ISO 22989: AI Concepts and Terminology – A Comprehensive Guide
Introduction
ISO/IEC 22989 is a foundational international standard that establishes the concepts and terminology used across the field of Artificial Intelligence (AI). Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), this standard serves as a common language for AI practitioners, regulators, auditors, and governance professionals. For anyone studying for the AI Governance Professional (AIGP) certification or similar exams, understanding ISO 22989 is essential because it underpins many other AI-related standards, frameworks, and regulatory discussions.
Why Is ISO 22989 Important?
1. Creates a Shared Vocabulary: One of the biggest challenges in the AI space is the lack of consistent terminology. Different organizations, industries, and jurisdictions often use the same terms to mean different things. ISO 22989 addresses this by providing internationally agreed-upon definitions for core AI concepts. This shared vocabulary reduces misunderstandings and facilitates clearer communication among stakeholders—developers, policymakers, legal teams, auditors, and end users.
2. Foundation for Other Standards: ISO 22989 is the terminological backbone of the broader ISO/IEC AI standards ecosystem. Standards such as ISO/IEC 23894 (AI Risk Management), ISO/IEC 42001 (AI Management Systems), ISO/IEC 38507 (Governance Implications of AI), and others rely on the definitions and conceptual frameworks established in ISO 22989. Without understanding this standard, it becomes difficult to properly interpret or apply these related standards.
3. Supports Regulatory Compliance: As AI regulations evolve globally (e.g., the EU AI Act, NIST AI RMF), having a standardized terminology helps organizations align their internal governance practices with external regulatory requirements. ISO 22989 provides definitions that can be mapped to regulatory concepts, making compliance efforts more coherent and defensible.
4. Facilitates AI Governance: For AI governance professionals, ISO 22989 provides the conceptual clarity needed to design governance frameworks, assess AI systems, and communicate risks and opportunities to leadership. It helps ensure that when governance teams discuss concepts like trustworthiness, bias, explainability, or machine learning, everyone is on the same page.
5. Promotes International Interoperability: Because ISO standards are internationally recognized, ISO 22989 helps organizations that operate across borders use a consistent set of terms and concepts, enabling smoother collaboration, procurement, and regulatory engagement.
What Is ISO 22989?
ISO/IEC 22989, formally titled Information technology — Artificial intelligence — Artificial intelligence concepts and terminology, was published in 2022. It belongs to the suite of AI standards developed by ISO/IEC JTC 1/SC 42, the subcommittee responsible for Artificial Intelligence standards.
The standard covers the following key areas:
1. AI Concepts and Definitions:
ISO 22989 defines what artificial intelligence is—broadly characterizing it as the capability of an engineered system to acquire, process, and apply knowledge and skills. It distinguishes AI from related concepts like automation and traditional software.
2. Types of AI Systems:
The standard categorizes AI approaches, including but not limited to:
- Machine learning (ML): Systems that improve their performance through experience and data, without being explicitly programmed for each task.
- Knowledge-based systems: Systems that use structured knowledge representations and reasoning mechanisms.
- Symbolic AI: Approaches that use symbolic representations and logical inference.
- Hybrid approaches: Combinations of different AI paradigms.
3. Machine Learning Concepts:
The standard provides detailed terminology for ML, including:
- Supervised learning: Learning from labeled training data.
- Unsupervised learning: Learning patterns from unlabeled data.
- Reinforcement learning: Learning through interaction with an environment using rewards and penalties.
- Semi-supervised learning: A combination of supervised and unsupervised approaches.
- Deep learning: ML using neural networks with multiple layers.
- Concepts related to training data, validation data, test data, models, features, labels, and hyperparameters.
4. AI System Lifecycle:
ISO 22989 outlines the key stages of an AI system's lifecycle, which typically includes:
- Problem definition and design
- Data collection and preparation
- Model building and training
- Evaluation and validation
- Deployment
- Monitoring and maintenance
- Retirement or decommissioning
5. Trustworthiness and Related Concepts:
A significant portion of the standard addresses concepts related to the trustworthiness of AI systems, including:
- Transparency: The degree to which information about an AI system is made available to stakeholders.
- Explainability: The ability to provide understandable explanations of how an AI system reaches its outputs.
