ISO 23894:2023 provides guidance for identifying, assessing, and mitigating risks specific to AI systems. It builds upon general risk management principles (ISO 31000, ISO 27005) by focusing on AI-centric hazards such as data
bias, lack of explainability, model drift, and adversarial attacks and prescribing controls tailored to these risks. The standard does not itself impose certification requirements but serves as a prescriptive framework for robust, AI focused risk management.