Digitales Schutzschild mit „AI“ über einer Hand vor IT-Hintergrund. Symbolbild für KI-Sicherheit, sichere KI-Systeme und Cybersecurity im Kontext künstlicher Intelligenz (KI)

A5: BSI Publishes New Audit Framework for Trustworthy AI

9. July 2026

The German Federal Office for Information Security (BSI) has published the Community Draft of the AI Audit and Assurance Assessment Architecture (A5) (currently available in German only), thus starting the consultation phase. A5 is intended to create a standardized framework for the assessment of trustworthy AI systems. Comments on the draft can be submitted until 31 August 2026.

The audit framework is aimed at all actors along the AI value chain, including providers, operators and people responsible for developing, operating or overseeing AI systems. The aim is to support organizations in assessing AI risks and meeting regulatory requirements.

The draft is likely to be particularly relevant for organizations that are currently engaged in the implementation of the EU AI Act or the establishment of AI governance and AI assurance processes.

With A5, the BSI provides criteria and an audit methodology for the first time to systematically assess and demonstrate the trustworthiness of AI systems. The first published criteria form a technology- and application-independent baseline module. The audit methodology follows the established C5 approach of the BSI and is based on the international auditing standard ISAE 3000.

Traditional IT security approaches alone are no longer sufficient for AI systems. With A5, the BSI addresses these special requirements and creates a framework for their systematic assessment. In our view, the open consultation process is an important step towards creating a practical and widely accepted standard. We will actively participate in this.

Maximilian Müller, Principal usd Security Consulting | AI Governance

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories