CEN/CENELEC Harmonised Standards for AI

Overview of harmonised standards being developed by CEN and CENELEC to support the implementation of the EU AI Act, including quality management systems, risk management, and technical requirements.

What is this document?

CEN (European Committee for Standardization) and CENELEC (European Committee for Electrotechnical Standardization) are developing harmonised standards that will directly support the implementation of the EU AI Act (Regulation 2024/1689). The European Commission issued a standardisation request in February 2024 calling for the development of standards covering the key requirements of the Regulation.

Harmonised standards hold a special legal status — when published in the Official Journal of the EU, they provide a presumption of conformity with the corresponding requirements of the AI Act. This means that organisations following harmonised standards are automatically deemed compliant with the relevant provisions of the Regulation.

Key points

Standards development status

CEN and CENELEC are developing standards through Joint Technical Committee 21 (JTC 21) — Artificial Intelligence. As of 2025/2026:

prEN 18286 (Quality management system for the purposes of the AI Act) — the first AI harmonised standard to enter public enquiry on 30 October 2025, with a comment deadline of 22 January 2026.
AI risk management standard — expected to enter public enquiry shortly after prEN 18286
Other standards — at various stages of development, with a target publication date of Q4 2026.

Accelerated measures

In October 2025, CEN and CENELEC adopted an extraordinary package of measures to accelerate standards development:

The option for direct publication without a separate formal vote in case of a positive vote during public enquiry
Shortened deadlines for individual procedural phases
Enhanced coordination between working groups

Areas covered by the standards

Harmonised standards for the AI Act are being developed in the following areas:

Quality management system — Requirements for establishing and maintaining a QMS in accordance with Art. 17 of the AI Act
Risk management — Methodology for identifying, assessing, and mitigating risks (Art. 9)
Data management and data quality — Requirements for training, validation, and testing data (Art. 10)
Technical documentation — Format and content of technical documentation (Art. 11)
Transparency and information for users — Requirements for instructions for use (Art. 13)
Human oversight — Measures for ensuring effective human oversight (Art. 14)
Accuracy, robustness, and cybersecurity — Technical measures (Art. 15)
Conformity assessment — Procedures for conformity assessment (Art. 43)

Presumption of conformity

The process to achieve presumption of conformity:

CEN/CENELEC publish the harmonised standard
The European Commission assesses whether the standard meets the AI Act requirements
If the assessment is positive, the standard's reference is published in the Official Journal of the EU
From that point, application of the standard provides presumption of conformity

How does it apply to organisations?

Importance for AI Act compliance

Harmonised standards are the most important practical tool for organisations because they:

Reduce legal uncertainty — clearly define technical requirements
Provide presumption of conformity — eliminate the need to demonstrate compliance through other means
Facilitate conformity assessment — accredited bodies use them as a reference framework
Harmonise the approach — ensure uniform requirements across the entire EU

Transitional period

While harmonised standards are not yet finalised and published, organisations can use:

ISO/IEC 42001 — for AI management systems
ISO/IEC 23894 — for AI system risk management
Code of Practice for GPAI — for general-purpose AI models
Common specifications — which the Commission may adopt if harmonised standards are insufficient (Art. 41)

Application deadlines

According to the latest information including the omnibus proposal:

Category	Latest application deadline
High-risk AI (Annex III)	2 December 2027
High-risk AI (Annex I — regulated products)	2 August 2028

The application of rules for high-risk systems is conditional on the readiness of applicable harmonised standards.

Practical steps

Track standards development — Regularly check progress on CEN/CENELEC and European Commission websites
Participate in public enquiries — Organisations can comment on draft standards during the public enquiry phase
Use existing ISO standards — ISO 42001 and ISO 23894 as a starting point while harmonised standards are being finalised
Plan implementation — Prepare internal processes for rapid implementation of harmonised standards upon their publication
Monitor the omnibus proposal — Possible changes to deadlines and requirements

Relevant EU AI Act articles

Article	Topic
Art. 40	Harmonised standards
Art. 41	Common specifications
Art. 43	Conformity assessment (uses harmonised standards)
Recitals 117-122	Rationale for standardisation

Source documents

European Commission: Standardisation of the AI Act
CEN-CENELEC: Artificial Intelligence
Harmonised standards map: EU AI Act — Harmonised standards map

What is this document?

