to the vehicle, edge, or cloud layer where enforcement and defensible evidence production are feasible, backed by an evidence backbone of 20 versioned artifacts that support a single audit package. An open-source governance engine validates this across four architecturally distinct ITS scenarios, showing that three-tier setups deliver 91.7 percent average framework coverage, 45.9%tage

What carries the argument

The five-phase crosswalk methodology that produces 12 unified controls allocated across a three-tier vehicle-edge-cloud operating model, supported by 20 versioned artifacts for unified auditing.

If this is right

  • Three-tier deployments achieve 91.7 percent average framework coverage.
  • Evidence needs drop by 45.9 percent while preserving complete bidirectional traceability.
  • Eighty percent of the 20 artifacts serve all three frameworks simultaneously.
  • Coverage and reduction scale with architectural complexity in partial deployments.
  • The open-source engine encodes the full crosswalk and eight compliance computations for direct replication.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same crosswalk approach could be applied to multi-framework compliance in other distributed AI domains such as healthcare or energy.
  • Operators could use the 20-artifact backbone to satisfy simultaneous certification audits rather than maintaining separate evidence sets.
  • The graceful performance drop in partial deployments indicates the framework retains value even when full three-tier infrastructure is unavailable.

Load-bearing premise

The five-phase crosswalk produces a faithful, non-lossy consolidation of the 154 source obligations, and the four ITS scenarios represent real-world distributed accountability.

What would settle it

An independent re-execution of the crosswalk on the original ISO 42001, EU AI Act, and NIST documents that yields materially different controls or fails to reach 91.7 percent coverage and 45.9 percent evidence reduction in the same scenarios would falsify the claim.

Figures

Figures reproduced from arXiv: 2604.22789 by Muhammad Iqbal, Razi Iqbal, Talal Ashraf Butt.

Figure 1
Figure 1. Figure 1: UGAF-ITS framework integrating three framework sources (left) through eight governance domains (center) to ITS deployment tiers (right), governed [PITH_FULL_IMAGE:figures/full_fig_p007_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Three-tier ITS governance model with AI components and unified control (UC) applicability at each tier. Vehicle tier addresses on-board AI under real-time [PITH_FULL_IMAGE:figures/full_fig_p008_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Five-phase crosswalk methodology for harmonizing AI governance frameworks into UGAF-ITS unified controls. The process transforms 154 source [PITH_FULL_IMAGE:figures/full_fig_p008_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: UGAF-ITS Governance Engine dashboard: executive summary (top) showing the five headline metrics across the primary urban scenario, and three-tier [PITH_FULL_IMAGE:figures/full_fig_p014_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Top: framework coverage across four ITS deployment archetypes; bars represent ISO [PITH_FULL_IMAGE:figures/full_fig_p016_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Crosswalk consolidation by governance domain. Stacked bars show the contribution of each source framework (ISO [PITH_FULL_IMAGE:figures/full_fig_p017_6.png] view at source ↗
read the original abstract

Organizations deploying AI-enabled Intelligent Transportation Systems face fragmented governance: ISO/IEC 42001 demands a certifiable management system, the EU AI Act imposes binding high-risk obligations from August 2026, and the NIST AI Risk Management Framework structures voluntary practice. Each instrument is internally coherent, yet they drive different control vocabularies, evidence expectations, and audit rhythms. In distributed ITS deployments where vehicle manufacturers, roadside integrators, and cloud operators each hold partial evidence and partial accountability, this fragmentation multiplies compliance effort and obscures incident traceability. This paper introduces UGAF-ITS, a standards harmonization framework that consolidates 154 source obligations from the three instruments into 12 unified controls across eight governance domains through a reproducible five-phase crosswalk methodology. A three-tier operating model allocates each control to the vehicle, edge, or cloud tier where enforcement and defensible evidence production are feasible. An evidence backbone of 20 versioned artifacts supports a single audit package across all three frameworks without duplicating content. We validate UGAF-ITS through an open-source governance engine evaluated across four architecturally distinct ITS deployment scenarios. The engine encodes the complete crosswalk catalog and executes eight compliance computations. Three-tier deployments achieve 91.7% average framework coverage with 45.9% evidence reduction, complete bidirectional traceability, and 80% of artifacts serving all three frameworks simultaneously. Partial deployments degrade gracefully: coverage and reduction scale with architectural complexity. The tool, scenarios, and all reported results are publicly available for independent replication.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript introduces the UGAF-ITS framework, which harmonizes 154 obligations from ISO/IEC 42001, the EU AI Act, and the NIST AI Risk Management Framework into 12 unified controls across eight governance domains via a reproducible five-phase crosswalk methodology. It proposes a three-tier (vehicle/edge/cloud) operating model for distributed ITS deployments and validates the approach using an open-source governance engine across four architecturally distinct scenarios, reporting an average 91.7% framework coverage, 45.9% evidence reduction, complete bidirectional traceability, and 80% of artifacts serving all frameworks simultaneously.

