In 2019, the European Commission’s High-Level Expert Group on AI published its “Ethics Guidelines for Trustworthy AI.” It was widely acknowledged, politely filed, and largely ignored. Then the EU AI Act became law. Suddenly, the principles of trustworthy AI aren’t aspirational — they’re legally enforceable. And organisations that haven’t embedded them into their AI governance are running out of time.
À retenir
- Trustworthy AI is built on seven key requirements defined by the EU's High-Level Expert Group
- The EU AI Act turns these principles from guidelines into legal obligations
- ISO 42001 provides the management system framework to implement trustworthy AI at scale
- Implementation starts with governance, risk assessment, and workforce AI literacy
The seven requirements of trustworthy AI
The EU framework defines seven key requirements that AI systems must meet to be considered trustworthy. These aren’t abstract principles — each one maps directly to specific obligations under the EU AI Act and practical governance measures:
1. Human agency and oversight
AI systems should support human decision-making, not replace it. Users must be able to understand, intervene in, and override AI outputs. For high-risk AI systems, the EU AI Act mandates specific human oversight measures under Article 14.
In practice: Every AI system in your organisation should have a defined level of human oversight — from full automation with monitoring (low risk) to human-in-the-loop approval for every output (high risk).
2. Technical robustness and safety
AI systems should be reliable, reproducible, and resilient to errors or adversarial attacks. This covers accuracy, fallback mechanisms, and security against prompt injection and manipulation.
In practice: Test AI systems for accuracy, establish fallback procedures when AI fails, and maintain security controls against adversarial inputs.
3. Privacy and data governance
AI systems must comply with data protection laws (GDPR) and maintain high standards of data quality. Training data must be collected lawfully, stored securely, and processed transparently.
In practice: Document data sources for every AI system, implement data quality checks, and ensure GDPR compliance throughout the AI lifecycle.
89%
of consumers say they want to know when AI is being used to make decisions about them
Source : Edelman Trust Barometer 2025
4. Transparency
Users should know when they’re interacting with AI. AI decisions should be explainable. Documentation should trace how AI systems were developed, trained, and deployed.
In practice: Label AI-generated content, provide explanations for AI-assisted decisions, and maintain technical documentation as required by EU AI Act Article 11.
5. Diversity, non-discrimination, and fairness
AI systems must be designed and tested to avoid unfair bias. This requires diverse development teams, representative training data, and ongoing monitoring for discriminatory outcomes.
In practice: Conduct bias testing before deployment, monitor for disparate impact in production, and establish remediation processes when bias is detected.
6. Societal and environmental wellbeing
AI systems should consider their broader impact — including environmental costs (energy consumption of training and inference) and societal effects (labour market disruption, democratic processes).
In practice: Assess the environmental footprint of AI deployments and evaluate societal impact as part of your AI impact assessment process.
7. Accountability
There must be clear responsibility for AI systems and their outcomes. This includes auditability, reporting mechanisms, and accessible redress for those affected by AI decisions.
In practice: Assign accountability for every AI system, implement audit trails, and establish complaint and redress procedures.
These seven requirements aren’t a checklist you tick once. They’re ongoing governance obligations that must be embedded into your AI management processes.
From principles to law: the EU AI Act connection
The EU AI Act translates trustworthy AI principles into binding legal requirements. The connection is direct:
| Trustworthy AI requirement | EU AI Act provision |
|---|---|
| Human oversight | Article 14 — mandatory for high-risk systems |
| Technical robustness | Article 9 — risk management system |
| Privacy and data governance | Article 10 — data governance obligations |
| Transparency | Articles 13, 50 — transparency requirements |
| Non-discrimination | Article 10(2)(f) — bias testing for training data |
| Accountability | Articles 9, 17 — quality management and documentation |
| AI literacy | Article 4 — mandatory for all AI deployers |
Article 4 is particularly significant. It requires every organisation that deploys AI to ensure sufficient AI literacy among staff. This isn’t limited to high-risk AI — it applies to all AI use. Organisations must ensure their people understand how AI works, its limitations, and the principles of trustworthy AI.
For a detailed breakdown of how the EU AI Act applies to UK-based organisations, we’ve published a separate guide.
€35M
maximum fine under the EU AI Act for non-compliance — or 7% of global annual turnover, whichever is higher
Source : EU AI Act, Article 99
How ISO 42001 makes trustworthy AI operational
Principles are useful. Regulation is motivating. But implementation requires a management system. That’s where ISO 42001 comes in.
ISO 42001 is the first international standard for AI management systems (AIMS). It provides a structured framework for implementing every aspect of trustworthy AI:
- AI policy — codifies your organisation’s commitment to trustworthy AI principles
- Risk assessment — systematically identifies risks to each trustworthy AI requirement
- Impact assessment — evaluates the effects of AI systems on individuals and society
- Controls — defines specific measures to address identified risks
- Monitoring — tracks ongoing compliance and system performance
- Continual improvement — regular review and enhancement of AI governance
Organisations pursuing ISO 42001 certification demonstrate to regulators, clients, and stakeholders that trustworthy AI isn’t just a policy statement — it’s an operational reality.
Don’t wait for enforcement deadlines. Organisations that build trustworthy AI governance now will have a competitive advantage — both in regulatory readiness and client trust. The EU AI Act’s literacy obligation under Article 4 is already in force.
A practical implementation roadmap
For organisations starting their trustworthy AI journey, here’s a phased approach:
Phase 1: Foundation (months 1–2)
- Appoint an AI governance lead or committee
- Inventory all AI systems in use across the organisation
- Conduct an AI readiness assessment to establish your baseline
- Address shadow AI — you can’t govern what you can’t see
Phase 2: Framework (months 2–4)
- Develop your AI policy aligned with trustworthy AI requirements
- Define risk categories and assessment processes
- Build an AI competency framework that includes trustworthy AI principles
- Establish human oversight protocols for each AI system
Phase 3: Training (months 3–5)
- Deploy AI training across the workforce covering trustworthy AI principles, data handling, and responsible use
- Specialised training for high-risk roles (HR, legal, procurement, compliance)
- Document training completion for Article 4 compliance
Phase 4: Certification (months 6–12)
- Pursue ISO 42001 certification if appropriate for your organisation
- Conduct internal audits against the trustworthy AI framework
- Establish continuous monitoring and improvement processes
How Brain helps
Brain trains your workforce in the principles and practice of trustworthy AI. Employees learn to use AI responsibly, understand the governance framework, recognise risks, and apply trustworthy AI principles in their daily work — through practical, role-based modules that document compliance with EU AI Act Article 4.
The result: a workforce that understands trustworthy AI, demonstrable compliance with regulatory requirements, and an organisation ready for ISO 42001 certification.
Related articles
Ethical AI for Enterprises: 6-Principle Framework + Solutions (2026)
Build enterprise-grade ethical AI: 6 principles, bias prevention, transparency checklist, real solutions and EU AI Act alignment steps.
AI Governance Framework: 7-Step Checklist + ISO 42001 Template
Build your AI governance framework in 7 steps. Free checklist, ISO 42001 alignment, EU AI Act mapping, and the 4 governance principles that matter.
ISO 42001 Certification: Cost, Timeline and Process
Get ISO 42001 certified step by step: gap analysis to surveillance audits, costs, timeline, and how it aligns with EU AI Act compliance.