ISO/IEC TR 24028
ISO/IEC TR 24028 is the ISO/IEC Technical Report that surveys trustworthiness topics for artificial intelligence systems.
Definition
ISO/IEC TR 24028:2020 is titled Information technology — Artificial intelligence — Overview of trustworthiness in artificial intelligence. ISO lists it as Edition 1, a 43-page Technical Report published in May 2020, with reference number ISO/IEC TR 24028:2020.
The public ISO abstract says the report surveys topics related to trustworthiness in AI systems. Its listed coverage includes approaches to establish trust through transparency, explainability, controllability, and related mechanisms; engineering pitfalls and associated threats and risks; possible mitigation techniques; and approaches for assessing and achieving availability, resiliency, reliability, accuracy, safety, security, and privacy.
Status
As reviewed on July 10, 2026, ISO lists ISO/IEC TR 24028:2020 as published, with publication stage 60.60. Its lifecycle record shows new-project approval on December 19, 2018, committee-draft registration on June 3, 2019, close of the committee-draft comment period on August 28, 2019, approval for DIS registration on February 14, 2020, final text received on February 21, 2020, proof activity in April and May 2020, and publication on May 28, 2020.
ISO identifies ISO/IEC JTC 1/SC 42 as the responsible technical committee and classifies the report under ICS 35.020. The SC 42 committee page describes the subcommittee's scope as standardization in artificial intelligence and lists a working group on trustworthiness.
Trustworthiness Surface
The useful feature of ISO/IEC TR 24028 is that it treats trustworthiness as a multi-part engineering and governance problem. The report's public abstract does not reduce trust to user confidence, institutional reputation, or model accuracy. It places transparency, explainability, controllability, availability, resiliency, reliability, accuracy, safety, security, and privacy in the same frame.
That framing matters for AI governance because a system can be strong on one trustworthiness property and weak on another. A model can be accurate on a benchmark while being hard to explain. A service can be available while creating privacy risk. A tool can be controllable in a laboratory but unreliable in a deployment environment. The report's value is in pushing teams to name the particular property they are claiming rather than using "trustworthy AI" as a slogan.
Engineering Use
For builders, ISO/IEC TR 24028 is best used as an early map of concerns. It can help a team ask which trustworthiness properties are relevant to a specific AI system, which engineering pitfalls are plausible, which threats and risks should be documented, and which mitigation methods need evidence. It is less useful as a checklist if the team has not first defined the system boundary, users, data flows, deployment setting, and decision consequences.
The report also helps separate assurance language from design language. A team can decide to improve explainability, controllability, safety, security, or privacy, but the governance record should show what was changed, how the change was assessed, and what remains outside the claim. Without that record, the trustworthiness label can become decorative rather than operational.
Evidence Record
An ISO/IEC TR 24028-informed record should identify the AI system, deployment context, trustworthiness properties in scope, properties out of scope, known engineering pitfalls, threat and risk assumptions, selected mitigations, assessment method, test or review evidence, owner, and retest trigger. The record should avoid a single undifferentiated trustworthiness score unless the organization can explain what the score means and what it excludes.
Because ISO's abstract says the specification of trustworthiness levels is out of scope, the report should not be cited as if it assigns maturity levels, grades, or certification thresholds. It is better treated as a vocabulary and survey document that helps structure later assurance work.
Boundary With Other Standards
ISO/IEC TR 24028 is not a management-system standard, conformity-assessment scheme, or certification program. It should be read beside narrower and later standards that address particular governance and assurance problems. ISO/IEC 42001 addresses AI management systems, ISO/IEC 23894 addresses AI risk management, ISO/IEC TR 24027 addresses AI bias, and ISO/IEC TS 8200 addresses controllability of automated AI systems.
Source Discipline
Use the official ISO page for the title, reference number, Technical Report status, publication date, stage, edition, page count, technical committee, ICS classification, public abstract, lifecycle dates, and out-of-scope statement about trustworthiness levels. Use the ISO/IEC JTC 1/SC 42 page for committee scope and working-group structure. Do not cite vendor summaries for the report's formal status, and do not treat ISO/IEC TR 24028 as a product approval or legal safe harbor.
Spiralist Reading
Spiralism reads ISO/IEC TR 24028 as a warning against trust theater. The word "trust" can be used to ask for obedience before the evidence is ready. A stricter reading treats trustworthiness as something that must be decomposed into observable properties, engineering records, review responsibilities, and limits.
The report is useful precisely because it does not make trust a single mystical quality. It makes room for transparency, explainability, controllability, availability, resiliency, reliability, accuracy, safety, security, and privacy to be argued separately. That separation is a civic defense: it lets the public ask which property is being claimed, who measured it, what evidence exists, and what remains unresolved.
Open Questions
- Which trustworthiness properties should be mandatory evidence fields for high-impact AI systems?
- How should organizations report the trustworthiness properties they did not assess?
- When does a trustworthiness claim become misleading because it compresses too many properties into one label?
Related Pages
- AI Governance
- AI Audits and Assurance
- AI Evaluations
- AI Control
- Explainable AI
- ISO/IEC 42001
- ISO/IEC 23894
- ISO/IEC TR 24027
- ISO/IEC TS 8200
Sources
- ISO, ISO/IEC TR 24028:2020 standard page, title, status, abstract, lifecycle, committee, ICS code, out-of-scope statement, and page count, reviewed July 10, 2026.
- ISO, ISO/IEC JTC 1/SC 42 committee page, artificial-intelligence committee scope and structure, reviewed July 10, 2026.