ETSI Publishes Security Requirements for AI Data Centers and Cloud Platforms
What Happened — ETSI released Technical Specification TS 104 033, defining a comprehensive security framework for AI computing platforms deployed in data‑center and edge environments. The standard outlines mandatory controls for identity management, data protection, integrity, auditing, incident response, and resilience of AI models, datasets, and workloads.
Why It Matters for TPRM —
- Sets baseline security expectations for cloud and edge providers offering AI services.
- Provides contractual language for third‑party risk assessments and SLA negotiations.
- Helps organizations evaluate vendor compliance with emerging AI‑specific controls.
Who Is Affected — Cloud service providers, edge‑computing operators, AI‑as‑a‑Service vendors, and enterprises that outsource AI model training or inference.
Recommended Actions —
- Map existing vendor contracts to the ETSI TS 104 033 controls and identify gaps.
- Request evidence of compliance (e.g., audit reports, attestations) from AI‑focused cloud providers.
- Incorporate the specification’s requirements into your organization’s security policies and vendor risk questionnaires.
Technical Notes — The specification mandates least‑privilege identity management, prohibition of remote root access, secure boot, encrypted data in‑transit and at‑rest, isolation of shared AI accelerators, and robust logging for forensic analysis. No specific CVEs are referenced. Source: Help Net Security