ISO/IEC JTC 1/SC 42 · Artificial intelligence

ISO/IEC 5259

Artificial intelligence.
Data quality for analytics
and machine learning.

Six parts, published from July 2024. They are not equal: one carries requirements you can be audited against, four are frameworks, and the sixth is not a standard at all. Knowing which is which is most of the value.

6Parts in the series
Five standards, one Technical Report
1Part that carries requirements
Everything else is guidance
Jul 2024First parts published
by ISO and IEC
8183The standard this series
takes its life cycle from

The series

Six parts.
One of them has requirements.

People buy Part 2 because it says “measures” and assume they have bought the standard. They have bought a measuring instrument with nothing to measure against. The part that tells you what you must do is Part 3 — and it is the only one that uses the word shall. Select any part to see what it is for and who needs it.

Part 3 — the only part specifying requirements Frameworks, measures and guidance Part 6 is a Technical Report — informative, and it cannot contain requirements

Part 1

Framework and terminology

Overview, terminology, and examples

Published July 2024 BS EN ISO/IEC 5259-1:2025

Part 3

The only part you can be audited against.

ISO/IEC 5259-3 specifies requirements for a data quality management system — a DQMS. That one word, requirements, is what separates it from the rest of the series. It is the difference between a document that describes and a document that obliges.

The standard is explicit that the resulting management system gives you transparency and auditability, whether you assess yourself or bring in a third party. It is also explicit about what it is not: it does not define detailed processes, methods or metrics. It defines what must be true, and points at the other parts for how.

It does not prescribe your life cycle

A data life cycle is tightly bound to the AI system life cycle around it, so Part 3 deliberately refuses to mandate one. It provides generic interfaces instead, and lets you map whichever life cycle model you already run — provided the processes actually map.

It is generic on purpose

The requirements apply to every organisation regardless of type, size or sector. No SME carve-out, no risk tier. What varies is how much of it you need, not whether it applies.

It needs the other parts to work

Part 3 normatively references Parts 1 and 2. You cannot implement it from Part 3 alone: the terminology is in Part 1, the measures are in Part 2, and the process detail is in Part 4.

Which is the practical trap in this series. Buying one part rarely buys you anything usable. Buying all six and reading them in the wrong order costs you a month.

Status

Three different legal statuses in one series.

This is the part nobody tells you, and it matters when a contract or a regulator points at “ISO 5259” as though it were one thing. In the United Kingdom, BSI publishes the six parts under three different designations — and the designation tells you what the document actually is.

PartTitleTypeUK designation
1Overview, terminology, and examples StandardBS EN ISO/IEC 5259-1:2025
2Data quality measures StandardBS EN ISO/IEC 5259-2:2025
3Data quality management requirements and guidelines RequirementsBS EN ISO/IEC 5259-3:2025
4Data quality process framework StandardBS EN ISO/IEC 5259-4:2025
5Data quality governance framework StandardBS ISO/IEC 5259-5:2025
6Visualization framework for data quality Technical ReportPD ISO/IEC TR 5259-6:2026

BS EN — Parts 1 to 4

Published in the UK as European Standards. That means CEN-CENELEC took them over and the national standards bodies bound by its rules had to adopt them and withdraw anything conflicting.

BS — Part 5

Published as a British Standard implementing the international text, but without the EN designation the first four carry. If your obligation is worded around European Standards, Part 5 sits outside it.

PD — Part 6

A Published Document, because Part 6 is a Technical Report rather than a standard. Technical Reports are informative. There is nothing in it to comply with, and anyone treating it as a requirement has misread the cover.

IS, TS, TR

A Technical Report is not a standard waiting to grow up.

The natural assumption is that a Technical Report is a standard that has not finished yet, and that Part 6 will eventually be folded into the series proper. It will not. ISO publishes several kinds of deliverable and they are different animals, not different ages of the same animal.

International Standard

Rules, guidelines or characteristics, agreed by consensus and balloted internationally. It is the only kind of deliverable here that can carry requirements you are obliged to meet.

Parts 1 to 5 of ISO/IEC 5259 are International Standards — though only Part 3 actually uses that power.

Technical Specification — TS

This is the deliverable people are thinking of when they say “not ready yet”. ISO publishes a TS where the subject is still under technical development, or where agreement on an International Standard is a future but not an immediate possibility. It is issued for use now and to gather feedback, with the intention that it is eventually transformed and republished as an International Standard.

No part of ISO/IEC 5259 is a TS.

Technical Report — TR

Informative by design. A TR carries information of a different kind altogether — survey data, an informative account, the state of the art — and under the drafting rules a Technical Report cannot contain requirements at all. It is not queued behind a standard. It was never on that path.

Part 6 is a TR, which is why BSI publishes it as a PD rather than a BS.

So ISO/IEC TR 5259-6 is not Part 6 waiting to be promoted. It is a deliberately informative companion to the series: how to visualise data quality results so that a human being can act on them. Useful, and permanently informative. If you ever see a deliverable in the AI series marked TS, that is the one on a conveyor belt to becoming a standard.

