Guidelines  ·  2026-07-19

ISO/IEC DIS 27091 — AI privacy protection guidance — in enquiry/FDIS-registration phase

GuidelinesMedium impactGlobal
ISO/IEC 27091, 'Cybersecurity and Privacy — Artificial Intelligence — Privacy protection,' remains in the draft international standard (DIS) enquiry phase with a note that the 'full report [has been] circulated: DIS approved for registration as FDIS,' indicating imminent progression to final-draft stage alongside sibling standard 27090. Exact date of this specific procedural step within the 07-12–07-18 window is unconfirmed from a dated primary source; included here as a watch-list item given its direct relevance to AI security/privacy guidance and its coupling to the 27090 development tracked above.
27091 will give organizations normative guidance for identifying and treating AI/ML privacy risks across the system lifecycle — relevant to any organization building AI systems that process personal data, and will likely be cross-referenced by regulators alongside GDPR/AI Act privacy-by-design obligations.
Monitor ISO/IEC JTC1/SC27 publication calendar for finalization; no immediate action required while in draft.
ISO/IEC DIS 27091 standard page
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →