Skip to main content
NOPE
In Effect Standard AI Safety Context Relevance

ISO 23894

ISO/IEC 23894:2023 — AI Risk Management Guidance

AI risk management guidance complementing ISO 31000. Lifecycle risk management; audit/procurement language.

Jurisdiction

International

INTL

Enacted

Unknown

Effective

Feb 6, 2023

Enforcement

Not specified

Who Must Comply

This law applies to:

  • Organizations implementing AI risk management

Who bears obligations:

DeveloperDeployer

This regulation places direct obligations on deployers (organizations using AI systems).

Safety Provisions

  • AI risk identification, analysis, evaluation, treatment
  • Lifecycle framing (design → deployment → monitoring)
  • Documentation for audits/procurement

Quick Facts

Binding
No
Mental Health Focus
No
Child Safety Focus
No
Algorithmic Scope
Yes

Why It Matters

Recognized risk-management backbone. Complements ISO 42001 management systems focus.

What You Need to Comply

You need: AI risk management process, documented controls, monitoring evidence, continuous improvement.

NOPE can help

Cite This

APA

International. (2023). ISO/IEC 23894:2023 — AI Risk Management Guidance. Retrieved from https://nope.net/regs/iso-23894

BibTeX

@misc{iso_23894,
  title = {ISO/IEC 23894:2023 — AI Risk Management Guidance},
  author = {International},
  year = {2023},
  url = {https://nope.net/regs/iso-23894}
}

Related Regulations

In Effect INTL AI Safety

ISO 42001

First certifiable international standard for AI management systems. Uses Plan-Do-Check-Act methodology. Third-party certification available; major AI systems have achieved certification.

In Effect INTL AI Safety

UNESCO AI Ethics

Global normative framework adopted by all 193 UN Member States. Policy Area 8 (Health and Social Wellbeing) directly addresses mental health AI.

In Effect AU-UNION AI Safety

AU AI Strategy

Continent-wide AI strategy endorsed by African Union Executive Council covering 55 member states. Phased implementation 2025-2030. Phase I (2025-2026) focuses on creating governance frameworks, developing national AI strategies, resource mobilization, and capacity building. Aims to harmonize AI development across Africa while respecting member state sovereignty.

In Effect BN Data Protection

Brunei PDPO

Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.

In Effect IN Data Protection

India DPDP Act

STRICTEST children's provisions in APAC. Children = under 18; verifiable parental consent MANDATORY; PROHIBITION on tracking, behavioral monitoring, targeted advertising to children.

In Effect CARICOM Data Protection

CARICOM CCSCAP 2025

CARICOM's 2025 regional cyber security framework establishing digital safety culture and coordinated incident response across 18 member states.

Back to all regulations Check if this applies to you