The publication of the ETSI EN 304 223 standard not only marks a regulatory
milestone in AI cybersecurity, but also introduces significant changes in the way
intellectual property is protected, exploited, and governed in this field.
For organizations that develop, train, or integrate AI systems, this standard is
more than a technical reference: it represents a new point of support—or
exposure—regarding legal liability, patent strategy, and defense in potential
disputes.
ETSI EN 304 223 is a European technical standard with global reach that
defines baseline cybersecurity requirements for artificial intelligence models and
systems.
It was published by ETSI (the European Telecommunications Standards
Institute) and aims to establish a common security framework for AI, regardless
of the sector or specific technology used.
The standard sets out the minimum cybersecurity measures that must be met
throughout the entire AI system lifecycle, including design and development,
model training, deployment, and operation and maintenance.
It does not prescribe a specific technology, but rather principles and security
controls that must be in place.
When a standard defines “best practices,” it also begins to define what may be
considered negligent, insufficient, or legally questionable.
- Standards vs. patents: a structural tension
Technical standards, by definition, seek interoperability and broad adoption.
Patents, on the other hand, grant exclusive rights. When a standard
incorporates patented technologies, a classic tension arises:
Which parts of the standard may be covered by patents?
Under what conditions must those patents be licensed?
At this point, a purely technical reading is often insufficient. Identifying whether
an in-house solution could become a standard-essential patent—or, conversely,
infringe third-party rights—requires specialized legal analysis from the earliest
stages.
Within the ETSI ecosystem, this issue is addressed through the FRAND
principle (Fair, Reasonable, and Non-Discriminatory), which requires holders of
standard-essential patents to:
Declare their patents
License them under fair and non-exclusive terms
Key impact: AI cybersecurity shifts from being a “closed” competitive
advantage to becoming, at least in part, shared infrastructure.
Correctly identifying FRAND obligations—and their impact on IP valuation—can
make the difference between a strategic patent portfolio and an unexpected
source of contractual disputes.
- Standard Essential Patents (SEPs) in AI
ETSI EN 304 223 opens the door to a new critical category: Standard Essential
Patents (SEPs) applied to AI and cybersecurity.
This may include:
Data poisoning protection techniques
Model integrity and traceability mechanisms
Methods for detecting model manipulation or extraction
For some organizations, this scenario represents a monetization opportunity; for
others, a latent risk of technological dependency. Distinguishing between the
two is far from trivial and requires an integrated legal–technical assessment.
Organizations that already hold patents in these areas may:
Become strategic licensors
Be required to open their IP under FRAND terms if their technologies are
deemed essential
Anticipating this scenario makes it possible to decide whether to patent, license,
negotiate, or redesign solutions before the standard becomes widely adopted. - A shift in patent strategy
With standardization, patenting “what” loses relative value, while patenting the
“how” becomes increasingly important, including:
Implementation methods
Performance optimizations
Specific architectures
Automation of security controls
Integrations with MLOps pipelines
As a result, competitive advantage shifts from isolated invention to advanced,
scalable implementation capability.
This transition is often one of the most delicate points for innovation teams: not
everything that is technically sophisticated is legally defensible, and not
everything that is patentable is strategically worthwhile.
Here, close coordination between technical teams and specialized legal counsel
becomes essential to avoid investments in IP assets with low returns or high
invalidation risk.
- Know-how, trade secrets, and software
Not everything is captured by the standard or by patents.
Many organizations will choose to protect:
Risk assessment models
Internal AI hardening tools
Continuous monitoring processes
They will often do so through trade secrets, especially when:
Disclosure for patenting is not convenient
Value lies more in operation than in the method itself
The boundary between what should be patented and what should be protected
as a trade secret is increasingly thin in AI environments, where value often
resides in operation, training, and continuous improvement.
A poorly defined hybrid IP strategy can expose critical assets without providing
effective protection. - Legal and compliance risks
The existence of a globally recognized standard fundamentally changes the
legal landscape.
Failure to comply with standardized security practices may:
o Increase exposure to litigation
o Weaken defenses in the event of cybersecurity incidents
Compliance with the standard may:
o Serve as evidence of “best effort”
o Reduce legal and reputational risks
AI cybersecurity ceases to be merely a technical issue and becomes a legal
and reputational asset.
In future disputes, the key question will no longer be only “what happened,” but
whether the organization acted in accordance with industry-recognized
standards.
Compliance with ETSI EN 304 223 may serve as evidence of best effort, while
ignoring it can seriously undermine legal defenses in cases involving
cybersecurity incidents or misuse of AI.
Strategic outlook
ETSI EN 304 223 does more than regulate AI security: it redefines what can be
appropriated, protected, and monetized in this domain.
In this new context, intellectual property is no longer an isolated business
concern, but a strategic decision that combines technology, regulation, and
legal risk.
Differentiation will no longer come from ignoring the standard, but from building
on it with a legally sound intellectual property strategy capable of sustaining
innovation, compliance, and long-term value.