Significance. If the crosswalk is shown to be non-lossy and the scenarios representative, the work provides a practical, tool-supported method for reducing compliance duplication and improving traceability in multi-framework AI governance for distributed ITS. The public release of the governance engine, scenarios, and all results is a clear strength that supports independent replication and strengthens the quantitative claims.

major comments (2)
  1. [Crosswalk Methodology] Crosswalk Methodology section: The central claim that the five-phase crosswalk produces a faithful, non-lossy consolidation of the 154 source obligations into 12 unified controls underpins the reported 91.7% average coverage and 45.9% evidence reduction. The manuscript provides no explicit mapping table, conflict-resolution rules (e.g., for high-risk EU AI Act requirements on human oversight or data governance), or quantitative fidelity/loss metrics, so it is not possible to verify that obligations are preserved without dilution of specificity or auditability.
  2. [Validation section] Validation section (four scenarios): The claim of graceful degradation in partial deployments and the 91.7%/45.9% metrics rest on the representativeness of the four architecturally distinct ITS scenarios. The manuscript should include explicit selection criteria or sensitivity checks to confirm these scenarios adequately capture real-world distributed accountability structures.
minor comments (2)
  1. [Abstract] Abstract: The statement of 'complete bidirectional traceability' and '80% of artifacts serving all three frameworks' should be supported by a brief description of the evidence backbone implementation in the main text.
  2. [Results] Results reporting: The quantitative metrics lack error bars, sensitivity analysis, or per-scenario breakdowns; adding these would improve clarity without altering the core claims.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on our manuscript describing UGAF-ITS. The comments highlight important opportunities to improve verifiability and transparency. We address each major comment below and commit to revisions that strengthen the paper without altering its core claims.

read point-by-point responses

  1. Referee: [Crosswalk Methodology] Crosswalk Methodology section: The central claim that the five-phase crosswalk produces a faithful, non-lossy consolidation of the 154 source obligations into 12 unified controls underpins the reported 91.7% average coverage and 45.9% evidence reduction. The manuscript provides no explicit mapping table, conflict-resolution rules (e.g., for high-risk EU AI Act requirements on human oversight or data governance), or quantitative fidelity/loss metrics, so it is not possible to verify that obligations are preserved without dilution of specificity or auditability.

    Authors: We acknowledge that while Section 3 describes the five-phase crosswalk (extraction, semantic alignment, conflict identification, unification, and traceability), the main text does not include the full obligation-to-control mapping table or explicit conflict-resolution rules. The public governance engine encodes the complete crosswalk and supports replication, but to enable direct verification of non-lossy consolidation, we will add a new appendix containing: (1) the exhaustive mapping of all 154 obligations to the 12 controls, (2) documented conflict-resolution rules with examples (including high-risk EU AI Act provisions on human oversight and data governance reconciled against ISO/IEC 42001 and NIST), and (3) quantitative fidelity metrics (e.g., percentage of obligations retained at original specificity and auditability levels). These additions will directly substantiate the 91.7% coverage and 45.9% evidence reduction results. revision: yes

  2. Referee: [Validation section] Validation section (four scenarios): The claim of graceful degradation in partial deployments and the 91.7%/45.9% metrics rest on the representativeness of the four architecturally distinct ITS scenarios. The manuscript should include explicit selection criteria or sensitivity checks to confirm these scenarios adequately capture real-world distributed accountability structures.

    Authors: We agree that the Validation section would benefit from greater transparency on scenario selection. The four scenarios were chosen to span distinct architectural patterns (vehicle-centric, edge-heavy, cloud-dominant, and fully distributed) and accountability distributions typical of ITS, but explicit criteria and sensitivity checks are not currently detailed. In revision, we will add a dedicated subsection listing the selection criteria (architectural tier coverage, stakeholder fragmentation, compliance complexity, and public data availability) and include sensitivity analysis results showing metric stability (coverage and evidence reduction) under variations in scenario parameters. The open-source release of the scenarios and engine already enables independent sensitivity testing. revision: yes

Circularity Check

0 steps flagged

No significant circularity in the UGAF-ITS derivation chain

full rationale

The paper introduces a novel harmonization framework that consolidates 154 obligations into 12 controls via a five-phase crosswalk, allocates them across a three-tier model, and validates the approach using an open-source governance engine on four scenarios. The reported metrics (91.7% coverage, 45.9% evidence reduction) are computed outputs from applying the authors' own crosswalk catalog and tier allocation within the released engine. Because the tool, scenarios, and results are explicitly stated to be publicly available for independent replication, these outputs do not reduce to the inputs by construction. No self-citations appear as load-bearing premises, no uniqueness theorems are imported from prior author work, and no parameters are fitted to data then relabeled as predictions. The derivation chain remains self-contained and externally auditable.

