ISO/IEC TR 24028:2020: Overview of trustworthiness in artificial intelligence
ISO/IEC TR 24028:2020 “Overview of trustworthiness in artificial intelligence” is a foundational Technical Report that provides a comprehensive framework for understanding trustworthiness in AI systems. Published in May 2020 by ISO/IEC JTC 1/SC 42 (Artificial Intelligence), this document serves as a cornerstone for the international AI standards landscape, establishing a shared vocabulary and conceptual foundation for evaluating whether AI-enabled systems can be trusted.
The standard defines trustworthiness as “the ability to meet stakeholders’ expectations in a verifiable way” and catalogs the key properties that contribute to building and maintaining trust in AI systems throughout their lifecycle.
Role in the AI Standards Ecosystem
ISO/IEC TR 24028 plays a critical role within the broader ISO/IEC AI standards framework:
- Foundation for AI standards: Identifies standardization gaps and provides conceptual grounding for subsequent standards development
- Alignment with terminology: Harmonized with ISO/IEC 22989:2022 (AI concepts and terminology) and ISO/IEC 5723:2022 (trustworthiness vocabulary)
- Supports implementation standards: Informs practical standards including ISO/IEC 42001:2024 (AI management systems), ISO/IEC 23894:2023 (AI risk management), and ISO/IEC 25059:2023 (AI system quality model)
- Cross-sector applicability: Provides guidance relevant to organizations, auditors, regulators, and developers across all industries implementing AI systems
Scope and Coverage
ISO/IEC TR 24028 surveys topics essential to understanding and implementing trustworthy AI systems:
| Topic Area | Coverage | Key Considerations |
|---|---|---|
| Trustworthiness Foundations | Definitions, concepts, and working frameworks for AI trustworthiness | Establishes what trustworthiness means in AI contexts; stakeholder expectations |
| Existing Frameworks | Survey of approaches from other technical domains applicable to AI | Traditional system assurance methods; their applicability and limitations for AI |
| Stakeholder Perspectives | Identification of AI system stakeholders and their concerns | Users, developers, operators, regulators, affected persons; their distinct expectations |
| High-Level Concerns | Responsibility, accountability, governance, and safety considerations | Governance frameworks; accountability chains; ethical and legal obligations |
| Vulnerabilities & Threats | AI-specific security risks and failure modes | Adversarial attacks, data poisoning, model extraction, bias amplification |
| Mitigation Measures | Techniques and methods to improve AI system trustworthiness | Testing strategies, monitoring approaches, control mechanisms across the AI lifecycle |
Trustworthiness Properties
The technical report identifies multiple dimensions of trustworthiness that AI systems should address:
Core Technical Properties:
- Reliability: Consistent behavior under expected conditions; enforced through testing, change control, and service-level monitoring
- Robustness: Graceful handling of noise, variability, and certain malicious inputs without catastrophic failure; validated through stress testing and adversarial probes
- Safety: Avoidance of unacceptable risk of harm to people, property, or environment
- Security: Resistance to tampering, fraud, and unauthorized access
- Privacy: Respect for data protection principles; minimization of exposure of personal or sensitive information
Governance and Societal Properties:
- Accountability: Clear lines of responsibility with evidence of decisions and approvals
- Transparency: Stakeholders can understand system capabilities, limitations, and decision-making processes
- Explainability: Ability to provide comprehensible explanations for AI system outputs and behaviors
- Fairness: Avoidance of unjust bias and discriminatory impact; equitable treatment across protected groups
Operational Properties:
- Availability: System accessibility and operational readiness when needed
- Resiliency: Ability to maintain operations or recover quickly from disruptions
- Accuracy: Correctness of outputs relative to ground truth or intended outcomes
- Integrity: Authenticity and completeness of data and models
- Controllability: Mechanisms to intervene, override, or halt AI system operations when necessary
Structure and Organization
ISO/IEC TR 24028:2020 comprises 10 clauses and 1 annex:
Key Clauses
Clause 1: Scope Defines the boundaries of the technical report and its intended use in surveying trustworthiness topics for AI systems.
