2022欧盟AI网络安全与标准化报告.docx

ensaE1.JRCPFAN,1NNAGENUY寸口每卡通供.南节O1.O1.OI1.1.O1.00101CYBERSECURITYOFAIANDSTANDARDISATIONMARCH2023ABBREVIATIONSAbbreviationDefinitionA1.Andkiia1.IrWIipenceCEN.CENeiECEuropeanCommitteeforS1.andafd1.sa1.kxi-EuropeanC<xwn*11eekxE1.ectfo<ncaStarKtefd1.sanonCIAConfidentia1.ity.IntegrityandAvai1.abi1.ityENEuropeanStanctefdESOEuropeanStandardisationOfQanISa1.METSIEuropoanTe1.oconvnunicationsStandardsInsthu1.oORGfO1.pReportICTInformaDonAndCommunicatkxisTechno1.ogyISGIndustrySpoci1.icationGroupISOMternationa1.OrganizationIofStandafdzabonITInformabonTechno1.ogyJTCJointTechnica1.CommineeM1.Machne1.earningNISTNationa1.InsbtuteofStandardsandTechno1.ogyR&DResearchAndDeetopfnen1.SAISecurityofArtifioa1.t11te1.rceSCSubcommitieeSDOStandards-Devdop<rOrganisationTRTechnica1.ReportTSTochnica1.Spocifica1.ionsW1.WorkItemABOUTENISATheEuropeanUnionAgencyforCybersecurity.EN1.SA.istheUnion'sagencydedicatedtoach>w>gahhco11wnonIevxHofcybersecurityacrossEurope.Estab1.ishedin2004andstrengthenedbytheEUCybcrsecurdyAct.theEuropeanUnionAgencyforCybersccurityCOCtrtbutostoEUcyberpo1.icy,enhancesthetrustworthinessc1.ICTproducts,servicesandprocessesW1.Ihcybersecuritycert1icatk)schemes,cooperatesMhKtemberStatesandEUbodies.andhe1.psEuropepreparetortecybercha1.1.engeso1.tomorrow.Throughknovedgesharing,capa1.ybui1.dingandawarenessraising.theAgencyworkstogetherW1.thitskeystakeho1.derstostrengthentrustinthennectedenomy,toboostresi1.ienceoftheUni,sGfraStrUCtUre.and.u1.timate1.y,tokeepEurope'ssoetyandcitizensdigda1.tysecure.MoreinformationaboutENISAanddsWOfkcanbefndhere:ww.enisa.europa.eu.CONTACTF<xcontactingtheauthorsp1.easeUSCteamemsa.eufopa.euFormediaenquiriesaboutthispaper.pieaseusepressemsaeuropaeu.AUTHORSP.Bezombes.S.Brunessaux.S.CadzowEDITOR(三)ENISA:E.MagoaaraS.GorniakP.MagnabOSOOE.Tsekmezog1.ouACKNOW1.EDGEMENTSWewou1.d1.iketothankIbCJointResearchCentreandtheEuropeanCommission1(xtheiractivecontributionandconsentsduringthedraftingstage.A1.so,wcWoUIC1.iketothanktheEN1.SAAdHocExportGrouponAnificia1.Inte1.1.igence(A1.)CytXHSOCUriWfortheva1.uab1.efcod-backandcommentsinva1.idatingthisreport1.EGA1.NOTICEThisP1.JbtoCa1.iOnrepresentstheviewsandinterpretationsofENISA,un1.essstatedotherwise,hdoesnotendorsearegu1.atoryob1.igationofENISAorofENISAbodiespursuanttotheRegu1.ation(EU)No2019'881.ENISAhastherhttoa1.ter,updateorremovethepub1.icationoranyoftscontents.Itismendedforinformationpurposeson1.yanditmustbeaccessib1.efreeofcharge.A1.1.referencestoitoritsuseasawho1.eorpartia1.Iymustntai11ENISAasitssource.Third-partysourcesarequotedasappropriate.ENISAisnotresponsib1.eor1.iab1.eforthecontentoftheexterna1.sourcesinc1.udingexterna1.websitesreferencedinthispub1.ication.Na1.herEN1.SAnoranypersonactingonitsbeha1.fisresponsib1.efortheusethatmightbemadeoftheinformationcontainedinthispubteation.ENISAmaintainsitsinte1.1.ectua1.propertyrightsinr<Hationtothispub1.ication.COPYRIGHTNOTICE©EuropeanUnionAgencyforCybersecurity(ENISA).2023TsPubfccationis1.icencedunderCCBY4OmU11cssotherwisenoted,thereuseofthisdocumentisauthorisedundertheCreativeConvnonsAttribution40Internationa1.(CCBY4O)fccencehtts7crca!ivccommons.org.'bccnses.,by.,4,).Thsmeansthatreuseisa三owod,providedthatappropriatecrcd<tisgivenandanychangesareEicate(TCoverimageshuttrstock.m.Foranyuseorreproduction&photos(Xothermate11athatenotundertheENISAcopyright,permissionmustbesoughtdirect1.yfromthecopyrighthoWers.ISBN978-92-204-6163.DOI10.2824/277479.TP-03-23011-ENCTAB1.EOFCONTENTS1. INTRODUCTION81.1 DOCUMENTPURPOSEANDOBJECTIVES81.2 TARGETAUDIENCEANDPREREQUISITES81.3 STRUCTUREOFTHESTUDY82. SCOPEOFTHEREPORT:DEFINITIONOFA1.ANDCYBERSECURITYOFA1.92.1 ARTIFICIA1.INTE1.1.IGENCE92.2 CYBERSECURITYOFA1.103. STANDARDISATIONINSUPPORTOFCYBERSECURITYOFA1.123.1 RE1.EVANTACTIVITIESBYTHEMAJNSTANDARDS-DEVE1.OPINGORGANISATIONS123.1.1 CENCENE1.EC123.1.2 ETSI133.1.3 ISO-IEC143.1.4 Others144. ANA1.YSISOFCOVERAGE164.1 STANDARDISATIONINSUPPORTOFCYBERSECURITYOFA1.-NARROWSENSE164.2 STANDARDISATIONINSUPPORTOFTHECYBERSECURITYOFA1.-TRUSTWORTHINESS194.3 CYBERSECURITYANDSTANDARDISATIONINTHECONTEXTOFTHEDRAFTA1.ACT215. CONC1.USIONS245.1 WRAP-UP245.2 RECOMMENDATIONS255.2.1 Recommendationstoa1.1.organisations255.2.2 Recommendationstostandards-deveop>gorganisations255.2.3 RecommendationsinpreparationforIheimp1.ementationofthedraftA1.Act255.3 ANA1.OBSERVATIONS26AANNEX:2727A.1SE1.ECTIONOFISO27000SERIESSTANDARDSRE1.EVANTTOTHECYBERSECURITYOFA1.«.CYBERSECURITYOFA1.ANDSTANDARDISATION:en'saA.2RE1.EVANTISOIECSTANDARDSPUB1.ISHEDORP1.ANNEDIUNDERDEVE1.OPMENT29A.3CEN-CENE1.ECJOINTTECHNICA1.COMMITTEE21ANDDRAFTA1.ACTREQUIREMENTS31A.4ETSIACTIVITIESANDDRAFTAJACTREQUIREMENTS33EXECUTIVESUMMARYTheovera1.1.objectiveOI1.hCpresentdocumentistoprovideanovervie