oSIST prEN 18228:2026

SLOVENSKI STANDARD
01-julij-2026
Obvladovanje tveganj AI
AI Risk Management
Risikomanagement für Künstliche Intelligenz
Gestion des risques liés à l'IA
Ta slovenski standard je istoveten z: prEN 18228
ICS:
35.240.01 Uporabniške rešitve Application of information
informacijske tehnike in technology in general
tehnologije na splošno
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD DRAFT
NORME EUROPÉENNE
EUROPÄISCHE NORM
May 2026
ICS 35.240.01
English version
AI Risk Management
Gestion des risques liés à l'IA Risikomanagement für Künstliche Intelligenz
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/CLC/JTC 21.
If this draft becomes a European Standard, CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal
Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any
alteration.
This draft European Standard was established by CEN and CENELEC in three official versions (English, French, German). A
version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language
and notified to the CEN-CENELEC Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.Recipients of this draft are invited to submit, with their comments, notification
of any relevant patent rights of which they are aware and to provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.

CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2026 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. prEN 18228:2026 E
reserved worldwide for CEN national Members and for
CENELEC Members.
1 Contents Page
2 European foreword . 4
3 Introduction . 5
4 1 Scope . 6
5 2 Normative references . 6
6 3 Terms and definitions . 6
7 4 Requirements for the risk management system . 21
8 4.1 Risk management process . 21
9 4.2 Management responsibilities . 22
10 4.2.1 Risk management process implementation and review . 22
11 4.2.2 Risk management policy for establishing the risk acceptability criteria . 23
12 4.3 Competence of personnel . 24
13 4.4 Risk acceptability criteria . 24
14 4.4.1 General requirements for risk acceptability criteria . 24
15 4.4.2 Process for establishing and updating risk acceptability criteria for residual risk. 25
16 4.4.3 Process for establishing risk acceptability criteria for the overall residual risk . 27
17 4.5 Risk management plan . 28
18 4.6 Risk management file . 29
19 5 Risk management process and AI system life cycle . 30
20 6 Risk analysis . 32
21 6.1 General. 32
22 6.2 Risk identification . 33
23 6.2.1 Intended purpose . 33
24 6.2.2 Reasonably foreseeable misuse . 34
25 6.2.3 Identification of the AI system’s characteristics related to risks . 34
26 6.2.4 Identification of hazards, risk scenarios and hazardous situations. 36
27 6.3 Risk estimation . 38
28 7 Risk evaluation . 40
29 8 Testing . 41
30 8.1 General. 41
31 8.2 Test plan . 42
32 8.3 Real-world conditions testing . 43
33 8.4 Test monitoring and test reporting . 44
34 9 Risk control . 44
35 9.1 Hierarchy of risk control . 44
36 9.1.1 General. 44
37 9.1.2 Applying the hierarchy of risk control . 45
38 9.2 Implementation and verification of risk control measures . 47
39 9.3 Residual risk evaluation . 47
40 9.4 Completeness of risk control . 48
41 10 Evaluation of overall residual risk . 48
42 11 Risk management review . 49
43 12 Pre-market and post-market activities . 50
44 12.1 General . 50
45 12.2 Information collection . 50
46 12.3 Information review . 51
47 12.4 Actions to take . 51
48 Annex A (informative) Examples of hazards and related risk scenarios, hazardous situations
49 and harms . 53
50 Annex B (informative) Risk management process and concepts overview . 58
51 B.1 Risk management process . 58
52 B.2 Relationship between hazard, risk scenario, hazardous situation and harm . 60
53 Annex C (informative) Fundamental rights considerations . 62
54 C.1 General . 62
55 C.2 Variation in fundamental rights protection . 62
56 C.3 Establishing risk acceptability criteria for fundamental rights interferences . 64
57 Annex D (informative) Objective evidence in relation to the establishment of risk acceptability
58 criteria . 67
59 Annex E (informative) ISO 31000 . 68
60 Annex ZA (informative) Relationship between this European Standard and the essential
61 requirements of aimed to be covered essential requirements of Regulation
62 2024/1689 aimed to be covered . 69
63 Bibliography . 70
64 European foreword
65 This document (prEN 18228:2026) has been prepared by the Joint Technical Committee CEN-CENELEC/
66 JTC 21 “Artificial Intelligence”, the secretariat of which is held by DS.
67 This document is currently submitted to the CEN Enquiry.
68 This document has been prepared under a standardization request addressed to CEN-CENELEC by the
69 European Commission. The Standing Committee of the EFTA States subsequently approves these
70 requests for its Member States.
