TS 104 033 sets binding requirements for any platform used to train or run AI in data centers or edge computing environments.

ETSI, the European body that sets technical standards for telecommunications and information technology, published TS 104 033. TS 104 033 is a specification document that defines security requirements for AI computing platforms. These are the data centers and edge computing environments where companies host, train, and run AI applications. The specification covers the hardware, storage, networking, and software that make up those platforms.

Six required security controls

The specification defines six security controls that apply to any AI computing platform.

• Access control – Only authorized users and systems can access the platform. Remote access to root-level accounts is prohibited.
• Integrity protection – Systems must verify they have not been tampered with before starting. AI models must be verified before use.
• Data protection – Data must be encrypted in transit and at rest. Backup and recovery capabilities are required.
• Secure audit – Logs must capture events related to AI assets and be protected against tampering.
• Incident response – Platforms must monitor for intrusions and network anomalies and respond in real time.
• Resilience – Platforms must maintain a safe mode that can restore the system to a known good state if attacked.

AI-specific protections

Standard data center security was not built for AI. The specification adds three requirements that platform operators must meet.

The first addresses shared hardware. Cloud environments routinely run multiple companies’ AI workloads on the same physical processors. Platform operators must ensure that those workloads are kept completely separate, so one company’s models and data cannot be accessed by another on the same machine.

Platform operators must also detect attacks targeting inference, the point where a trained model stops learning and starts working on real-world requests.

If a cyberattack interrupts model training, the platform must be able to resume from a defined checkpoint rather than starting over.

The Model Bill of Materials assigns accountability

An additional but crucial piece of the spec is the Model Bill of Materials (Model BoM or AI BoM).  It mandates enterprises to record how they develop and train models. This creates an audit trail for model integrity and traceability, and aligns with capabilities that regulators and enterprises managing AI governance are beginning to require.

Who this affects

The primary targets are cloud providers, data center operators, and any company running its own AI infrastructure.

For businesses that use cloud services to train or run AI systems, the standard applies differently. It defines what a secure AI platform looks like, giving those businesses a clear benchmark to hold their vendors to.

“This work marks a significant step forward in establishing concrete and actionable security requirements for the platform itself,” said Scott Cadzow, Chair of the ETSI Technical Committee Securing AI.

TS 104 033 is a technical specification, not a regulation. Compliance is not yet mandatory. But ETSI standards have a track record of becoming the technical foundation for EU regulatory requirements. The EU AI Act references ETSI standards, and ETSI’s baseline IoT security standard followed the same path from technical specification to regulatory reference. The specification also maps to ETSI’s baseline cybersecurity requirements for AI models and systems, building a layered compliance structure that regulators can reference. Companies running AI infrastructure in Europe, or procuring AI services from vendors that do so, should treat TS 104 033 as a preview of upcoming compliance requirements.