The most visible aspect of AI is the products and services based on this technology. Any model packaged as commercial software falls into this category. ChatGPT itself can be considered an AI service. Moreover, from its model, GPT-4 or GPT-4o, a third party can create their own service, expanding the catalog of AI-based products and initiatives.
GPT-4 is just one example. The same could be said for Google's Gemini system or Claude, developed by the startup Anthropic. There are many applications in the market, with many more on the way. Given this potential influx of new services and products, the importance of standards that define a framework for them becomes clear. The ISO/IEC 17065:2012 standard specifies requirements for entities that certify products, processes, and services, ensuring their work guarantees the users' confidence in these products.
ISO/IEC 17065:2012 is not solely focused on AI. This technology, particularly in its generative form, has only recently surged following the launch of ChatGPT. The standard dates back to 2012, and although AI was already present in commercial software applications back then, the pressing need to frame the technology has emerged more recently.
Now, this standard has become increasingly relevant to AI-based applications. But before linking it to artificial intelligence, let's understand how it works.
Objective of ISO/IEC 17065:2012
The standard aims to ensure that entities certifying products operate competently, consistently, and impartially. It guarantees that everything certified by these organizations maintains a uniform quality level.
The standard itself defines it as: "The overall aim of product, process, or service certification is to provide confidence to all interested parties that a product, process, or service fulfills specified requirements. The value of certification is the degree of confidence established through impartial and competent demonstration by a third party of the fulfillment of specified requirements".
Standard Requirements
Entities certifying products, services, or processes must meet several requirements to obtain the standard. First, they must ensure impartiality in their activities, avoiding conflicts of interest.
Additionally, entities aiming to achieve the standard need to prove their competence in performing certifications. This entails having adequate resources, both in personnel and technical aspects, appropriate to the products they will evaluate. Regarding the teams assigned to this task, the entity must also ensure their competence by training and assessing their skills.
Organizations are also required to maintain a management system to uphold the standard's requirements. This involves establishing policies and procedures to guarantee the quality and integrity of the certification activities.
The standard imposes requirements for the certification process itself, covering all stages from evaluation to review, including decision-making and surveillance tasks. The values sought to align with the standard include transparency, consistency, and detailed documentation of all certification process phases.
Relation of ISO/IEC 17065:2012 to AI
It will be interesting to see how ISO/IEC 17065:2012 applies to the AI market. Certification activities in the sector have just begun and are yet to fully unfold. However, there are already indications of the areas this standard will impact.
It is foreseeable that algorithms, whether analytical or generative AI, and systems based on this technology will be subject to evaluation. Many factors need to be considered, such as compliance with specific legislation, product performance, or alignment with commonly accepted ethics.
Another certification target will be devices where AI plays a fundamental role, such as autonomous cars. But even without leaping into the future, examples can be found in home automation devices and other digital equipment.
Furthermore, the standard will also serve entities to certify processes, including the development of AI models or products integrating AI. Certification could also cover the deployment aspect, linked to operational activities. Organizations should ensure that programming, model training, updates, and data management adhere to best practices.