71 For the relationship with EU Legislation, see informative Annex ZA, which is an integral part of this
72 document.
73 Introduction
74 This document was developed primarily for providers of AI systems on the basis of established principles
75 of product-safety-focused risk management, in support of EU AI Act regulatory purposes.
76 The requirements contained in this document provides a framework to systematically identify and
77 mitigate the risks associated with the use of AI systems throughout their life cycle. This risk management
78 system is a continuous and iterative process, planned and run throughout the entire life cycle of an AI
79 system, requiring regular systematic review and updating.
80 This document contains processes for managing risks to health, safety and fundamental rights which are
81 associated with AI systems. Risks can also be related to damage to property (for example objects, data,
82 other equipment), the environment and critical infrastructure when they can impact the health, safety
83 and fundamental rights of persons.
84 For the purposes of this document, the concept of risk has two key components:
85 — the probability of occurrence of harm; and
86 — the severity of that harm.
87 The provider reduces risks and makes evaluations of the acceptability of the residual risks. The provider
88 takes into account the generally acknowledged state of the art, in order to determine the suitability of an
89 AI system to be placed on the market for its intended purpose.
90 This document provides a process for:
91 — risk acceptability criteria establishment in the context of the AI system intended purpose and under
92 conditions of reasonably foreseeable misuse;
93 — determining hazards associated with the AI system, analysing and evaluating the risks associated with
94 these hazards;
95 — finally, controlling and mitigating these risks and monitoring the effectiveness of the controls
96 throughout the life cycle of the AI system.
97 For any particular AI system, other standards or regulations can require the application of specific
98 methods for managing risk.
99 1 Scope
100 This document specifies requirements and provides guidance for risk management of AI systems. It
101 specifies terminology, principles and a process for risk management.
102 The process described in this document intends to assist providers of AI systems to identify the hazards
103 associated with the AI systems, to estimate and evaluate the associated risks, to control these risks, and to
104 monitor the effectiveness of the controls. The process described in this document applies to risks to health,
105 safety and fundamental rights associated with an AI system. The process described in this document is
106 applied throughout the life cycle of the AI system.
107 This document requires providers to establish objective criteria for risk acceptability but does not specify
108 acceptable risk levels.
109 This document is intended for use by organizations providing AI systems, regardless of their size, nature
110 or location. This document is not intended for managing risk faced by organizations. This document is
111 intended to support the organization in meeting applicable regulatory requirements.
112 2 Normative references
113 The following documents are referred to in the text in such a way that some or all of their content
114 constitutes requirements of this document. For dated references, only the edition cited applies. For
115 undated references, the latest edition of the referenced document (including any amendments) applies.
116 prEN 18229-1:20XX, AI trustworthiness framework — Part 1: Logging, transparency and human oversight
117 3 Terms and definitions
118 For the purposes of this document, the following terms and definitions apply.
119 ISO and IEC maintain terminology databases for use in standardization at the following addresses:
120 — ISO Online browsing platform: available at https://www.iso.org/obp/
121 — IEC Electropedia: available at https://www.electropedia.org/
122 3.1 Terms relating to the AI Act
123 3.1.1
124 AI system
125 Artificial intelligence system
126 machine-based system that is designed to operate with varying levels of autonomy and that can exhibit
127 adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it
128 receives, how to generate outputs such as predictions, content, recommendations, or decisions that can
129 influence physical or virtual environments
130 [SOURCE: REGULATION (EU) 2024/1689, Article 3(1), modified — removed “means a”, “may” replaced
131 by “can”]
132 3.1.2
133 intended purpose
134 use for which an AI system (3.3.1) is intended by the provider (3.1.5), including the specific context and
135 conditions of use, as specified in the information supplied by the provider (3.1.5) in the instructions for
136 use, promotional or sales materials and statements, as well as in the technical documentation
137 Note 1 to entry: Technical documentation is not accompanying documentation (3.2.1). Information on technical
138 documentation can be found in Article 11 of the EU AI Act [1].