Axiom & Free-Parameter Ledger

2 free parameters · 1 axioms · 1 invented entities

The framework rests on design choices for the number and grouping of controls plus the assumption that obligations can be mapped without material loss of regulatory intent.

free parameters (2)
  • Number of unified controls = 12
    Selected via the five-phase crosswalk to consolidate 154 obligations; chosen by hand rather than derived from data.
  • Number of governance domains = 8
    Defined to organize the 12 controls; a design decision.
axioms (1)
  • domain assumption Obligations from ISO/IEC 42001, EU AI Act, and NIST AI RMF can be crosswalked into unified controls without significant loss of meaning or enforceability.
    Central to the five-phase methodology described in the abstract.
invented entities (1)
  • UGAF-ITS framework no independent evidence
    purpose: Provides the 12 unified controls, three-tier operating model, and 20-artifact evidence backbone for multi-framework ITS governance.
    Newly introduced construct whose value is demonstrated through the reported validation metrics.

pith-pipeline@v0.9.0 · 5589 in / 1567 out tokens · 77050 ms · 2026-05-10T18:54:50.218040+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

36 extracted references · 36 canonical work pages

  1. [1]

    rep., International Organization for Standardization, Geneva, Switzerland (2023)

    ISO/IEC, ISO/IEC 42001:2023 – Information technology – Artificial intelligence – Management system, Tech. rep., International Organization for Standardization, Geneva, Switzerland (2023)

    work page 2023

  2. [2]

    European Parliament and Council, Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI Act), Official Journal of the European Union (2024). 20

    work page 2024

  3. [3]

    European Commission, AI Act: Application timeline and key dates,https://digital-strategy.ec.europ a.eu/en/policies/regulatory- framework- ai, accessed: 2026-01-02 (2024)

    work page 2026

  4. [4]

    National Institute of Standards and Technology, AI Risk Management Framework (AI RMF 1.0), Tech. Rep. NIST AI 100-1, NIST, Gaithersburg, MD, USA (2023)

    work page 2023

  5. [5]

    Sarker, H

    A. Sarker, H. Shen, M. Rahman, M. Chowdhury, K. Dey, F. Li, Y . Wang, H. S. Narman, A review of sensing and communication, human factors, and controller aspects for information-aware connected and automated vehicles, IEEE Transactions on Intelligent Transportation Systems 21 (1) (2020) 7–29

    work page 2020

  6. [6]

    ETSI, ETSI TR 103 592: Intelligent Transport Systems (ITS); Use of AI in ITS (2021)

    work page 2021

  7. [7]

    Burton, L

    S. Burton, L. Gauerhof, C. Heinzemann, Making the case for safety of machine learning in highly automated driving, in: Computer Safety, Reliability, and Security, Springer International Publishing, 2017, pp. 5–16

    work page 2017

  8. [8]

    rep., International Organization for Standardization, Geneva, Switzerland (2024)

    ISO, ISO/PAS 8800:2024 – Road vehicles – Safety and ar- tificial intelligence, Tech. rep., International Organization for Standardization, Geneva, Switzerland (2024)

    work page 2024

  9. [9]

    Pollard, E

    J. Pollard, E. Iannopollo, C. Scott, A. Valente, Forrester’s AEGIS Framework: The New Standard for AI Gover- nance, Forrester Blog, published: Oct. 22, 2025 (Oct. 2025). URLhttps://www.forrester.com/blogs/forres ter-aegis-the-new-standard-for-ai-governanc e/

    work page 2025

  10. [10]

    I. W. Eisenberg, L. Gamboa, E. Sherman, The Uni- fied Control Framework: Establishing a Common Foundation for Enterprise AI Governance, Risk Man- agement and Regulatory Compliance, arXiv preprint, arXiv:2503.05937v1 (Mar. 2025). URLhttps://arxiv.org/abs/2503.05937

    work page arXiv 2025

  11. [11]