Clause 4: Overview Provides contextual background on AI systems and trustworthiness considerations, establishing the conceptual foundation for subsequent clauses.
Clause 5: Existing Frameworks Applicable to Trustworthiness Surveys approaches from traditional systems engineering and other technical domains, evaluating their applicability to AI systems. Discusses strengths and limitations of established assurance frameworks when applied to machine learning and data-driven AI.
Clause 6: Stakeholders Identifies key stakeholder groups with interests in AI system trustworthiness: developers, deployers, users, operators, regulators, and affected persons. Recognizes that different stakeholders have distinct trustworthiness expectations and requirements.
Clause 7: Recognition of High-Level Concerns Examines considerations related to responsibility, accountability, governance, and safety of AI systems. Emphasizes the importance of governance frameworks that clearly define responsibilities and accountability chains among stakeholders.
Clause 8: Vulnerabilities, Threats, and Challenges Catalogs AI-specific vulnerabilities that can reduce trustworthiness:
- Data-related threats: Bias in training data, data poisoning attacks, distribution shift between training and deployment
- Model-related threats: Adversarial examples, model extraction, membership inference attacks
- Deployment threats: Concept drift, environmental variations, integration vulnerabilities
- Societal challenges: Unintended consequences, fairness issues, lack of transparency
Clause 9: Mitigation Measures Identifies practical approaches to improve AI system trustworthiness:
- Development practices: Rigorous data quality management, diverse training data, validation and testing protocols
- Assurance techniques: Robustness testing, adversarial probing, fairness audits, safety analysis
- Operational controls: Monitoring and logging, human oversight, fallback mechanisms, incident response
- Governance mechanisms: Clear accountability structures, ethical guidelines, stakeholder engagement
Clause 10: Conclusions Synthesizes findings and highlights the multi-faceted nature of AI trustworthiness, emphasizing that no single property or technique suffices; trustworthiness requires holistic attention across technical, governance, and societal dimensions.
Annex A (Informative): Related Work on Societal Issues Surveys relevant work addressing broader societal considerations of AI systems beyond purely technical aspects.
AI-Specific Trustworthiness Challenges
ISO/IEC TR 24028 recognizes that AI systems, particularly those based on machine learning, face unique trustworthiness challenges distinct from traditional software:
Data Dependencies
Training Data Quality: AI system behavior is fundamentally shaped by training data; biased, incomplete, or poisoned data directly compromises trustworthiness.
Distribution Shift: AI systems may fail when deployment conditions differ from training conditions, requiring ongoing monitoring and adaptation.
Opacity and Explainability
Black-Box Nature: Deep learning models often lack interpretability, making it difficult to understand why specific outputs were produced or to predict behavior in novel situations.
Debugging Complexity: Traditional debugging approaches are insufficient for diagnosing AI system failures, which may stem from subtle patterns in data rather than explicit code errors.
Adversarial Vulnerabilities
Adversarial Examples: Carefully crafted inputs can cause AI systems to produce incorrect outputs with high confidence, representing a unique attack surface.
Arms Race: The continuous cycle of new adversarial attacks and defenses creates ongoing security challenges without definitive solutions.
Emergent Behavior
Unintended Consequences: AI systems may learn unintended strategies or exhibit behaviors not anticipated during development, requiring extensive testing and monitoring.
Societal Impact: AI systems can have far-reaching societal effects including fairness issues, job displacement, and shifts in decision-making authority.