139 [SOURCE: REGULATION (EU) 2024/1689, Article 3(12), modified — removed “means the”, note to entry
140 added]
141 3.1.3
142 reasonably foreseeable misuse
143 use of an AI system (3.1.1) in a way that is not in accordance with its intended purpose (3.1.2), but which
144 can result from reasonably foreseeable human behaviour or interaction with other systems, including
145 other AI systems (3.1.1)
146 Note 1 to entry: Reasonably foreseeable human behaviour includes the behaviour of all types of relevant users
147 (3.5.7).
148 Note 2 to entry: Reasonably foreseeable misuse can be intentional or unintentional.
149 [SOURCE: AI Act Art. 3(13), modified — removed “means the”, “may” replaced by “can”, notes 1 and 2 to
150 entry added]
151 3.1.4
152 performance
153 ability of an AI system (3.1.1) to achieve its intended purpose (3.1.2)
154 Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
155 Note 2 to entry: Performance is evaluated in the context of use of the AI system (3.1.1). The use conditions under
156 which performance is evaluated can result in significant performance outcomes and which can be explicitly stated
157 [SOURCE: REGULATION (EU) 2024/1689, Article 3(18), modified — removed “the”]
158 3.1.5
159 provider
160 natural or legal person, public authority, agency or other body that develops an AI system (3.1.1) or a
161 general purpose AI model or that has an AI system (3.1.1) or a general-purpose AI model developed and
162 places it on the market or puts the AI system (3.1.1) into service under its own name or trademark,
163 whether for payment or free of charge
164 Note 1 to entry: A distributor, importer, deployer (3.1.6) or other third party can be considered a provider of an AI
165 system (3.1.1) in certain circumstances.
166 [SOURCE: REGULATION (EU) 2024/1689, Article 3(3), modified — removed “means a”, note to entry
167 added]
168 3.1.6
169 deployer
170 natural or legal person, public authority, agency or other body using an AI system (3.1.1) under its
171 authority except where the AI system (3.1.1) is used in the course of a personal non-professional activity
172 [SOURCE: REGULATION (EU) 2024/1689, Article 3(4), modified — removed “means a”]
173 3.1.7
174 post-market monitoring system
175 activities carried out by providers (3.1.5) of AI systems (3.1.1) to collect and review experience gained
176 from the use of AI systems (3.1.1) they place on the market or put into service for the purpose of
177 identifying any need to immediately apply any necessary corrective or preventive actions
178 Note 1 to entry: For the purpose of this document, activities shall mean all activities.
179 [SOURCE: REGULATION (EU) 2024/1689, Article 3(25), modified — removed “means all”, added note to
180 entry]
181 3.1.8
182 placing on the market
183 first making available of an AI system (3.1.1) on the Union market
184 Note 1 to entry: See making available on the market (3.1.9).
185 Note 2 to entry: Further information on this concept can be found in the Blue Guide [2], section 2.
186 [SOURCE: REGULATION (EU) 2024/1689, Article 3(9), modified — removed “means the”, added notes to
187 entry]
188 3.1.9
189 making available on the market
190 supply of an AI system (3.1.1) for distribution or use on the Union market in the course of a commercial
191 activity, whether in return for payment or free of charge
192 [SOURCE: REGULATION (EU) 2024/1689, Article 3(10), modified — removed “means the”]
193 3.1.10
194 putting into service
195 supply of an AI system (3.1.1) for first use directly to the deployer (3.1.6) or for own use in the Union for
196 its intended purpose (3.1.2)
