ISO IEC TR 24028-2020 PDF

Full title and description

ISO/IEC TR 24028:2020 — Information technology — Artificial intelligence — Overview of trustworthiness in artificial intelligence. This technical report surveys concepts, attributes and practical considerations related to the trustworthiness of AI systems, including transparency, explainability, controllability, reliability, safety, security and privacy; it is intended as a non‑normative overview to inform designers, implementers and decision makers.

Abstract

This technical report provides a broad survey of topics related to trustworthiness in AI systems: approaches to establish trust (transparency, explainability, controllability), engineering pitfalls and typical threats/risks with mitigation techniques, and approaches to assess and achieve availability, resiliency, reliability, accuracy, safety, security and privacy. It explicitly excludes prescriptive specification of trustworthiness levels.

General information

• Status: Published.
• Publication date: 28 May 2020.
• Publisher: ISO/IEC (International Organization for Standardization and International Electrotechnical Commission), developed by ISO/IEC JTC 1/SC 42.
• ICS / categories: 35.020 (Information technology).
• Edition / version: Edition 1.0 (2020).
• Number of pages: 43 pages.

Scope

ISO/IEC TR 24028:2020 is intended as an informative overview of trustworthiness concepts for AI systems. It surveys high‑level characteristics, common failure modes, threats and mitigation approaches across AI lifecycles, and suggests assessment directions. The report does not provide normative requirements, concrete metrics or formal levels of trustworthiness; instead, it aims to help stakeholders understand the space and to support further standards, guidance and organizational practices.

Key topics and requirements

• Definitions and concepts of trustworthiness attributes (transparency, explainability, accountability, fairness, robustness, resilience, privacy, security, safety).
• Approaches to transparency and explainability for model behavior and decision rationale.
• Engineering pitfalls, typical threats and risk sources in AI systems (data issues, distribution shift, adversarial inputs, model misuse).
• Mitigation techniques and practices (data governance, validation, monitoring, adversarial testing, secure design).
• Availability, resiliency and reliability considerations for AI service operation and deployment.
• Security and privacy protections specific to AI (privacy‑preserving training, secure model handling).
• Human oversight and controllability, including roles and responsibilities and human–AI interaction design.
• Assessment approaches and evidence gathering (documentation, testing, monitoring, lifecycle evidence), with emphasis on informative guidance rather than prescriptive metrics.

Typical use and users

Intended users include AI system designers and architects, machine learning engineers, safety and security teams, product managers, procurement and compliance officers, internal auditors, researchers and standards developers. Organizations use the report to inform governance, risk assessments, product requirements and to align multi‑disciplinary teams around trustworthiness concepts.

Related standards

ISO/IEC TR 24028:2020 sits within a broader ISO/IEC JTC 1/SC 42 AI standards family. Relevant companion and subsequent standards include ISO/IEC 22989 (AI concepts and terminology), ISO/IEC 23053 (framework for AI systems using machine learning), ISO/IEC TR 24029‑1 (robustness assessment for neural networks), ISO/IEC 23894 (guidance on AI risk management) and ISO/IEC 42001 (AI management system). These documents provide terminology, frameworks, risk management guidance and management‑system requirements that complement the overview in TR 24028.

Keywords

AI trustworthiness, transparency, explainability, reliability, robustness, resilience, safety, security, privacy, accountability, AI governance, risk management, lifecycle assessment.

FAQ

Q: What is this standard?

A: ISO/IEC TR 24028:2020 is a technical report that provides an informative overview of trustworthiness considerations for artificial intelligence systems; it surveys attributes, threats, mitigation approaches and assessment directions rather than prescribing requirements.

Q: What does it cover?

A: It covers high‑level concepts such as transparency, explainability, controllability, safety, security, privacy, reliability and resilience; common engineering pitfalls and threat types; and suggested approaches for assessment and mitigation across AI lifecycles. It does not define prescriptive metrics or levels of trustworthiness.

Q: Who typically uses it?

A: Practitioners and decision makers — AI engineers, system architects, product owners, risk and compliance teams, auditors, researchers and standards developers — use the report to align understanding and inform risk‑based governance and engineering practices.

Q: Is it current or superseded?

A: As published in May 2020, ISO/IEC TR 24028:2020 remains a published technical report providing an informative overview. It has not been identified as formally superseded; however, subsequent ISO/IEC AI standards and guidance (for example risk management and management‑system standards published after 2020) expand on topics introduced in the TR and should be consulted for more detailed or normative guidance.

Q: Is it part of a series?

A: It is part of the ISO/IEC JTC 1/SC 42 suite of AI standards and technical reports that collectively address terminology, frameworks, risk management, robustness, management systems and other AI assurance topics. TR 24028 serves as an overview that complements these more specific documents.

Q: What are the key keywords?

A: Trustworthiness, transparency, explainability, accountability, robustness, reliability, safety, security, privacy, governance, risk management, lifecycle assessment.