- Controllability: The ability of human operators to intervene in or override AI system behavior.
- Robustness: The ability of an AI system to maintain performance under varying or adverse conditions.
- Fairness: The absence of unjustified bias or discrimination in AI system outcomes.
- Accountability: The principle that identifiable parties are responsible for AI system outcomes.
- Safety: The condition of an AI system being free from unacceptable risk of harm.
- Security: Protection against unauthorized access, modification, or destruction.
- Privacy: Protection of personal and sensitive data throughout the AI lifecycle.
- Resilience: The ability to recover from disruptions and continue functioning.
6. Stakeholder Roles:
The standard identifies various stakeholders in the AI ecosystem, including AI providers, AI developers, AI users, data providers, and affected parties (individuals or groups impacted by AI system decisions).
7. Data Concepts:
ISO 22989 also defines data-related terminology critical to AI, such as:
- Training data, validation data, and test data
- Data quality
- Data bias
- Data labeling and annotation
- Synthetic data
8. Functional and Non-Functional Characteristics:
The standard addresses both what AI systems do (their functional capabilities) and how well they do it (non-functional properties like performance, reliability, and scalability).
How Does ISO 22989 Work?
ISO 22989 is primarily a terminological and conceptual standard rather than a prescriptive or requirements-based standard. This means:
- It does not tell organizations what they must do to comply (unlike ISO/IEC 42001, which is a management system standard with auditable requirements).
- Instead, it provides a reference framework of definitions and conceptual models that other standards, regulations, and organizational policies can build upon.
- Organizations and standards bodies reference ISO 22989 to ensure terminological consistency in their own documents, policies, and frameworks.
In practice, ISO 22989 works by:
1. Establishing baseline definitions that other ISO/IEC AI standards normatively reference.
2. Providing conceptual models (often depicted as diagrams) that illustrate relationships between AI concepts—for example, how machine learning relates to AI, how different learning paradigms relate to each other, and how the AI lifecycle stages connect.
3. Serving as a glossary for governance professionals, auditors, developers, and regulators who need precise language when discussing AI systems.
4. Informing organizational AI policies by giving governance teams a reliable source for defining terms used in internal documentation, risk assessments, and compliance reports.
How ISO 22989 Relates to Other Standards and Frameworks
Understanding how ISO 22989 fits into the broader ecosystem is crucial for exam preparation:
- ISO/IEC 42001 (AI Management Systems): Uses the terminology from ISO 22989 to define requirements for establishing, implementing, and maintaining an AI management system.
- ISO/IEC 23894 (AI Risk Management): Relies on ISO 22989 definitions when discussing AI-specific risks and risk management processes.
- ISO/IEC 38507 (Governance Implications of AI): References ISO 22989 concepts when discussing board-level governance of AI.
- EU AI Act: While not directly referencing ISO 22989, many of the concepts in the EU AI Act (e.g., high-risk AI systems, transparency, human oversight) align with terminology defined or clarified in ISO 22989.
- NIST AI Risk Management Framework: Shares many conceptual overlaps with ISO 22989, particularly around trustworthiness characteristics.
- OECD AI Principles: The OECD's work on AI classification and principles is conceptually aligned with ISO 22989's definitional framework.
Key Concepts You Must Know for the Exam
1. AI Definition: ISO 22989 defines AI as an engineered system that generates outputs such as content, forecasts, recommendations, or decisions for a given set of human-defined objectives. Know that this is a broad, technology-neutral definition.
2. AI System vs. AI Model: An AI system is the complete engineered system, including its interfaces and operational environment. An AI model is a mathematical or computational construct trained on data. The model is a component of the system.
3. Machine Learning Paradigms: Be able to distinguish between supervised, unsupervised, semi-supervised, and reinforcement learning. Understand that deep learning is a subset of machine learning.
4. Trustworthiness: This is a central theme. Know the trustworthiness characteristics: transparency, explainability, controllability, robustness, fairness, accountability, safety, security, privacy, and resilience. Be prepared to define each one and explain why it matters for AI governance.
5. AI Lifecycle: Understand the stages and that governance applies throughout—not just at deployment.
6. Bias: ISO 22989 distinguishes between different types of bias, including data bias, algorithmic bias, and societal bias. Know that bias can be introduced at multiple points in the AI lifecycle.
