Approfondimenti
-

ISO/IEC 17024:2026: how professional competences are certified, and what changes with the new edition
After fourteen years, the 2012 edition of ISO/IEC 17024 is superseded: the new edition, published in 2026 and transposed as UNI CEI EN ISO/IEC 17024 in April 2026, updates structure and terminology and, for the first time, addresses the use of Artificial Intelligence in certification processes. It is a decisive turn, coming just as the…
-

ISO 9000:2026: the vocabulary of Quality is renewed
Before rules come words. In May 2026 the fifth edition of ISO 9000 was published, the standard establishing fundamental concepts, principles and vocabulary of quality management, transposed as UNI EN ISO 9000 (May 2026) replacing the 2015 edition. It is not a certifiable standard, and precisely for this it is the most important: it is…
-

ISO 19011:2026, the art of auditing updates: hybrid audits, digital evidence and auditor competence
In May 2026 the fourth edition of ISO 19011 was published, the international guidance for auditing management systems, transposed as UNI CEI EN ISO 19011 and entering the national body of standards on 27 May 2026. Remote and hybrid audits treated as ordinary modes, digital evidence alongside interviews and direct observation, vocabulary aligned with the…
-

UNI 11621-8: the twelve professional profiles of Artificial Intelligence, between national standard and European CWA
On 30 April 2026 the standard UNI 11621-8 was published, the first national standard in Europe to systematically define the professional role profiles of Artificial Intelligence: twelve figures, from Chief AI Officer to AI Research Scientist, certifiable under accreditation. A few weeks later came CEN’s CWA 18398 on AI professional and educational profiles. Two documents…
-

The AI ethicist becomes a profession: the EN 18274 standard and the competences required
For years the “AI ethicist” was a self-attributed title, without verifiable contours. Now the picture changes: within CEN-CLC/JTC 21, EN 18274 — the European standard on competence requirements for professional AI ethicists — is on the home straight, while professional associations such as the Association of AI Ethicists work towards recognition of the profession. Who…
-

Mapping the risks of Artificial Intelligence: NIST, MIT, CSA and ENISA compared
Before managing AI risks you have to be able to name them. Four tools, all public and free, offer as many perspectives: NIST’s management framework, MIT’s taxonomic repository with over 1,700 catalogued risks, the Cloud Security Alliance’s controls matrix and ENISA’s cybersecurity framework. A reasoned map for those building AI governance. Anyone setting out to…
-

Records of processing and SMEs: the simplification of Article 30(5) GDPR seen by the EDPB and EDPS
Extending the exemption from the obligation to keep a record of processing activities to organisations with fewer than 750 employees: this is the Commission’s proposal on which the EDPB and the EDPS pronounced in Joint Opinion 01/2025. Favour for the lightening, but with a warning: the register is not just an obligation, it is a…
-

EHDS: the European Health Data Space between primary use, secondary use and prohibited uses
Regulation (EU) 2025/327 establishes the European Health Data Space: the first common European sectoral data space, with staggered application from 26 March 2027. Interoperable health records for care, access bodies for research, and a catalogue of expressly prohibited uses. The essential coordinates of a regulation set to reshape European digital health. With Regulation (EU) 2025/327…
-

Facial recognition in Italian cities: the moratorium extended to 2027 and the AI Act’s limits
After Trento, the Garante scrutinised Rome’s metro and Turin’s “intelligent” cameras. Meanwhile, the Italian moratorium on the use of facial recognition in public places has been extended to 31 December 2027, and the AI Act has set directly applicable prohibitions, from the scraping of facial images to real-time remote biometric identification. The updated map of…
-

The EDPB DPIA template: towards a harmonised impact assessment across the European Economic Area
On 14 April 2026 the EDPB adopted a template for data-protection impact assessments, put out for public consultation until 9 June 2026: predefined fields, an explanatory document and the ambition to become the single model — or the “meta-template” — of the authorities across the entire EEA. What changes, in practice, for controllers and DPOs?…