The journey

What the stage numbers mean.

Every ISO document moves through numbered stages, and the number is public. If someone tells you a standard is “coming soon”, the stage code tells you whether that is true. Here is the real path ISO/IEC 5259-1 took, with the dates from the ISO catalogue.

StageWhat happens5259-1
10.99 Proposal. A new work item is put to the subcommittee and approved. 31 Jul 2020
20.00 Preparatory. The project is registered in the SC 42 work programme and a working group drafts. 31 Jul 2020
30.00 Committee. A committee draft — a CD — is registered and circulated to national bodies. 5 Aug 2022
30.60 Comments close. Every national body's objection has to be resolved, not outvoted. 2 Nov 2022
40.00 Enquiry. The text becomes a Draft International Standard — a DIS — and goes to a formal ballot. 20 Apr 2023
40.20 The DIS ballot opens. Twelve weeks for the world to object. 21 Jun 2023
60.60 Published. This is the code that means a document is real and current. Jul 2024

Four years from proposal to publication, and that is normal. Stage 50 — approval, the FDIS ballot — can be skipped where a DIS passes cleanly, which is what happened here. After publication a document sits at 60.60 until it is reviewed, revised or withdrawn at stage 90 or 95. When a vendor says a standard is “about to change”, ask them for the stage code.

Where it fits

This series did not invent its own spine.

The most useful thing to understand about ISO/IEC 5259 is that it is not freestanding. Its data life cycle is inherited, its quality model is borrowed from software engineering, and its requirements are what a 42001 auditor will look for when they reach the data controls.

“The DLC model for analytics and ML shown in Figure 3 is derived from ISO/IEC 8183.” ISO/IEC 5259-1:2024, Clause 5.3.2.1
ISO/IEC 8183 — the life cycle underneath

Part 1 takes its data life cycle model straight from 8183, and Part 5 says so again. Part 3 then refines that same life cycle for data quality management. If 8183's stages are unclear to you, none of 5259 will land. See our ISO/IEC 8183 guide.

ISO/IEC 42001 — where the audit happens

Annex A.7 of 42001 is data for AI systems, and an auditor testing it is asking the questions 5259 answers. 5259-3 lists 42001 in its bibliography for a reason: a DQMS is how you evidence those controls. See our ISO/IEC 42001 guide.

ISO 8000, ISO/IEC 25012 and 25024

Part 2 does not start from scratch either. Its data quality model builds on the ISO 8000 series and on the SQuaRE data quality work — decades of data quality thinking, pointed at machine learning.

ISO/IEC 22989 and 23053

The vocabulary and the ML framework the series is written in. Part 4 normatively references both. Arguments in an audit are surprisingly often arguments about what a word means.

ISO/IEC 23894 — risk management

Poor data quality is not an inconvenience, it is a named source of AI risk — bias and unpredictability chief among them. 5259 is a large part of how you treat it.

ISO/IEC 38505-1 and 38507 — governance

Part 5 is aimed at governing bodies rather than practitioners, and sits on the existing data and AI governance standards. It is the part your board reads, if any of them read one.

Representativeness is the characteristic the series keeps returning to, and it is the one that bites. Training data that does not represent the production population produces a model that is confidently wrong — and when the decisions are about people, confidently wrong about the groups you had least data on.

Who wrote it

The work of expert committees, not a single author.

ISO/IEC 5259 was written by experts nominated through their national standards bodies, working in ISO/IEC JTC 1/SC 42 — the joint ISO and IEC subcommittee for artificial intelligence, and the source of the whole AI standards series. Part 1 was registered as a project in July 2020 and published four years later.

ISO/IEC JTC 1/SC 42

The subcommittee behind 5259, 8183, 42001, 42005, 42006, 23894 and 22989. Its working groups draft; its national members vote. That is why these standards agree with each other — they are written by the same room.

National mirror committees

Every participating country runs a mirror committee that forms its national position and casts its vote. In the UK that is BSI's ART/1, Artificial Intelligence. Experts serve in a personal and expert capacity, nominated through their national body.

Four years, part by part

Registered July 2020. Committee draft consultation in 2022, comments resolved, DIS ballot in 2023, publication from July 2024, and the series still completing — Part 5 in 2025, the Technical Report in 2026.

Which is why nobody should claim to have written ISO/IEC 5259. What people can honestly claim is participation — and participation is what tells you how the text is meant to be read, where the committee argued, and which words were chosen carefully.

Matthew Blakemore, AI standards practitioner and member of the BSI and ISO artificial intelligence committees, speaking on stage at an AI summit

BSI and ISO AI committees

Matthew Blakemore

Matthew is a member of the BSI and ISO committees producing the AI standards series that ISO/IEC 5259 belongs to, contributing through BSI's ART/1 — the UK national mirror committee for ISO/IEC JTC 1/SC 42.

