// Standards & Compliance
Standards & Compliance
Lindwurm is developed against a defined framework of legal requirements, international standards, and technical guidance. We deliberately distinguish between binding law we must comply with, requirement standards we align our processes with, and informative guidance we take into account — and we state each claim at exactly the level we can support. This framework also underpins the program's provisions for independent third-party audits.
Regulatory framework (binding law)
- EU AI Act — Regulation (EU) 2024/1689. The EU's harmonised rules for artificial intelligence. Following the 2026 Digital Omnibus amendments, prohibitions (in force since February 2025) and obligations for general-purpose AI models (since August 2025) apply; transparency obligations under Article 50 apply from 2 August 2026, and high-risk obligations follow from 2 December 2027 (Annex III) and 2 August 2028 (Annex I). We track these milestones as part of our development roadmap. The risk classification of Lindwurm's intended applications under the Act is currently being determined; we are designing against the obligations that classification will entail.
- GDPR — Regulation (EU) 2016/679. Personal data processed in research and development is handled according to the principles of data protection by design and by default.
AI governance and risk management — we align our internal processes with:
- ISO/IEC 42001:2023 — requirements for an AI management system. Our governance processes are being built in alignment with this standard; no certification is claimed at this stage.
- ISO/IEC 23894:2023 — guidance on AI-specific risk management, integrated into our risk assessment practice.
- ISO/IEC 42005:2025 — AI system impact assessment, informing how we evaluate the societal impact of intended applications.
- ISO/IEC 38507:2022 — governance implications of the use of AI by organizations, guiding program-level oversight.
- NIST AI RMF 1.0 — the voluntary U.S. risk management framework (Govern–Map–Measure–Manage), used as a complementary reference for international partners.
Development lifecycle and data quality — we align our engineering practice with:
- ISO/IEC 5338:2023 — AI system life cycle processes; our development phases and roadmap milestones are structured in alignment with this standard.
- ISO/IEC 5259 series (2024–2025) — data quality for analytics and machine learning across the data life cycle, from quality measures to data quality governance; guides how training and evaluation data are curated.
Testing and robustness — our evaluation practice is guided by:
- ISO/IEC 24029 series — assessment of the robustness of neural networks: ISO/IEC TR 24029-1:2021 (overview of methods) and ISO/IEC 24029-2:2023 (formal methods) guide our robustness evaluation; Part 3 (statistical methods) is under development and we track its progress.
- ISO/IEC 42119 series — the emerging international series on testing of AI systems (ISO/IEC TS 42119-2:2025 published), building on the earlier guidance of ISO/IEC TR 29119-11:2020; both inform the Alois evaluation framework.
Transparency, bias and ethics — our design decisions are guided by:
- ISO/IEC TS 6254:2025 — objectives and approaches for the explainability and interpretability of ML models and AI systems.
- ISO/IEC TR 24027:2021 — bias in AI systems and AI-aided decision making.
- ISO/IEC TR 24028:2020 — overview of trustworthiness in artificial intelligence.
- ISO/IEC TR 24368:2022 — overview of ethical and societal concerns.
- IEEE 7000-2021 — model process for addressing ethical concerns during system design.
Terminology on this site follows ISO/IEC 22989:2022 (AI concepts and terminology) and ISO/IEC 23053:2022 (framework for AI systems using machine learning).
Last updated: 16.07.2026. Standards status reflects publications as of July 2026.
A hard problem, a pilot domain, a collaboration?
Let's begin with a confidential, no-obligation consultation.