197 Note 1 to entry: Further information on this concept can be found in the Blue Guide [2], section 2.
198 [SOURCE: REGULATION (EU) 2024/1689, Article 3(11), modified — removed “means the”, added note to
199 entry]
200 3.1.11
201 serious incident
202 incident or malfunctioning of an AI system (3.1.1) that directly or indirectly leads to any of the following:
203 a) the death of a person (3.5.9) or serious harm (3.6.3) to a person (3.5.9)’s health;
204 b) a serious and irreversible disruption of the management or operation of critical infrastructure
205 (3.6.18);
206 c) the infringement of obligations under applicable regulatory requirements intended to protect
207 fundamental rights (3.5.1);
208 d) serious harm (3.6.3) to property or the environment
209 [SOURCE: REGULATION (EU) 2024/1689, Article 3(49), modified — removed “means an”]
210 3.1.12
211 subject
212 natural person who participates in testing in real-world conditions
213 Note 1 to entry: Participating in testing (3.3.1) can require informed consent (3.5.12) of subjects.
214 [SOURCE: REGULATION (EU) 2024/1689, Article 3(58), modified — removed “for the purpose of real-
215 world testing, means a”, note to entry added]
216 3.1.13
217 real-world conditions testing
218 temporary testing (3.3.1) of an AI system (3.1.1) for its intended purpose (3.1.2) in its intended context of
219 use or deployment environment outside a laboratory or otherwise simulated environment
220 Note 1 to entry: Assessing and verifying conformity of the AI system (3.1.1) with the requirements of this document
221 includes that the overall residual risk (3.6.6) of the AI system (3.1.1) is acceptable in accordance with its intended
222 purpose (3.1.2) and reasonably foreseeable misuse (3.1.3).
223 Note 2 to entry: Real-world conditions testing can pertain to technical and non-technical aspects, including
224 performance (3.1.4) verification (3.2.9) or usability study.
225 Note 3 to entry: Real-world conditions testing can require the participation of subjects (3.1.12).
226 [SOURCE: REGULATION (EU) 2024/1689, Article 3(57), modified — removed “means the”, replaced “in
227 real-world conditions” with “in its intended context of use or deployment environment”, removed text
228 after “with a view” for substitutability and because it contains references to specific parts of (EU)
229 2024/1689]
230 3.2 Terms related to the risk management system
231 3.2.1
232 accompanying documentation
233 materials accompanying an AI system (3.1.1) and containing information for the user (3.5.7) or those
234 accountable for the use, maintenance, decommissioning and disposal of the AI system (3.1.1)
235 Note 1 to entry: The accompanying documentation can consist of the instructions for use, technical description,
236 installation manual, quick reference guide, etc.
237 Note 2 to entry: The accompanying documentation is not necessarily a written or printed document but can involve
238 auditory, visual, or tactile materials and multiple media types.
239 Note 3 to entry: Materials include information relevant for the protection of health, safety and fundamental rights,
240 where each is applicable.
241 3.2.2
242 objective evidence
243 data supporting the existence or verity of something
244 Note 1 to entry: Objective evidence can be obtained through observation, measurement, test or by other means.
245 [SOURCE: ISO 9000:2015, 3.8.3, modified — note 2 to entry deleted]
246 3.2.3
247 procedure
248 specified way to carry out an activity or a process (3.2.4)
249 Note 1 to entry: Procedures can be documented or not.
250 [SOURCE: ISO 9000:2015, 3.4.5]
251 3.2.4
252 process
253 set of interrelated or interacting activities that use inputs to deliver an intended result
254 Note 1 to entry: Whether the intended result of a process is called output, product or service depends on the context
255 of the reference.
256 Note 2 to entry: Inputs to a process are generally the outputs of other processes and outputs of a process are
257 generally the inputs to other processes.
258 Note 3 to entry: Two or more interrelated and interacting processes in series can also be referred to as a process.
259 [SOURCE: ISO 9000:2015, 3.4.1, modified — notes 4-6 to entry deleted]
260 3.2.5
261 record
262 document stating results achieved or providing evidence of activities performed
263 Note 1 to entry: Records can be used, for example, to formalize traceability and to provide evidence of verification,
264 preventive action and corrective action.