    Chaudhary, How Can ISO/IEC 42001 & NIST AI RMF Help Comply with the EU AI Act?, Cloud Security Al- liance Blog, published: Jan

    A. Chaudhary, How Can ISO/IEC 42001 & NIST AI RMF Help Comply with the EU AI Act?, Cloud Security Al- liance Blog, published: Jan. 29, 2025 (Jan. 2025). URLhttps://cloudsecurityalliance.org/blog /2025/01/29/how-can-iso-iec-42001-nist-ai-r mf-help-comply-with-the-eu-ai-act

    work page 2025

  12. [12]

    J. Yang, Y . Han, A. Guha, J. Chen, V . Zhao, C. Srinivasa, T. Y . Zhuo, M. Li, PASTA: A framework for multi-policy ai system trustworthiness assessment, arXiv:2601.11702 (2026). URLhttps://arxiv.org/abs/2601.11702

    work page arXiv 2026

  13. [13]

    Sovrano, E

    F. Sovrano, E. Hine, S. Anzolut, A. Bacchelli, Simplifying software compliance: AI technologies in drafting techni- cal documentation for the AI Act, Empirical Software En- gineering 30 (4) (2025) 91.doi:10.1007/s10664-025 -10645-x

    work page doi:10.1007/s10664-025 2025

  14. [14]

    Nelson, C

    J. Nelson, C. Lin, Responsible AI system development in automotive applications: A framework, Tech. rep., SAE International (2025)

    work page 2025

  15. [15]

    Carlton, Y

    N. Carlton, Y . Eshete, NIST AI RMF Traffic Sign Recognition Profile for Autonomous Vehicles, University of Michigan, available: https://github.com/um-dsp/NIST- AI-RMF-Traffic-Sign-Recognition-Profile (2025)

    work page 2025

  16. [16]

    rep., International Organization for Standardization, Geneva, Switzerland (2023)

    ISO/IEC, ISO/IEC 23894:2023 – Artificial intelligence – Guidance on risk management, Tech. rep., International Organization for Standardization, Geneva, Switzerland (2023)

    work page 2023

  17. [17]

    IEEE Access9, 28177–28193 (2021)

    G. Stettinger, P. Weissensteiner, S. Khastgir, Trustworthi- ness assurance assessment for high-risk ai-based systems, IEEE Access 12 (2024) 22718–22745.doi:10.1109/AC CESS.2024.3364387

    work page doi:10.1109/ac 2024

  18. [18]

    Anti-saturation coordination control of permanent magnet synchronous wind power system.IEEE Access, 11:33428–33441, 2023

    V . Chamola, V . Hassija, A. R. Sulthana, D. Ghosh, D. Dhingra, B. Sikdar, A review of trustworthy and ex- plainable artificial intelligence (xai), IEEE Access 11 (2023) 78994–79015.doi:10.1109/ACCESS.2023. 3294569

    work page doi:10.1109/access.2023 2023

  19. [19]

    rep., International Organization for Standardization, Geneva, Switzerland (2020)

    ISO, ISO 21217:2020 – Intelligent transport systems – Station and communication architecture, Tech. rep., International Organization for Standardization, Geneva, Switzerland (2020)

    work page 2020

  20. [20]

    rep., European Telecommunications Standards Institute, v1.1.1 (2010-09) (2010)

    ETSI, ETSI EN 302 665 V1.1.1 – Intelligent Transport Systems (ITS); Communications Architecture, Tech. rep., European Telecommunications Standards Institute, v1.1.1 (2010-09) (2010). URLhttps://www.etsi.org/deliver/etsi_en/3 02600_302699/302665/01.01.01_60/en_302665v 010101p.pdf

    work page 2010

  21. [21]

    Department of Transportation, Architecture Ref- erence for Cooperative and Intelligent Transportation (ARC-IT), Tech

    U.S. Department of Transportation, Architecture Ref- erence for Cooperative and Intelligent Transportation (ARC-IT), Tech. rep., USDOT, version 9.3 (2023)

    work page 2023

  22. [22]

    A Survey of Autonomous Driving: Common Practices and Emerging Technologies,

    E. Yurtsever, J. Lambert, A. Carballo, K. Takeda, A survey of autonomous driving: Common practices and emerging technologies, IEEE Access 8 (2020) 58443–58469.doi: 10.1109/ACCESS.2020.2983149

    work page doi:10.1109/access.2020.2983149 2020

  23. [23]