Relationship to Other Standards
ISO/IEC TR 24028 is foundational to the ISO/IEC AI standards portfolio:
ISO/IEC 22989:2022 - AI concepts and terminology: Provides consistent terminology used in TR 24028
ISO/IEC 42001:2024 - AI management systems: Builds on TR 24028’s trustworthiness framework to define management system requirements
ISO/IEC 23894:2023 - AI risk management: Operationalizes TR 24028’s vulnerability and mitigation guidance into systematic risk management processes
ISO/IEC 25059:2023 - AI system quality model: Extends traditional software quality models with AI-specific considerations informed by TR 24028
ISO/IEC 5723:2022 - Trustworthiness vocabulary: Provides formal definitions for trustworthiness terms used in TR 24028
ISO/IEC TR 5469:2024 - AI functional safety: Addresses safety aspects highlighted in TR 24028 for safety-critical applications
Quality Attributes Required or Emphasized
ISO/IEC TR 24028 directly addresses multiple quality attributes essential for trustworthy AI systems:
| Quality Attribute | Relevance in ISO/IEC TR 24028 |
|---|---|
| Reliability | Core trustworthiness property: AI systems must behave consistently under expected conditions; requires rigorous testing, validation, and ongoing monitoring throughout deployment. |
| Robustness | Critical for handling variability and adversarial inputs; validated through stress testing, boundary analysis, and adversarial probing; safe fallback modes when operating outside trained envelope. |
| Safety | High-level concern addressing avoidance of harm to people, property, or environment; requires hazard analysis, safety testing, and human oversight mechanisms, particularly for safety-critical applications. |
| Security | Protection against AI-specific threats including adversarial examples, model extraction, data poisoning, and privacy attacks; requires security-by-design and continuous vulnerability assessment. |
| Privacy | Data protection and minimization principles; defense against membership inference and model inversion attacks; compliance with privacy regulations like GDPR. |
| Accountability | Clear responsibility chains and governance structures; auditability of decisions; evidence trails for regulatory compliance and stakeholder trust. |
| Transparency | Stakeholder understanding of system capabilities, limitations, and decision processes; documentation of data sources, model architectures, and performance characteristics. |
| Explainability | Ability to provide comprehensible explanations for AI outputs; critical for high-stakes decisions in healthcare, finance, and legal contexts; supports debugging and accountability. |
| Fairness | Avoidance of discriminatory bias; equitable treatment across demographic groups; fairness audits and bias mitigation techniques throughout the AI lifecycle. |
| Accuracy | Correctness of AI outputs relative to ground truth; performance metrics appropriate to application context; ongoing validation as deployment conditions evolve. |
| Availability | Operational readiness and accessibility when needed; resilience to failures and attacks; service-level guarantees for mission-critical applications. |
| Testability | Ability to validate AI system behavior through systematic testing; challenge of achieving comprehensive coverage given vast input spaces and emergent behaviors. |
| Maintainability | Ongoing model updates, retraining, and monitoring to maintain trustworthiness as conditions change; version control and change management for data and models. |
| Compliance | Adherence to AI-specific regulations including EU AI Act, sector-specific requirements (medical devices, automotive), and ethical guidelines; documentation and audit readiness. |
References and Resources
Official ISO/IEC Sources
- ISO/IEC TR 24028:2020 Official Page - ISO catalogue entry with publication details
- ISO/IEC JTC 1/SC 42 - Artificial Intelligence - Technical committee responsible for AI standards
Related ISO/IEC AI Standards
- ISO/IEC 22989:2022 - AI concepts and terminology - Foundational terminology for AI standards
- ISO/IEC 42001:2024 - AI management systems - Management system standard building on TR 24028
- ISO/IEC 23894:2023 - AI risk management - Risk management guidance for AI systems
Implementation Resources
- AI Standards Hub - ISO/IEC TR 24028 - Implementation guidance and resources
- OECD.AI - ISO/IEC TR 24028 Entry - Policy context and implementation examples
- ISO News - Towards a Trustworthy AI - Background on ISO’s AI trustworthiness initiatives
Industry Analysis
- SG Systems Global - ISO/IEC TR 24028 Overview - Practical interpretation and application guidance
- Nemko - Understanding ISO/IEC TR 24028 - Detailed standard analysis and conformance guidance