265 3.2.6
266 risk management
267 systematic and continuous application of management policies, procedures (3.2.3) and practices to the
268 tasks of analysing, evaluating, controlling and monitoring risk (3.6.5) throughout the entire life cycle
269 (3.4.1) of an AI system (3.1.1)
270 [SOURCE: ISO/IEC Guide 63:2019, 3.15, modified — reference to life cycle of the AI system added]
271 3.2.7
272 state of the art
273 generally acknowledged state of the art
274 developed stage of technical capability at a given time as regards products, processes (3.2.4) and services,
275 based on the relevant consolidated findings of science, technology and experience
276 Note 1 to entry: The state of the art embodies what is currently and generally accepted as good practice in
277 technology. The state of the art does not necessarily imply the latest scientific research still in an experimental stage
278 or with insufficient technological maturity.
279 [SOURCE: ISO/IEC Guide 2:2004, 1.4, modified — note to entry added]
280 3.2.8
281 top management
282 person (3.5.9) or group of people who directs and controls a provider (3.1.5) at the highest level
283 [SOURCE: ISO 9000:2015, 3.1.1, modified — “an organization” replaced by “a provider”, notes to entry
284 deleted]
285 3.2.9
286 verification
287 confirmation, through the provision of objective evidence (3.2.2), that specified requirements have been
288 fulfilled
289 Note 1 to entry: The objective evidence (3.2.2) needed for a verification can be the result of an inspection, testing
290 (3.3.1) or of other forms of determination such as performing alternative calculations or reviewing documents.
291 Note 2 to entry: The activities carried out for verification are sometimes called a qualification process (3.2.4).
292 Note 3 to entry: The word “verified” is used to designate the corresponding status.
293 [SOURCE: ISO 9000:2015, 3.8.12, modified — note 1 to entry modified]
294 3.2.10
295 international norms of behaviour
296 expectations of socially responsible organizational behaviour derived from customary international law,
297 generally accepted principles of international law, or intergovernmental agreements that are universally
298 or nearly universally recognized
299 Note 1 to entry: Intergovernmental agreements include treaties and conventions.
300 Note 2 to entry: Although customary international law, generally accepted principles of international law and
301 intergovernmental agreements are directed primarily at states, they express goals and principles to which all
302 organizations can aspire.
303 Note 3 to entry: International norms of behaviour evolve over time.
304 [SOURCE: ISO 26000:2010, 2.11]
305 3.2.11
306 risk management file
307 set of records (3.2.5) and other documents that are produced by risk management (3.2.6)
308 [SOURCE: EN ISO 14971:2019, 3.25]
309 3.3 Terms relating to testing
310 3.3.1
311 testing
312 set of activities conducted to facilitate discovery and evaluation of properties of test items (3.3.2)
313 Note 1 to entry: Testing activities include planning, preparation, execution, reporting, and management activities,
314 insofar as they are directed towards testing.
315 [SOURCE: ISO/IEC/IEEE 29119-1:2022, 3.131]
316 3.3.2
317 test item
318 test object
319 work product to be tested
320 EXAMPLE Software component, system, requirements document, design specification, user (3.5.7) guide.
321 [SOURCE: ISO/IEC/IEEE 29119-1:2022, 3.107]
322 3.3.3
323 test objective
324 reason for performing testing (3.3.1)
325 [SOURCE: ISO/IEC/IEEE 29119-1:2022, 3.114, modified — EXAMPLE removed]
