top of page

HOW EN 304 223 RELATES TO ISO 27001 AND SOC 2

ETSI EN 304 223 does not replace ISO/IEC 27001 or SOC 2.  Instead, it extends them into AI-specific risk areas that traditional frameworks do not explicitly cover.

  • ISO/IEC 27001 provides the management system, risk-based approach, and governance structure.

  • SOC 2 provides assurance over control design and operating effectiveness.

  • EN 304 223 adds AI-specific security expectations across the lifecycle.

 

In practice, most organisations with ISO 27001 or SOC 2 can reuse a large proportion of their existing controls and evidence. The work is about broadening scope and depth, not starting again.

PRACTICAL MAPPING: WHERE CONTROLS ALREADY EXIST

Extending existing security frameworks — not replacing them
​

ETSI EN 304 223 does not replace ISO/IEC 27001 or SOC 2. Instead, it extends them into AI-specific risk areas that traditional frameworks do not explicitly cover.

  • ISO/IEC 27001 provides the management system, risk-based approach, and governance structure.

  • SOC 2 provides assurance over control design and operating effectiveness.

  • EN 304 223 adds AI-specific security expectations across the lifecycle.

 

In practice, most organisations with ISO 27001 or SOC 2 can reuse a large proportion of their existing controls and evidence. The work is about broadening scope and depth, not starting again.

​
Where EN 304 223 typically maps cleanly

Many EN 304 223 principles align directly to controls organisations already have, including:

  • risk assessment and awareness (ISO 27001 Clause 6 / SOC 2 CC3)

  • supplier and third-party risk management

  • secure development lifecycle and change management

  • access control and identity management

  • logging, monitoring, and incident response

  • asset management and secure disposal

 

This means that a significant portion of EN 304 223 can often be evidenced using existing ISMS and SOC 2 artefacts, provided AI systems are explicitly included in scope.

​

The AI-specific gaps organisations usually uncover

Where EN 304 223 adds the most value is in highlighting gaps that traditional frameworks often miss, such as:

  • incomplete inventories of AI models, datasets, and prompts

  • lack of AI-specific threat modelling

  • limited supplier assurance for third-party AI services

  • absence of monitoring focused on model behaviour and misuse

  • incident response plans that don’t cover AI scenarios

  • unclear ownership for retraining, tuning, and retirement

These gaps are rarely about a lack of intent. They exist because AI systems don’t always fit neatly into existing security processes.

​

A proportionate approach that works in practice

A pragmatic way to apply EN 304 223 alongside ISO 27001 and SOC 2 is to:

  1. Map EN 304 223 principles to existing controls and evidence

  2. Identify AI-specific gaps where coverage is weak or unclear

  3. Prioritise remediation based on customer, regulatory, and commercial risk

  4. Extend existing processes rather than creating parallel AI governance

  5. Produce audit-ready evidence that demonstrates control in practice

This approach avoids “AI governance theatre” while still delivering meaningful risk reduction

​

bottom of page