ISO/IEC TR 24028/29

ISO/IEC TR 24028 and 24029 are technical reports from ISO/IEC providing guidance for artificial intelligence systems. ISO/IEC TR 24028:2020, 'Artificial intelligence — Trustworthiness,' offers a conceptual framework for AI trustworthiness, covering aspects like ethics, transparency, explainability, privacy, security, reliability, and resilience. The ISO/IEC TR 24029 series, including TR 24029-1:2021 'Artificial intelligence — Assessment of the robustness of neural networks' and TR 24029-2:2023 'Artificial intelligence — Assessment of the robustness of machine learning models,' focuses on evaluating the robustness of AI models against adversarial attacks or anomalous inputs. These reports, developed by ISO/IEC JTC 1/SC 42 (Artificial intelligence), lay the groundwork for future AI standards and complement information security standards like the ISO 27000 series, helping organizations understand and manage AI-related risks. They serve as guidance rather than mandatory standards.

Enterprises can integrate ISO/IEC TR 24028/29 into their risk management frameworks to address AI challenges. First, **Risk Assessment**: Identify potential AI system risks in ethics, security, privacy (e.g., aligning with GDPR Article 5 principles), and reliability, using TR 24028's trustworthiness framework. Concurrently, assess model robustness with TR 24029, performing adversarial attack tests. Second, **Control Measure Design**: Implement controls based on TR 24028's recommendations, such as data anonymization, model explainability mechanisms, and robust security testing. For example, a fintech company implementing TR 24028/29 integrated AI credit scoring model robustness assessments into its development pipeline. Through adversarial testing, the model's error rate under specific attacks was reduced from 15% to 5%, significantly enhancing reliability. Third, **Governance Framework Establishment**: Integrate AI risk management into the enterprise's overall risk management system (e.g., ISO 31000), define responsibilities, and establish an AI ethics committee. This approach can lead to a 10-15% improvement in AI compliance (e.g., with the EU AI Act), a 20% reduction in AI-related risk incidents, and higher audit pass rates.

Taiwanese enterprises face several challenges in implementing ISO/IEC TR 24028/29. First, **Regulatory Awareness and Translation**: Taiwan lacks specific AI legislation, leading to insufficient understanding of international standards like the EU AI Act and difficulty translating TR guidance into local practices. Second, **Technology and Talent Gap**: There's a shortage of professionals with expertise in AI ethics, robustness assessment, and security testing, coupled with high costs for relevant tools and technologies. Third, **Organizational Culture and Resource Constraints**: SMEs often have limited resources, making it challenging to invest heavily in AI governance and risk management, and internal AI risk awareness may be low. To overcome these, enterprises should: **Enhance Regulatory Research and Training** by actively participating in international AI regulatory discussions and leveraging external consultants to align TR 24028/29 with local regulations (e.g., Personal Data Protection Act), developing tailored implementation guidelines. **Engage External Expertise and Collaboration** by partnering with academic institutions or consulting firms to bring in AI ethics and security experts, or investing in automated AI risk assessment tools to lower technical barriers. **Phased Implementation and Executive Support** by piloting high-risk AI applications, gradually expanding, and securing executive commitment and resources for AI governance, integrating it into the company's ESG strategy. Initial assessment and planning typically take 3-6 months, pilot implementation and optimization 6-12 months, and full rollout 1-2 years.

Winners Consulting specializes in ISO/IEC TR 24028/29 for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact