ISO/IEC 23894

Guidance on AI-specific risk management for organizations developing or using AI systems.

Reviewed by Christian Espinosa, Founder, Blue Goat CyberLast reviewed May 5, 2026

Definition

ISO/IEC 23894:2023 provides AI-specific guidance on risk management aligned with ISO 31000, addressing risks unique to AI such as bias, opacity, data drift, and autonomy.

What this means in practice

Often used alongside ISO 14971 for medical AI: 14971 covers patient harm; 23894 broadens to organizational and AI-system risks. Helpful for EU AI Act conformity narratives.

Cross-references

Overlaps with

Covers some of the same ground; not interchangeable.

ISO 14971

Primary references

3 sources

Link health: 3 verified· last checked 2026-05-09

ISO·2IEC·1

Inline markers like [1] jump to the matching reference above.

On this term

Category: Standards
Sources: 3
Updated: 5/5/2026

Compare with another term

Learn in 60 seconds

Guidance on AI-specific risk management for organizations developing or using AI systems.

·Often used alongside ISO 14971 for medical AI: 14971 covers patient harm; 23894 broadens to organizational and AI-system risks.
·Helpful for EU AI Act conformity narratives.

Remember this

Guidance on AI-specific risk management for organizations developing or using AI systems.

Related terms

You may also need

Auto-suggested from Standards and shared keywords.

All Standards terms

From the Blue Goat network

Related resources and services on this topic.