326 3.3.4
327 test completion report
328 test summary report
329 report that provides a summary of the testing (3.3.1) that was performed
330 Note 1 to entry: The report may contain statistical analysis.
331 [SOURCE: ISO/IEC/IEEE 29119-1:2022, 3.87, modified — added note to entry]
332 3.3.5
333 test plan
334 detailed description of test objectives to be achieved and the means and schedule for achieving them,
335 organized to coordinate testing (3.3.1) activities for some test item (3.3.2) or set of test items (3.3.2)
336 Note 1 to entry: A test plan is a written document included in the risk management file (3.2.11)
337 [SOURCE: ISO/IEC/IEEE 29119-1:2022, 3.117, modified — note to entry modified]
338 3.3.6
339 test monitoring and control process
340 test management process (3.2.4) that aims to ensure that testing (3.3.1) is performed in line with a test
341 plan (3.3.5) and with organizational test specifications
342 [SOURCE: ISO/IEC/IEEE 29119-1:2022, 3.113]
343 3.4 Terms related to the AI system
344 3.4.1
345 life cycle
346 evolution of a system, product, service, project or other human-made entity, from conception through
347 retirement
348 [SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.23]
349 3.4.2
350 pre-market
351 every life cycle (3.4.1) stage before putting into service (3.1.10) or placing on the market (3.1.8) the AI
352 system (3.1.1)
353 Note 1 to entry: Pre-market can include real-world conditions testing (3.3.4).
354 3.4.3
355 post-market
356 every life cycle (3.4.1) stage after putting into service (3.1.10) or placing on the market (3.1.8) the AI system
357 (3.1.1)
358 EXAMPLE Installation, use, maintenance, repair, modifications and decommissioning.
359 3.4.4
360 application area
361 industry, market segment, or stakeholder (3.5.6) class for which a set of related applications are
362 developed
363 Note 1 to entry: For the purpose of this document, a set of related applications means the AI system.
364 Note 2 to entry: In some instances, application area is referred to as application domain (for example, regulated
365 domain).
366 [SOURCE: ISO/IEC 20944-1:2013, 3.21.21.2, modified — notes 1 and 2 to entry added]
367 3.4.5
368 continuous learning
369 continual learning
370 lifelong learning
371 incremental training of an AI system (3.1.1) that takes place on an ongoing basis during the operation
372 phase of the AI system (3.1.1) life cycle (3.4.1)
373 [SOURCE: ISO/IEC 22989:2022, 3.1.9]
374 3.5 Terms related to natural persons
375 3.5.1
376 fundamental right
377 basic right(s) and freedom(s) held by every human being irrespective of birth, religion, belief, age, race,
378 ethnicity, sex, gender or any other status
379 Note 1 to entry: For the purposes of this document, fundamental rights and their applicability are those protected
380 by EU law, including the protection of the rights outlined in EU law, including the Charter of Fundamental rights of
381 the EU (EU Charter) [3] and the European Convention on Human Rights [4].
382 Note 2 to entry: Annex C provides information about other sources of applicable law governing fundamental rights.
383 Note 3 to entry: All EU legislation, including the EU AI Act [1] are interpreted in light of the EU Charter [3].
384 3.5.2
385 absolute right
386 fundamental right (3.5.1) that cannot be limited or infringed under any circumstances, not even during a
387 declared state of emergency
388 Note 1 to entry: Certain fundamental rights are interpreted in EU jurisprudence to be absolute rights [5]. Like all
389 legal rights, the scope and content of absolute rights can change over time.
390 3.5.3
391 qualified right
392 fundamental right (3.5.1) for which interference (3.5.5) is permitted under certain conditions as provided
393 in accordance with applicable regulatory requirements
394 Note 1 to entry: Certain fundamental rights are interpreted in EU jurisprudence to be qualified rights. Like all legal
395 rights, the scope and content of qualified rights can change over time.
396 3.5.4
397 privately enforceable right
398 subset of fundamental rights (3.5.1) that a private person or organization has enhanced legal
399 responsibility to protect
400 Note 1 to entry: Private legal obligations to protect fundamental rights (3.5.1) can arise from legally binding
401 measures such as legislation, including data protection regulations or laws prohibiting discrimination, or from a
402 court’s determination that certain rights impose legal obligations on private actors. In the EU legal context, these
403 are known as rights with ‘horizontal direct effect’ [5, 6]. Fundamental rights (3.5.1) which have ‘vertical effect’, are
404 those which only states are legally responsible for protecting.
