As artificial intelligence (AI) becomes integral to business and public sector operations, attorneys must stay informed about the evolving standards for AI privacy and cybersecurity. This CLE session offers a comprehensive overview of two draft international standards, ISO/IEC 27091 and ISO/IEC 27090, which provide critical frameworks for addressing privacy and security challenges in AI systems.

ISO/IEC 27091 focuses on privacy considerations in AI and machine learning, covering transparency, consent protocols, and the rights of data subjects. Conversely, ISO/IEC 27090 emphasizes the security of AI systems, addressing vulnerabilities, model robustness, and defenses against adversarial threats. These standards integrate with the broader ISO AI portfolio, including ISO/IEC 22989, ISO/IEC 42001, ISO/IEC 42005, ISO/IEC 42006, and ISO/IEC 38507, to support robust information governance.

The session will explore how ISO/IEC 27090 and 27091 build upon the ISO/IEC 27701 privacy framework by introducing AI-specific controls, risk assessment strategies, and governance mandates, particularly for highly regulated sectors like finance, healthcare, and critical infrastructure. Through practical case studies, attendees will see how these standards can be incorporated into existing privacy information management systems (PIMS). The course will also address the legal risks and governance failures that may emerge when AI deployments do not align with these emerging global standards.

By the end of the program, participants will be able to recognize the primary obligations outlined in ISO/IEC 27090 and 27091, understand their linkage to ISO/IEC 27701, and appreciate their role in complying with international cybersecurity and privacy regulations. This CLE is indispensable for legal professionals guiding clients through AI governance, risk management frameworks, or cybersecurity compliance.