Paving the way to security

Having been accredited in accordance with ISO/IEC 42001, TÜV UK and TÜV NORD Nederland are setting the standard for the secure and responsible use of AI.

“Artificial intelligence is a technology that offers enormous opportunities but also comes with a lot of risks,” explains Thora Markert, Product Manager for AI at TÜV NORD CERT. The possible challenges range widely from technical malfunctions and manipulation risks to attacks on AI systems and ethical issues. “These are completely new questions that never used to be relevant with earlier technologies of this kind,” says Ms. Markert. This is precisely why companies are being called upon to use AI responsibly; after all, this is the only way to ensure the security and integrity of their systems.

And this is exactly where the ISO/IEC 42001 standard comes in. It is the world’s first international standard for management systems in the field of AI. “ISO/IEC 42001 offers a framework for implementing and deploying AI systems responsibly and effectively, and mitigating risks,” Ms. Markert explains. The standard places particular emphasis on the protection of people and society, the management of societal risks and compliance with ethical, data protection and security requirements.

The point of ISO/IEC 42001 certification is to help companies meet growing regulatory requirements. Like many other regions around the world, the EU is currently establishing a legal framework for AI. In the summer of 2024, the bloc passed the EU AI Act, which will be gradually ramped up in the months leading up to August 2027. “With the gradual introduction of the AI Act, the demand for certification is going to increase significantly,” Ms. Markert predicts. Companies outside the EU which offer AI-based products in Europe must also meet the requirements of the EU AI Act. The certification arose out of close collaboration between TÜV UK and TÜV NORD Nederland, both accreditation pioneers within the TÜV NORD Group. TÜV NORD CERT supports the two foreign subsidiaries and is itself aiming for similar accreditation in the future. “Together we’ve developed an effective certification process that we’re also making available to other foreign companies,” Ms. Markert says. “This is enabling us to offer high-quality certifications for AI systems worldwide and offer companies optimal support in their various markets.”

Thora Markert, Product Manager for AI at TÜV NORD CERT

Whether they be power plants, airports or water utilities, critical infrastructures are the backbone of our society. TÜV NORD EnSys and TÜV NORD IT Secure Communications are now combining their expertise to provide system-relevant facilities with holistic protection – an offer that is unique in Germany.

For operators of critical infrastructures, malfunctions can have grave consequences. The pressure on these companies is increasing as they are having to arm themselves against a range of fundamentally different dangers, including natural disasters and cyberattacks. This is exactly where the new collaboration comes in.

Jan Struve is Head of Fire and Explosion Protection at TÜV NORD EnSys. His team has many years of experience of assessing safety-related issues relating to nuclear power plants and is therefore familiar with high-risk technologies. Burkhard Rose-Mende is Head of the business field Cyber Security Projects & Critical Infrastructures at TÜV NORD IT Secure Communications. These two experts are all set to combine the expertise of their respective fields to create an offer without precedent in Germany: Business Continuity Management, which combines physical safety with IT security. Their shared task is to give companies the tools and wherewithal they need to quickly resume or restore operations in the event of power outages, hacker attacks or fires.

“Many of our existing customers work with unconnected solutions, with fire protection in one silo and IT security in another. We’re now systematically bringing all of these into relationship with one another, and our work is being welcomed by clients,” explains Mr. Struve. In collaboration with the customer, his starting point is a systematic analysis of the risks, after which he arranges them in order of priority and works out suitable measures to counter them. The coronavirus pandemic and the war in Ukraine have shown that companies often do not know where they are vulnerable – until critical processes fail.

The implementation of the Network and Information Security Directive is prompting companies to act, Mr. Rose-Mende says: “The scope of application will be expanded and the requirements tightened.” The number of affected companies is expected to increase from its current level of about 4,500 to 29,500.

The idea for the cooperation arose out of practical experience: Data centres served as a blueprint and showed how valuable the combination of both disciplines is. The municipal utility market, in which both business units already have established customer relationships, looks particularly promising. With the integrated approach, customers benefit from the pooling of expertise, and TÜV NORD is optimally positioned in this growing market.

Jan Struve, Head of Fire and Explosion Protection at TÜV NORD EnSys, and Burkhard Rose-Mende, Head of business field Cyber Security Projects and Critical Infrastructures at TÜV NORD IT Secure Communications

TÜV NORD Onboard Car Diagnosis represents an innovative solution for modern vehicles which makes digital inspections safer, more efficient and more transparent – and offers potential for other fields of application.

Modern cars have long been more than just a means of transport – they are now data storage devices on wheels. From navigation destinations to call logs and payment data, they collect enormous amounts of sensitive data over time, especially via smartphone connections. This means that vehicles are not exempt from the increasing regulatory requirements for digital information security.

A particularly risky juncture is the point when a car changes hands. “There are many scenarios in which it’s critically important to establish if particular information is still stored in the vehicle,” says Gero Eggers, Product Developer and Product Manager at TÜV NORD Mobilität.

The concerns extend beyond mere unprotected data to include manipulated mileage and concealed faults. This is exactly where the TÜV NORD Onboard Car Diagnosis comes in. The system uses the on-board diagnostic interface to connect to the vehicle and delivers a comprehensive analysis within minutes. As a one-dongle solution, it combines several services: Personal information is cleaned up (using an app) in compliance with GDPR, technical problems are brought to light by an error memory analysis, and the mileage and vehicle identification number are checked for plausibility. For this innovative solution, the system was recognised as one of the top-3 innovations in the “Electrical/electronical systems & software” category of the Best of Industry Award 2025, Mr. Eggers reports. “It’s amazing how many vehicles do actually get manipulated,” Mr. Eggers reports. The TÜV NORD Onboard Car Diagnosis detects which control units have been used to store mileage and identification numbers and reliably detects discrepancies. Installed spare parts can also be checked for “false identity” by the same means.

The solution is also opening up further perspectives. “We have lots of ideas for additional applications – for different services, customer groups and vehicle types,” Mr. Eggers explains. The latest addition to the portfolio is a battery check for electric vehicles, which can be used to reliably assess the condition of the traction battery in an EV. All collected data are anony­mised and stored on secure servers. As well as meeting current data protection requirements, the TÜV NORD Onboard Car Diagnosis is thus also laying the foundations for further analyses. “In the long term it will be possible to evaluate this data pool and use it to improve road safety,” says Mr. Eggers.

Gero Eggers, Product Developer and Product Manager at TÜV NORD Mobilität