12 June 2026 · Kuziva Muzondo

EN 18228 and EN 18282: What Regula Can Evidence Against Draft AI Standards

Two CEN-CENELEC harmonised standards for the EU AI Act are in public enquiry. Here is what a code scanner can and cannot evidence against them — and what will change when they publish.

What these standards are

prEN 18228 and prEN 18282 are draft CEN-CENELEC harmonised standards for the EU AI Act, currently at public enquiry stage. EN 18228 covers AI risk management (Article 9) and EN 18282 covers cybersecurity for AI systems (Article 15). Once published, they will provide presumption of conformity with their respective articles. Final publication is expected Q4 2026.

prEN 18228 (AI Risk Management) provides presumption of conformity with Article 9 of the EU AI Act. It covers risk identification, risk controls, testing, and post-market monitoring across the AI lifecycle.

prEN 18282 (Cybersecurity for AI Systems) maps to Article 15. It organises AI cybersecurity around five outcome categories — Prevent, Detect, Respond, Resolve, Control — applied to five attack types: data poisoning, model poisoning, adversarial attacks, confidentiality attacks, and model flaws.

What Regula can evidence

Regula provides code-level indicators relevant to EN 18228 clauses on hazard identification, testing, risk controls, and monitoring (clauses 6, 8, 9, 12), and contributes artefacts towards the Risk Management File (clauses 4.5, 4.6). For EN 18282, 16 of 17 AI_SECURITY detection categories map to at least one outcome in the Prevent, Detect, or Control categories.

StandardClauses with coverageRelationship
EN 18228Clause 6 (hazard identification), 8 (testing), 9 (risk controls), 12 (monitoring)Indicator — Regula detects code patterns relevant to these clauses
EN 18228Clause 4.5 (planning), 4.6 (Risk Management File)Evidence — regula plan and regula conform contribute artefacts
EN 18282Prevent (8 categories), Detect (4), Control (5)Indicator — 16 of 17 AI_SECURITY categories map to at least one outcome

What Regula cannot address

Regula cannot address organisational process clauses (EN 18228 clauses 4.1–4.4 on governance, competence, and risk criteria), lifecycle integration (clause 5), residual risk acceptance (clauses 10–11), or EN 18282 Respond and Resolve outcomes. These require documented procedures, domain-expert judgement, and operational runbooks that are not code properties.

GapWhy
EN 18228 Clauses 4.1–4.4 (process, governance, competence, risk criteria)Organisational processes — require documented procedures, not code
EN 18228 Clause 5 (lifecycle process integration)Organisational capability — integrating risk management across the AI lifecycle is not a code property
EN 18228 Clauses 10–11 (residual risk, review)Human determination — risk acceptance is a domain-expert judgement
EN 18282 Respond and Resolve outcomesRuntime/organisational — incident response and recovery require operational runbooks

Three relationship types

The Regula standards mapping uses three distinct relationship types: Indicator (Regula detects a relevant code-level signal, but detection does not mean the clause is satisfied), Evidence (Regula output contributes an artefact towards the clause, but is not sufficient alone), and Cannot (the clause requires organisational, runtime, or human-judgement input that code scanning cannot address).

The full matrices (in references/) use three distinct relationship types, never conflated:


Last verified: 12 June 2026 · Author: Kuziva Muzondo · Sources: AI Assurance Institute (EN 18228), Adam Leon Smith (EN 18282) · Full matrices: en18228_mapping.yaml, en18282_mapping.yaml

Not legal advice. Regula identifies risk indicators for developer review.

Related reading