AI and Standards - Preparing for the AI Act
When the majority of the articles of the AI Act take full effect in August 2026, organizations providing, deploying, using or implementing AI systems may need to demonstrate legal compliance depending on their roles. This blog post will examine roles, responsibilities and how standards may help you comply and perhaps even grant a competitive advantage in the Age of AI.
What are standards?
Before we take a closer look at the AI Act and the harmonized standards ordered by the European Commission, let’s first consider what standards are. Standards are often referred to as ‘soft laws’ as they are not legally required. While standards may not be required by law, several B2B partners, customers and employees often demand products or services to adhere to standards making them an absolute must for many organizations.
Standards help organizations, customers and partners confirm that a solution or service follows specific requirements, rules and procedures. Standards are typically proposed by members of standardization organizations (of which there are many). For the sake of the AI Act, the most relevant is CEN-CENELEC as it has been tasked by the European Commission in creating the harmonized standards to accompany the AI Act. Using CEN-CENELEC as an example, this is typically how a standard will be created:
- CEN-CENELEC receives a recommendation for a standard. This recommendation can come from anyone and is typically a response to a need in an industry or market. For the AI Act, the harmonized standards were ordered by the European Commission (since the EC ordered them to adjoin a specific legislation they are given the name harmonized).
- If or when the recommendation is approved, the to-be standard is appointed to a technical committee, or the standard is proposed with an existing committee. This committee consists of experts from around the world, usually appointed through mirroring national standardization organizations. For the AI Act, a Joint Technical Committee (JTC 21) has been established to create the harmonized standards to accompany the AI Act.
- The draft is made available to anyone who wishes to comment on the draft. This is mostly done through the national mirroring organizations. For the AI Act, Norway’s contributions are made through Standard Norge’s committee ‘SN-K 586 Kunstig Intelligens’. More information about the committee’s work can be found here.
- The draft is then reworked with input from the national mirroring organizations before a final version of the standard is published. For the harmonized standards following the AI Act, they will become available some 3 weeks after being approved by the EC and published in the Official Journal of the EU.
- Since these are harmonized standards created specifically for the AI Act, they will carry a presumption of conformity, meaning that AI systems or solutions built or deployed following the standards are presumed to meet the legal requirements under the AI Act.
- Official certification for compliance with standards is issued by many companies, of which DNV is considered to be one of the biggest.
Why The European Commission Ordered Harmonized Standards
When the General Data Protection Regulation (GDPR) entered into force and became applicable in 2018, several organizations found it difficult to show compliance because there were no harmonized standards to adhere to. With a lessons learned perspective, the European Commission ordered multiple harmonized standards to be published alongside the enforcement of the majority of the AI Act’s articles when they enter info force in August 2026.
"The Future happens slower than you expect, but faster than you are ready for"
Who Should Consider These Harmonized Standards?
The AI Act defines multiple roles or operators in relation to the AI Act and refers to “operators along the value chain” as anyone “who may contribute to the development of AI systems”. These roles are: Provider, product manufacturer, deployer, authorized representative, importer or distributor – or a combination of these. As stated in the Act “an operator could act as a distributor and an importer at the same time.” (AI Act, Article 3, P. 46-47). The table below lists and defines the most relevant operators for the harmonized standards (and for this blog post):
Operators | Definition |
Provider | a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge |
Deployer | means a natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity |
Importer | means a natural or legal person located or established in the Union that places on the market an AI system that bears the name or trademark of a natural or legal person established in a third country |
Distributor | means a natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market |
When will these Standards become available?
The first harmonized standards to be published and available in August 2026 are the following:
- AI trustworthiness framework Part 1: Logging, transparency and human oversight
- Competence requirements for professional AI ethicists
- AI Risk Management
- Artificial Intelligence – Evaluation methods for accurate computer vision systems
- Artificial intelligence – Cybersecurity specifications for AI Systems
- Artificial Intelligence – Concepts, measures and requirements for managing bias in AI systems
- Artificial Intelligence – Quality and governance of datasets in AI
- AI Conformity assessment framework
- Artificial intelligence – Quality management system for EU AI Act regulatory purposes
Competitive Advantages of following standards
Whether your organization should consider obtaining these standards and adhere to them for AI Act compliance will be an important decision to make, as adhering to the harmonized standards may carry multiple advantages:
- Legal certainty and easier compliance: Following harmonized standards provide a presumption of conformity with AI Act articles, reducing legal risk.
- Market access and procurement: Customers and partners may expect adherence to recognized standards before purchase or adoption. Showing compliance with harmonized standards may provide a competitive advantage compared to similar solutions that are not certified with the harmonized standards.
- Technical alignment and clarity: Shared vocabulary, test methods, risk-assessment practices, and evaluation criteria help all stakeholders speak the same language – especially in global settings.
What should your organization do now?
Figuring out what role your organization will have in relation to the different operators mentioned in the AI Act may provide you with information about what standards are most relevant to consider.
While the final standards are not yet published, accessing drafts or connecting with your national mirroring committee may help prepare your business be ready once the final versions are published in August 2026.
Final thoughts
Standards make the AI Act workable as a practical tool. If you want your AI systems to be compatible with EU-wide rules and market expectations, aligning with the harmonized standards may be the action you have been looking for.
Infotechtion recognizes the importance of standards and will follow the creation of the harmonized standards closely. We are also one of Microsoft’s leading partners in AI governance, specializing in detecting shadow AI/IT, ensuring proper data lineage for AI tools and help you identify, manage and prevent ROT data build-up. Contact us today for a talk on how we together can address any concerns you may have with AI at contact@infotechtion.com
Read more:
Read more about CEN-CENELEC’s Joint Technical Committee here: https://jtc21.eu/about/
If you are interested in learning more about Standard Norge’s Mirroring Committee, SN/K-586, you will find useful information here: https://standard.no/standardisering/komiteer/komiteoversikt/snk-586/
Should you be interested in Infotechtion’s AI solutions and how we can help you, consider checking out our website: https://infotechtion.com/ai-governance/
