What happened
ISO/IEC 27091, 'Cybersecurity and Privacy — Artificial Intelligence — Privacy protection,' remains in the draft international standard (DIS) enquiry phase with a note that the 'full report [has been] circulated: DIS approved for registration as FDIS,' indicating imminent progression to final-draft stage alongside sibling standard 27090. Exact date of this specific procedural step within the 07-12–07-18 window is unconfirmed from a dated primary source; included here as a watch-list item given its direct relevance to AI security/privacy guidance and its coupling to the 27090 development tracked above.
Why it matters
27091 will give organizations normative guidance for identifying and treating AI/ML privacy risks across the system lifecycle — relevant to any organization building AI systems that process personal data, and will likely be cross-referenced by regulators alongside GDPR/AI Act privacy-by-design obligations.
Action needed
Monitor ISO/IEC JTC1/SC27 publication calendar for finalization; no immediate action required while in draft.