Key points

Standards development status

CEN and CENELEC are developing standards through Joint Technical Committee 21 (JTC 21) — Artificial Intelligence. As of 2025/2026:

prEN 18286 (Quality management system for the purposes of the AI Act) — the first AI harmonised standard to enter public enquiry on 30 October 2025, with a comment deadline of 22 January 2026.
AI risk management standard — expected to enter public enquiry shortly after prEN 18286
Other standards — at various stages of development, with a target publication date of Q4 2026.

Accelerated measures

In October 2025, CEN and CENELEC adopted an extraordinary package of measures to accelerate standards development:

The option for direct publication without a separate formal vote in case of a positive vote during public enquiry
Shortened deadlines for individual procedural phases
Enhanced coordination between working groups

Areas covered by the standards

Harmonised standards for the AI Act are being developed in the following areas:

Quality management system — Requirements for establishing and maintaining a QMS in accordance with Art. 17 of the AI Act
Risk management — Methodology for identifying, assessing, and mitigating risks (Art. 9)
Data management and data quality — Requirements for training, validation, and testing data (Art. 10)
Technical documentation — Format and content of technical documentation (Art. 11)
Transparency and information for users — Requirements for instructions for use (Art. 13)
Human oversight — Measures for ensuring effective human oversight (Art. 14)
Accuracy, robustness, and cybersecurity — Technical measures (Art. 15)
Conformity assessment — Procedures for conformity assessment (Art. 43)

Presumption of conformity

The process to achieve presumption of conformity:

CEN/CENELEC publish the harmonised standard
The European Commission assesses whether the standard meets the AI Act requirements
If the assessment is positive, the standard's reference is published in the Official Journal of the EU
From that point, application of the standard provides presumption of conformity

How does it apply to organisations?

Importance for AI Act compliance

Harmonised standards are the most important practical tool for organisations because they:

Reduce legal uncertainty — clearly define technical requirements
Provide presumption of conformity — eliminate the need to demonstrate compliance through other means
Facilitate conformity assessment — accredited bodies use them as a reference framework
Harmonise the approach — ensure uniform requirements across the entire EU

Transitional period

While harmonised standards are not yet finalised and published, organisations can use:

ISO/IEC 42001 — for AI management systems
ISO/IEC 23894 — for AI system risk management
Code of Practice for GPAI — for general-purpose AI models
Common specifications — which the Commission may adopt if harmonised standards are insufficient (Art. 41)

Application deadlines

According to the latest information including the omnibus proposal:

Category	Latest application deadline
High-risk AI (Annex III)	2 December 2027
High-risk AI (Annex I — regulated products)	2 August 2028

The application of rules for high-risk systems is conditional on the readiness of applicable harmonised standards.

Practical steps

Track standards development — Regularly check progress on CEN/CENELEC and European Commission websites
Participate in public enquiries — Organisations can comment on draft standards during the public enquiry phase
Use existing ISO standards — ISO 42001 and ISO 23894 as a starting point while harmonised standards are being finalised
Plan implementation — Prepare internal processes for rapid implementation of harmonised standards upon their publication
Monitor the omnibus proposal — Possible changes to deadlines and requirements

Relevant EU AI Act articles

Article	Topic
Art. 40	Harmonised standards
Art. 41	Common specifications
Art. 43	Conformity assessment (uses harmonised standards)
Recitals 117-122	Rationale for standardisation

Source documents

European Commission: Standardisation of the AI Act
CEN-CENELEC: Artificial Intelligence
Harmonised standards map: EU AI Act — Harmonised standards map

CEN/CENELEC Harmonised Standards for AI

What is this document?

Key points

Standards development status

Accelerated measures

Areas covered by the standards

Presumption of conformity

How does it apply to organisations?

Importance for AI Act compliance

Transitional period

Application deadlines

Practical steps

Relevant EU AI Act articles

Source documents

Need compliance documentation?

CEN/CENELEC Harmonised Standards for AI

What is this document?

Key points

Standards development status

Accelerated measures

Areas covered by the standards

Presumption of conformity

How does it apply to organisations?

Importance for AI Act compliance

Transitional period

Application deadlines

Practical steps

Relevant EU AI Act articles

Source documents

Need compliance documentation?