12 June 2026 · Kuziva Muzondo
EN 18228 and EN 18282: What Regula Can Evidence Against Draft AI Standards
Two CEN-CENELEC harmonised standards for the EU AI Act are in public enquiry. Here is what a code scanner can and cannot evidence against them — and what will change when they publish.
What these standards are
prEN 18228 and prEN 18282 are draft CEN-CENELEC harmonised standards for the EU AI Act, currently at public enquiry stage. EN 18228 covers AI risk management (Article 9) and EN 18282 covers cybersecurity for AI systems (Article 15). Once published, they will provide presumption of conformity with their respective articles. Final publication is expected Q4 2026.
prEN 18228 (AI Risk Management) provides presumption of conformity with Article 9 of the EU AI Act. It covers risk identification, risk controls, testing, and post-market monitoring across the AI lifecycle.
prEN 18282 (Cybersecurity for AI Systems) maps to Article 15. It organises AI cybersecurity around five outcome categories — Prevent, Detect, Respond, Resolve, Control — applied to five attack types: data poisoning, model poisoning, adversarial attacks, confidentiality attacks, and model flaws.
What Regula can evidence
Regula provides code-level indicators relevant to EN 18228 clauses on hazard identification, testing, risk controls, and monitoring (clauses 6, 8, 9, 12), and contributes artefacts towards the Risk Management File (clauses 4.5, 4.6). For EN 18282, 16 of 17 AI_SECURITY detection categories map to at least one outcome in the Prevent, Detect, or Control categories.
| Standard | Clauses with coverage | Relationship |
|---|---|---|
| EN 18228 | Clause 6 (hazard identification), 8 (testing), 9 (risk controls), 12 (monitoring) | Indicator — Regula detects code patterns relevant to these clauses |
| EN 18228 | Clause 4.5 (planning), 4.6 (Risk Management File) | Evidence — regula plan and regula conform contribute artefacts |
| EN 18282 | Prevent (8 categories), Detect (4), Control (5) | Indicator — 16 of 17 AI_SECURITY categories map to at least one outcome |
What Regula cannot address
Regula cannot address organisational process clauses (EN 18228 clauses 4.1–4.4 on governance, competence, and risk criteria), lifecycle integration (clause 5), residual risk acceptance (clauses 10–11), or EN 18282 Respond and Resolve outcomes. These require documented procedures, domain-expert judgement, and operational runbooks that are not code properties.
| Gap | Why |
|---|---|
| EN 18228 Clauses 4.1–4.4 (process, governance, competence, risk criteria) | Organisational processes — require documented procedures, not code |
| EN 18228 Clause 5 (lifecycle process integration) | Organisational capability — integrating risk management across the AI lifecycle is not a code property |
| EN 18228 Clauses 10–11 (residual risk, review) | Human determination — risk acceptance is a domain-expert judgement |
| EN 18282 Respond and Resolve outcomes | Runtime/organisational — incident response and recovery require operational runbooks |
Three relationship types
The Regula standards mapping uses three distinct relationship types: Indicator (Regula detects a relevant code-level signal, but detection does not mean the clause is satisfied), Evidence (Regula output contributes an artefact towards the clause, but is not sufficient alone), and Cannot (the clause requires organisational, runtime, or human-judgement input that code scanning cannot address).
The full matrices (in references/) use three distinct relationship types, never conflated:
- Indicator: Regula detects a code-level signal relevant to the clause. Finding present ≠ clause satisfied.
- Evidence: Regula output contributes an artefact towards meeting the clause. Not sufficient alone.
- Cannot: The clause requires organisational, runtime, or human-judgement input that code scanning fundamentally cannot address.
Last verified: 12 June 2026 · Author: Kuziva Muzondo · Sources: AI Assurance Institute (EN 18228), Adam Leon Smith (EN 18282) · Full matrices: en18228_mapping.yaml, en18282_mapping.yaml
Not legal advice. Regula identifies risk indicators for developer review.
Related reading
- Article 50 Code of Practice mapping — What a code scanner can evidence against the AI content marking rules
- Scanning 5 compliance frameworks — 562 findings across PyTorch, HuggingFace, LangChain, LlamaIndex, CrewAI
- How to classify your AI system — Article 6, the four tiers, and what code scanning can tell you