405 Note 2 to entry: Certain fundamental rights are interpreted in EU jurisprudence to be privately enforceable rights.
406 Like all legal rights, the scope and content of privately enforceable rights can change over time.
407 3.5.5
408 Interference
409 impairment of the protection provided
410 Note 1 to entry: An interference does not require any material or immaterial detriment whatsoever. For example, if
411 another person (3.5.9)’s accesses my personal information without my consent, this interferes with my right to
412 privacy irrespective of whether it generated any material detriment to me.
413 Note 2 to entry: The perceptions of persons (3.5.9) affected (3.5.8) can correlate with a court’s determination of
414 whether an individual’s fundamental right (3.5.1) has been interfered with. Accordingly, individual and group
415 perceptions of fundamental rights (3.5.1) adverse impact can be taken into account but are not considered
416 determinative. For example, the use of covert surveillance systems can interfere with an individual’s right to
417 privacy, even if the person (3.5.9) affected (3.5.8) is not aware of this interference.
418 3.5.6
419 stakeholder
420 interested party
421 person (3.5.9), group or organization that can impact, be impacted by or perceive itself to be impacted by
422 a decision or activity
423 Note 1 to entry: Persons (3.5.9) affected (3.5.8) are a subset of stakeholders.
424 Note 2 to entry: Stakeholder includes relevant regulatory bodies, national public bodies, bodies that enforce the
425 protection of fundamental rights (3.5.1), and market surveillance authorities.
426 [SOURCE: ISO/IEC Directives Part 1, Consolidated ISO Supplement, Annex SL Appendix 2 (rev 4 2024),
427 3.2, modified — changed “individual” to “person” in the definition, added “group”, replaced “affected” and
428 “be affected” by “impacted” and “be impacted”, and added notes to entry]
429 3.5.7
430 user
431 person (3.5.9) who interacts with the AI system (3.1.1) when deployed
432 [SOURCE: ISO 10377:2013, 2.29, modified — replaced “product or service” with “AI system when
433 deployed”]
434 3.5.8
435 affected
436 directly or indirectly adversely impacted by the AI system (3.1.1) when used in accordance with its
437 intended purpose (3.1.2) or its reasonably foreseeable misuse (3.1.3)
438 3.5.9
439 person
440 human being regarded as an individual
441 Note 1 to entry: Persons can refer to group(s) of persons.
442 [SOURCE: ISO 13940:2015, 3.3.4, modified — note to entry added]
443 3.5.10
444 vulnerable group
445 set of persons (3.5.9) who, due to socio-economic circumstances or protected characteristics, are more
446 exposed to risk (3.6.5) than they would be without the circumstance or characteristic
447 Note 1 to entry: Vulnerable groups are identified on the basis of the intended purpose (3.1.2) and the reasonably
448 foreseeable misuse (3.1.3) of the AI system (3.1.1).
449 Note 2 to entry: Persons (3.5.9) under the age of 18 are a vulnerable group.
450 Note 3 to entry: Persons (3.5.9) can be in a vulnerable group when they are in socio-economic circumstances that
451 make them dependent on the AI system (3.1.1)’s decisions for their livelihood, or entry to or ability to participate in
452 society.
453 Note 4 to entry: Protected characteristics are listed in Art. 21 of the EU Charter [3].
454 Note 5 to entry: Vulnerable groups include persons (3.5.9) who are unable take care of themselves or protect
455 themselves against harm (3.6.3) or exploitation, due to their protected characteristics.
456 Note 6 to entry: Vulnerable groups can include persons (3.5.9) in power imbalance situations, such as lack of
457 availability or access to individual and collective redress actions available to persons (3.5.9) affected (3.5.8), such as
458 the right to compensation, the right to explanation and the right to contest decisions.
459 Note 7 to entry: Circumstances and characteristics can be temporary, for example due to life events such as changes
460 in health status, financial distress or transitional periods such as migration or job loss.
461 3.5.11
462 proxies
463 representatives of groups of persons (3.5.9) likely to be affected (3.5.8) by the AI system
464 Note 1 to entry: Proxies include non-governmental organizations (NGOs), advocacy groups, community-based
465 organizations, legal representatives, independent experts, civil society organizations (CSOs) or ombudspersons
466 engaged in representing public interest, vulnerable groups (3.5.10) or specific societal concerns.
