The German Federal Office for Information Security (BSI) has published the Community Draft of the AI Audit and Assurance Assessment Architecture (A5) (currently available in German only), thus starting the consultation phase. A5 is intended to create a standardized framework for the assessment of trustworthy AI systems. Comments on the draft can be submitted until 31 August 2026.
The audit framework is aimed at all actors along the AI value chain, including providers, operators and people responsible for developing, operating or overseeing AI systems. The aim is to support organizations in assessing AI risks and meeting regulatory requirements.
The draft is likely to be particularly relevant for organizations that are currently engaged in the implementation of the EU AI Act or the establishment of AI governance and AI assurance processes.
With A5, the BSI provides criteria and an audit methodology for the first time to systematically assess and demonstrate the trustworthiness of AI systems. The first published criteria form a technology- and application-independent baseline module. The audit methodology follows the established C5 approach of the BSI and is based on the international auditing standard ISAE 3000.
Traditional IT security approaches alone are no longer sufficient for AI systems. With A5, the BSI addresses these special requirements and creates a framework for their systematic assessment. In our view, the open consultation process is an important step towards creating a practical and widely accepted standard. We will actively participate in this.
Maximilian Müller, Principal usd Security Consulting | AI Governance



