ISO/IEC 23894 — AI Risk Management Guidance

ISO/IEC 23894:2023 is the international standard that describes how to manage risks specific to artificial intelligence systems. Published in February 2023, it applies the ISO 31000 risk management framework to AI — filling in the process detail that ISO 42001 requires but does not specify.

Publication and status

ISO/IEC 23894 was published in February 2023 as a guidance document. It is not certifiable in itself, but it is the recommended AI risk process to run underneath an ISO 42001 AI management system. Together with ISO 31000 and ISO 42001, it forms the ISO stack for AI risk and governance.

Relationship to ISO 31000

ISO 31000 is the umbrella standard for enterprise risk management. ISO 23894 uses its principles, framework, and process verbatim, then adds AI-specific guidance. The result is that AI risk sits inside the same enterprise risk vocabulary a mature organization already uses — you are not inventing a parallel process, you are extending an existing one.

Where it fits with ISO 42001

ISO 42001 says the organization must identify, assess, and treat AI risks — but it does not tell you how. ISO 23894 tells you how. In practical terms:

ISO 42001 requirementISO 23894 provides
Risk management planning (Clause 6.1)Risk criteria and process definition tailored to AI
AI risk assessmentIdentification, analysis, and evaluation steps with AI-specific sources
AI risk treatmentOptions and how to select them for AI risks
Monitoring and review (Clause 9)Ongoing review triggers for AI systems that drift or change context

The risk process, step by step

  1. Communication and consultation — engage stakeholders, including affected groups, throughout the process.
  2. Scope, context, and criteria — define the AI system boundary, external and internal context, and the risk criteria that will drive decisions.
  3. Risk identification — list the AI-specific risk sources: data, model behavior, robustness, security, transparency, oversight, safety, and environmental impact.
  4. Risk analysis — understand likelihood, consequences, and existing controls.
  5. Risk evaluation — compare against criteria and decide whether treatment is required.
  6. Risk treatment — select controls, mitigations, transfer, acceptance, or avoidance; document residual risk.
  7. Monitoring and review — watch for drift, incidents, and context changes that require reassessment.
  8. Recording and reporting — maintain the risk register and produce evidence for audit and stakeholders.

Risk treatment options for AI

Integrating ISO 23894 into a risk register

Every entry in an AI risk register should carry: the AI system it belongs to, the risk source category, the analysis (likelihood and consequence), the evaluation against criteria, the chosen treatment, the accountable owner, and the review date. Zilonex Govern models these fields directly, so an ISO 23894 process produces the exact record structure an ISO 42001 auditor will ask to see.

Frequently asked questions

What is ISO/IEC 23894?

ISO/IEC 23894:2023 is an international standard that provides guidance on managing risks specific to artificial intelligence systems. It adapts the general risk management principles of ISO 31000 to the particular characteristics of AI — including data dependence, opacity, adaptability, and the potential for systemic harms.

When was ISO 23894 published?

ISO/IEC 23894:2023 was published in February 2023. It is a guidance document, not a certifiable management system standard, but it is directly referenced by ISO 42001 as the recommended approach to AI risk management.

How is ISO 23894 different from ISO 42001?

ISO 42001 is a certifiable AI management system standard — it says what an organization must have in place. ISO 42001 requires risk management but does not describe the risk process in detail. ISO 23894 is guidance that fills that gap by describing how to perform AI risk management step by step.

How does ISO 23894 relate to ISO 31000?

ISO 31000 is the umbrella standard for enterprise risk management. ISO 23894 uses the ISO 31000 principles, framework, and process, then layers AI-specific considerations on top — sources of risk unique to AI, criteria that apply to AI, and treatment options that make sense for AI systems.

What are the main steps of the ISO 23894 risk process?

The process follows ISO 31000: communication and consultation, scope and context, risk assessment (identification, analysis, evaluation), risk treatment, monitoring and review, and recording and reporting. ISO 23894 adds AI-specific guidance for each step, including which AI characteristics to look at when identifying risk sources.

What sources of AI risk does ISO 23894 highlight?

Sources include data quality and provenance, model performance and drift, robustness, security, transparency and explainability, human oversight, environmental impact, and safety. The guidance encourages organizations to review each AI system against these categories rather than treating AI risk as a single generic bucket.

Do we need ISO 23894 if we already follow the NIST AI RMF?

Not strictly, but the two are complementary. NIST AI RMF describes a four-function operating model. ISO 23894 describes the internal mechanics of the risk process itself. Many organizations use NIST AI RMF as the operating rhythm and ISO 23894 as the risk-process reference — feeding both into an ISO 42001 AIMS.

How does ISO 23894 support ISO 42001 certification?

ISO 42001 requires organizations to plan and treat AI risks. Auditors want to see a defined risk process, criteria, register, and treatments. ISO 23894 provides an internationally recognized method for all of that, so pointing to it in your risk methodology is a clean way to satisfy the ISO 42001 planning clause.

Run ISO 23894 inside your AI management system

Zilonex Govern models identification, analysis, evaluation, and treatment as first-class objects — feeding straight into ISO 42001 evidence.

Start Zilonex Govern free for 14 days