Executive Summary
As AI systems become increasingly embedded into critical infrastructure and decision-making, cybersecurity professionals face a simple but urgent truth: artificial intelligence is not secure by default.
In 2025, the European Telecommunications Standards Institute (ETSI) released TS 104 223, a landmark technical specification outlining baseline cybersecurity requirements for AI systems — from foundation models to domain-specific deployments.
This article explores the significance of TS 104 223, its lifecycle-based approach, and what it means for system architects, CISOs, compliance leaders, and AI developers globally.
What Is ETSI TS 104 223?
ETSI TS 104 223 defines a structured cybersecurity framework across five phases of the AI lifecycle:
- Secure Design
- Secure Development
- Secure Deployment
- Secure Maintenance
- Secure End-of-Life
This standard addresses both traditional cybersecurity concerns (access control, patching, vulnerability management) and AI-specific threats — including data poisoning, model inversion, prompt injection, and adversarial misuse.
“Security in AI is no longer an add-on. It must be embedded at the design level, audited continuously, and maintained throughout the system’s lifecycle.”
— TS 104 223, Clause 5
What Makes AI Security Different?
Unlike conventional software systems, AI systems:
- Learn from sensitive or unverified datasets
- Adapt or update based on user feedback (reinforcement, fine-tuning)
- Generate unpredictable outputs, sometimes at scale
- Operate within complex supply chains of data, prompts, APIs, and models
As a result, new categories of threats emerge:
- Data poisoning in training pipelines
- Prompt injection against language models
- Membership inference attacks
- Model leakage through unregulated API exposure
- Non-deterministic behavior with ethical and legal consequences
Traditional threat modeling is insufficient.
Core Principles from ETSI TS 104 223
1. Security by Design
AI systems must be engineered with security, explainability, and risk boundaries from the outset.
- Threat modeling should cover both classic and AI-specific vectors
- External models/components require AI-specific due diligence
- Documentation and auditability are critical for compliance and forensics
2. Risk-Based Access & API Hardening
- Limit the exposure of LLMs or predictive models via APIs
- Apply rate-limiting and monitoring to prevent abuse or extraction
- Configure access based on functional need, not default permissions
3. Asset Documentation & Traceability
Organizations must:
- Maintain a complete asset register of training data, model versions, prompts, and dependencies
- Use cryptographic hashes to verify model authenticity
- Log every change in system prompts, model fine-tuning, or inference behaviors
4. Secure Supply Chain
The AI pipeline is not just internal.
- Third-party data providers, pre-trained models, and cloud vendors are all threat vectors
- SBOM (Software Bill of Materials) and transparency around training data are essential
5. Human Oversight and Responsible AI
- Ensure model outputs are interpretable
- Communicate limitations and failure modes to end users
- Implement technical guardrails to support governance and compliance
Practical Implications for Security and GRC Professionals
DomainRequired ActionGovernanceMap AI lifecycle to ISO 27001, NIST AI RMF, and ETSI TS 104 223SecurityExtend existing controls (e.g., SIEM, SOAR) to monitor AI-specific eventsComplianceAlign model documentation with EU AI Act, GDPR, and sectoral standardsRiskUpdate threat models to include adversarial and generative attack vectorsAuditImplement continuous AI audits — not just one-time assessments
Final Thoughts
AI systems today are shaping how decisions are made — in healthcare, finance, defense, and society at large.
But security practices haven’t kept pace with this shift.
ETSI TS 104 223 should be treated not as a recommendation, but as a strategic architecture blueprint. It is a call to action for those building, deploying, or regulating AI systems: Security must scale with intelligence.