467 3.5.12
468 informed consent
469 process (3.2.4) by which an individual voluntarily confirms willingness to participate in a particular real-
470 world conditions testing (3.3.4), after having been informed of all aspects of the procedure (3.2.3) that are
471 relevant to the decision to participate
472 Note 1 to entry: Aspects mentioned in the definition includes hazards (3.6.1) and risks (3.6.5) of participation.
473 [SOURCE: ISO 14155:2020, 3.27, modified — replaced “clinical investigation” with “real-world conditions
474 testing”, replaced “investigation” with “procedure”, added note to entry]
475 3.5.13
476 consultation
477 process (3.2.4) of seeking views before making a decision
478 Note 1 to entry: Consultation includes engaging with stakeholder (3.5.6) who are affected (3.5.8).
479 Note 2 to entry: Consultation is useful to ensure that different views are appropriately considered when defining
480 risk (3.6.5) acceptability criteria and when evaluating risks (3.6.5).
481 [SOURCE: ISO 45001:2018, 3.5, modified — removed note 1 to entry, added new notes 1 and 2 to entry]
482 3.6 Terms related to the risk management process
483 3.6.1
484 hazard
485 potential source of harm (3.6.3)
486 Note 1 to entry: Cyber threats (3.6.16) and vulnerabilities (3.6.17) can be the cause of a hazard.
487 Note 2 to entry: Cyber threats (3.6.16) can be hazards.
488 [SOURCE: ISO/IEC Guide 51:2014, 3.2, modified — notes to entry added]
489 3.6.2
490 hazardous situation
491 circumstance in which people, property or the environment is/are exposed to one or more hazards
492 (3.6.1)
493 [SOURCE: ISO/IEC Guide 51:2014, 3.4]
494 3.6.3
495 harm
496 injury or damage to the health of a person (3.5.9) or groups of persons (3.5.9), or interference (3.5.5) with
497 fundamental rights (3.5.1)
498 Note 1 to entry: For the purpose of this document, damage to property or the environment, and the disruption or
499 destruction of critical infrastructure (3.6.18), are considered harms when they can result in injury or damage to the
500 health of a natural person (3.5.9) or groups of persons (3.5.9) or interference (3.5.5) with fundamental rights (3.5.1).
501 Note 2 to entry: Interference (3.5.5) with fundamental rights (3.5.1) can be tangible or intangible, physical,
502 psychological, societal or economic, irrespective of the rightsholder’s awareness, in accordance with EU law,
503 including the EU Charter [3].
504 Note 3 to entry: Safety in product safety risk management (3.2.6) standards is understood as the absence of
505 unacceptable risk (3.6.5). In the context of this document, safety refers to the protection from harm (3.6.3) from the
506 use of the AI system (3.1.1).
507 [SOURCE: ISO/IEC Guide 51:2014, 3.1, modified — interference with the fundamental rights added,
508 damage to property or the environment deleted, notes to entry added]
509 3.6.4
510 severity
511 measure of the possible consequences of a hazard (3.6.1)
512 Note 1 to entry: The definition does not imply numerical measure of severity.
513 [SOURCE: ISO/IEC Guide 63:2019, 3.17, modified — note to entry added]
514 3.6.5
515 risk
516 combination of the probability of an occurrence of harm (3.6.3) and the severity (3.6.4) of that harm
517 (3.6.3)
518 Note 1 to entry: The probability of occurrence includes the exposure to a hazardous situation (3.6.2) and the
519 possibility to avoid or limit the harm (3.6.3).
520 [SOURCE: ISO/IEC Guide 51:2014, 3.9]
521 3.6.6
522 residual risk
523 risk (3.6.5) remaining after risk control measures (3.6.14) have been implemented
524 [SOURCE: ISO/IEC Guide 51:2014, 3.8]
525 3.6.7
526 acceptable risk
527 tolerable risk
528 level of risk (3.6.5) that is accepted in a given context based on the current values of society
529 Note 1 to entry: For the purpose of this document, “acceptable risk” is
...