7. Stakeholder Roles: Understand the distinctions between AI providers, developers, deployers, users, and affected parties.
8. Nature of the Standard: ISO 22989 is a vocabulary/terminology standard, not a requirements or management system standard. It does not certify organizations; it provides the language that other certifiable standards use.
Exam Tips: Answering Questions on ISO 22989 AI Concepts and Terminology
Tip 1: Focus on the Purpose, Not Implementation Details
Exam questions about ISO 22989 typically test whether you understand what the standard is for and why it exists. It is a terminology and concepts standard. If a question asks what ISO 22989 provides, the answer will relate to definitions, vocabulary, or conceptual frameworks—not requirements, controls, or certifications.
Tip 2: Distinguish ISO 22989 from Other Standards
A common exam strategy is to present answer choices that mix up different ISO standards. Remember:
- ISO 22989 = Concepts and terminology
- ISO/IEC 42001 = AI management system (certifiable)
- ISO/IEC 23894 = AI risk management guidance
- ISO/IEC 38507 = Governance implications of AI for boards
If a question asks about establishing an AI management system, the answer is ISO 42001, not ISO 22989. If it asks about foundational AI definitions, it is ISO 22989.
Tip 3: Know the Trustworthiness Characteristics
Questions frequently test your understanding of trustworthiness characteristics as defined in ISO 22989. Be ready to match definitions to terms. For example, if a question describes the ability to provide understandable reasons for AI outputs, the answer is explainability. If it describes maintaining performance under adverse conditions, the answer is robustness.
Tip 4: Understand the Relationship Between AI and Machine Learning
ISO 22989 clarifies that machine learning is a subset of AI—not all AI uses machine learning. Expect questions that test whether you understand this hierarchy. Similarly, deep learning is a subset of machine learning.
Tip 5: Remember the Lifecycle Approach
The standard emphasizes that AI governance considerations span the entire lifecycle. If a question asks when trustworthiness should be addressed, the answer is throughout the entire lifecycle, not just at a single stage.
Tip 6: Watch for Distractor Answers That Sound Technical
Some answer choices may include highly technical AI jargon that sounds impressive but is not what ISO 22989 addresses. Remember, ISO 22989 is about establishing common understanding, not specifying technical architectures or algorithms.
Tip 7: Bias Has Multiple Dimensions
If an exam question asks about bias in the context of ISO 22989, recognize that the standard acknowledges multiple sources and types of bias. The correct answer will likely acknowledge that bias can arise from data, algorithms, design choices, or societal context—not just one source.
Tip 8: Use Process of Elimination
When faced with a question about ISO 22989, eliminate answers that suggest it is:
- A certification standard (it is not)
- A risk management framework (that is ISO 23894)
- A management system standard (that is ISO 42001)
- A sector-specific standard (it is horizontal/cross-sector)
The remaining answer related to terminology, definitions, or conceptual clarity is likely correct.
Tip 9: Connect ISO 22989 to Governance Outcomes
In governance-focused questions, the value of ISO 22989 lies in enabling consistent communication, clearer policy drafting, better risk assessments, and more effective stakeholder engagement. If a question asks how ISO 22989 supports AI governance, think about these communication and clarity benefits.
Tip 10: Recall That ISO 22989 Is Internationally Recognized
If a question asks about achieving international consistency in AI terminology, ISO 22989 is the answer. It is specifically designed to serve as the global reference for AI-related terms, making it particularly relevant for multinational organizations and cross-border regulatory alignment.
Summary
ISO/IEC 22989 is the cornerstone terminological standard for artificial intelligence. It provides internationally agreed-upon definitions, conceptual models, and a shared vocabulary that underpin the entire ISO/IEC AI standards ecosystem. For AIGP exam candidates, it is critical to understand that ISO 22989 is not a requirements standard—it is a reference standard that creates the foundational language for AI governance, risk management, and compliance. Mastering the key concepts it defines—especially around trustworthiness, the AI lifecycle, machine learning paradigms, bias, and stakeholder roles—will prepare you to answer exam questions confidently and accurately.