    Robles, D

    P. Robles, D. J. Mallinson, Advancing AI governance with a unified theoretical framework: A systematic review, Per- spectives on Public Management and Governance (2025). doi:10.1093/ppmgov/gvaf013

    work page doi:10.1093/ppmgov/gvaf013 2025

  24. [24]

    Golpayegani, H

    D. Golpayegani, H. J. Pandit, D. Lewis, AIRO: An on- tology for representing ai risks based on the proposed EU AI Act and ISO risk management standards, in: To- wards a Knowledge-Aware AI (Semantic Web), 2022. doi:10.3233/SSW220008

    work page doi:10.3233/ssw220008 2022

  25. [25]

    Hernandez, D

    J. Hernandez, D. Golpayegani, D. Lewis, An open knowl- edge graph-based approach for mapping concepts and re- quirements between the eu ai act and international stan- dards, AI and Ethics (2025) 4463–4474. 21

    work page 2025

  26. [26]

    T. A. Butt, M. Iqbal, N. Arshad, From policy to pipeline: A governance framework for AI development and op- erations pipelines, IEEE Access 14 (2026) 1373–1397. doi:10.1109/ACCESS.2025.3647479

    work page doi:10.1109/access.2025.3647479 2026

  27. [27]

    L. E. Sánchez, A. Santos-Olmo, D. G. Rosado, C. Blanco, M. A. Serrano, H. Mouratidis, E. Fernández-Medina, MARISMA: A modern and context-aware framework for assessing and managing information cybersecurity risks, Computer Standards & Interfaces 92 (2025) 103935.do i:10.1016/j.csi.2024.103935

    work page doi:10.1016/j.csi.2024.103935 2025

  28. [28]

    S. N. M. García, A. Sánchez-Cabrera, E. Schiavone, A. Skarmeta, Integrating the manufacturer usage descrip- tion standard in the modelling of cyber-physical systems, Computer Standards & Interfaces 87 (2024) 103777.do i:10.1016/j.csi.2023.103777

    work page doi:10.1016/j.csi.2023.103777 2024

  29. [29]

    I. Naja, M. Markovic, P. Edwards, W. Pang, C. Cottrill, R. Williams, Using knowledge graphs to unlock practi- cal collection, integration, and audit of ai accountabil- ity information, IEEE Access 10 (2022) 74383–74411. doi:10.1109/ACCESS.2022.3188967

    work page doi:10.1109/access.2022.3188967 2022

  30. [30]

    Kreuzberger, N

    D. Kreuzberger, N. Kühl, S. Hirschl, Machine learning operations (mlops): Overview, definition, and architec- ture, IEEE Access 11 (2023) 31866–31879.doi:10.1 109/ACCESS.2023.3262138

    work page arXiv 2023

  31. [31]

    Wazid, J

    M. Wazid, J. Singh, C. Pandey, R. S. Sherratt, A. K. Das, D. Giri, Y . Park, Explainable deep learning- enabled malware attack detection for iot-enabled intelli- gent transportation systems, IEEE Transactions on Intelli- gent Transportation Systems 26 (5) (2025) 7231–7244

    work page 2025

  32. [32]

    Roads and Transport Authority (RTA), Dubai RTA Artifi- cial Intelligence Strategy 2030, Roads and Transport Au- thority, Government of Dubai (Apr. 2025). URLhttps://www.rta.ae/wps/portal/rta/ae/h ome/news-and-media/all-news/NewsDetails/la unching-ai-strategy-2030-featuring-81-proje cts-and-initiatives

    work page 2030

  33. [33]

    Batool, D

    A. Batool, D. Zowghi, M. Bano, Ai governance: A sys- tematic literature review, AI and Ethics 5 (2025) 3265– 3279

    work page 2025

  34. [34]

    Avianti, S

    I. Avianti, S. Handoyo, A bibliometric analysis of gover- nance, risk, and compliance (grc): Trends, themes, and future directions, Humanities and Social Sciences Com- munications 12 (2025) 1945

    work page 2025

  35. [35]

    CEN/CENELEC, prEN 18286 – Artificial intelligence – Requirements for bodies providing audit, assessment, and certification of AI systems, Tech. rep., European Com- mittee for Standardization, public enquiry stage, October 2025; first harmonised standard for AI under the EU AI Act targeting Article 17 quality management (2025)

    work page 2025

  36. [36]

    rep., International Organization for Standardization, Geneva, Switzerland (2025)

    ISO/IEC, ISO/IEC 42005:2025 – Information technology – Artificial intelligence – AI system impact assessment, Tech. rep., International Organization for Standardization, Geneva, Switzerland (2025). 22

    work page 2025