In the current post I want to do a fast analysis of ISO/IEC 22989:2022 – “Artificial intelligence concepts and terminology”.
In the global race for Artificial Intelligence dominance, most organizations are sprinting toward implementation while tripping over a fundamental hurdle: the lack of a shared language.
We see it in every boardroom and technical meeting: “Trustworthiness” is treated as a subjective feeling, “Transparency” remains a vague promise, and the very definition of an “AI System” varies depending on who you ask. This “Babel Syndrome” isn’t just a communication issue but a significant risk to compliance, security, and strategic alignment.
To lead in the AI era, you need a foundation that is both authoritative and globally recognized. This is where ISO/IEC 22989:2022 becomes your most valuable strategic asset.
1. Foundational Bedrock: Defining the “AI System”
Precision is the first step toward governance. ISO/IEC 22989:2022 moves us away from science fiction and toward engineering reality. It defines an AI System as an engineered system that generates outputs such as content, forecasts, recommendations, or decisions for a given set of human-defined objectives.
By emphasizing human-defined objectives, the standard reclaims control for leadership. If the objectives aren’t defined by the business, the system isn’t governed; it’s merely running.
2. The AI Life Cycle: A Roadmap for Accountability
Unlike traditional software, AI is not a “set it and forget it” tool. The standard introduces a comprehensive AI System Life Cycle Model, which is critical for establishing Accountability—the state of being answerable for decisions and performance.
To visualize why this requires a shift in mindset, let’s compare the traditional approach with the AI-specific cycle defined in the standard:
Comparison: Traditional Software vs. AI System Life Cycle (ISO/IEC 22989)
| Feature | Traditional Software (SDLC) | AI System Life Cycle |
| Logic Origin | Human-written code and explicit rules. | Learned from data and human-defined objectives. |
| Performance | Stable until a code change is made. | Dynamic; can change over time (Model Drift). |
| Validation | Functional testing against fixed requirements. | Continuous Verification & Validation (V&V) of data and outputs. |
| Governance Focus | Version control and bug tracking. | Bias detection, data quality, and ethical alignment. |
| Retirement | When hardware or OS support ends. | When performance degrades or ethical risks exceed thresholds. |
The stages you must govern include Inception, Design, Data Acquisition, Training, Evaluation, and the critical ongoing Monitoring during operation.
3. Trustworthiness as a Shared Language
In my work aligning cybersecurity with business strategy, I’ve found that “Trust” is the hardest metric to quantify. ISO/IEC 22989:2022 solves this by breaking down Trustworthiness into verifiable characteristics:
- Robustness: The ability of the system to maintain its level of performance even under unexpected or adversarial conditions.
- Explainability: Expressing the factors that influenced an output in a way that humans can understand—essential for high-stakes decision-making.
- Transparency: Ensuring that the right information about the system’s design, data, and limitations is available to the right stakeholders.
4. Strategic Alignment: The Bridge to ISO/IEC 42001
If you are aiming for ISO/IEC 42001 (the gold standard for AI Management Systems), ISO/IEC 22989 is your prerequisite. You cannot manage what you cannot define. As I discussed in my previous article, The Era of Accountable AI: Why ISO/IEC 42001 is Your Strategic Pivot for 2026, governance is about moving from “principles” to “practice.”
By adopting this vocabulary today, you are architecting a framework compatible with global regulations and future certifications. You can monitor the ongoing work of the international committee responsible for these standards at the ISO/IEC JTC 1/SC 42 official page.
The Strategic Takeaway
AI Governance is not a technical constraint; it is a business enabler. Leaders who master the concepts of ISO/IEC 22989:2022 are the ones who will successfully bridge the gap between technical risk and executive decision-making.
Don’t let your AI strategy get lost in translation. Start with the bedrock.