He was also sub-editor of ISO/IEC 8183 — the standard this entire series takes its data life cycle from. That is the useful part. When 5259-1 says its life cycle model is derived from 8183, he can tell you what those stages were meant to mean, because he helped write them.

  • StandardSub-editor, ISO/IEC 8183 — the data life cycle 5259 is built on
  • CommitteesMember, BSI and ISO artificial intelligence committees, including BSI ART/1
  • AdvisoryInnovate UK BridgeAI programme
  • CompanyChief Executive, AI Caramba!
  • FrameworkOriginator of the Snakes and Ladders AI Framework™
  • BookSnakes and Ladders: A Leader's Playbook for AI Strategy, Governance and Risk (forthcoming)

Questions

ISO/IEC 5259, answered.

What is ISO 5259?

ISO/IEC 5259 is a six-part series of international standards titled Artificial intelligence — Data quality for analytics and machine learning (ML). Its purpose is to give organisations tools and methods to assess and improve the quality of the data they use to train and evaluate machine learning models.

It was developed by ISO/IEC JTC 1/SC 42 and published from July 2024 onwards. It matters because data quality is not a hygiene issue in machine learning — it is the input that determines whether the model works at all.

What are the six parts of ISO 5259?

Part 1, overview, terminology and examples. Part 2, data quality measures. Part 3, data quality management requirements and guidelines. Part 4, data quality process framework. Part 5, data quality governance framework. Part 6, a Technical Report describing a visualization framework for data quality.

They do genuinely different jobs. Part 1 gives you the language, Part 2 the measuring instruments, Part 3 the obligations, Part 4 the process, Part 5 the board-level view, and Part 6 a way of showing the results.

Which part of ISO 5259 has requirements?

Only Part 3. ISO/IEC 5259-3 specifies requirements for a data quality management system, and it is the only part in the series written in the language of obligation. Everything else provides a model, a framework, measures or guidance.

This is the single most useful thing to know about the series, and the reason buying Part 2 on its own leaves people with a measuring instrument and nothing to measure against.

When was ISO 5259 published?

Parts 1, 3 and 4 were published in July 2024, Part 2 in November 2024, Part 5 in 2025, and the Technical Report forming Part 6 in 2026. The project was registered in the SC 42 programme in July 2020, so the first parts took four years.

Can you get certified to ISO 5259?

There is no accredited certification scheme for ISO/IEC 5259 in the way there is for ISO/IEC 42001, which has ISO/IEC 42006 governing its certification bodies. What Part 3 does provide is a data quality management system that gives transparency and auditability — the standard is explicit that this can be through self-assessment or through third-party assessment.

In practice 5259 shows up inside a 42001 audit rather than as a certificate of its own. If someone offers to certify you against 5259, ask them precisely what they are accredited to do.

Is ISO/IEC TR 5259-6 going to become part of the standard?

No. This is a reasonable assumption and it describes the wrong deliverable. A Technical Report is informative by design — under ISO's drafting rules a TR cannot contain requirements at all — and it is not on a path to becoming an International Standard.

The deliverable that is provisional is a Technical Specification. ISO publishes a TS where a subject is still under technical development, or where agreement on an International Standard is a future but not immediate possibility; it is issued for use and for feedback, with the aim of eventually being transformed and republished as an International Standard. No part of ISO/IEC 5259 is a TS. Part 6 is a permanent, informative companion to the series.

What is the difference between a Technical Report and a Technical Specification?

A Technical Specification addresses work still under technical development, or where agreement on an International Standard is a future but not immediate possibility. It is published for immediate use and to gather feedback, and the intention is that it will eventually be transformed and republished as an International Standard. It is normative — it can contain requirements.

A Technical Report contains information of a different kind altogether: survey data, an informative account, or the state of the art. It is informative and cannot contain requirements, and it is not a step towards anything. TS means not yet. TR means never intended to be.

What does ISO stage 60.60 mean?

60.60 means the document has been published and is current. ISO tracks every project through numbered stages: 10 proposal, 20 preparatory, 30 committee, 40 enquiry, 50 approval, 60 publication, 90 review and 95 withdrawal. The second number is the substage.

The codes are public and they are the fastest way to check whether a standard someone is citing actually exists yet. ISO/IEC 5259-1 was approved as a project on 31 July 2020, reached committee draft in August 2022, went to a twelve-week DIS ballot in June 2023, and hit 60.60 in July 2024 — four years, which is normal.

How does ISO 5259 relate to ISO 8183?

Directly and explicitly. ISO/IEC 5259-1 states that its data life cycle model is derived from ISO/IEC 8183, and Part 5 repeats the point. Part 3 then refines that same life cycle for data quality management purposes.

In other words, 8183 defines the stages that data pass through in an AI system, and 5259 describes how to manage quality across those stages. Reading 5259 without understanding 8183's life cycle is reading the second half of a sentence.

How does ISO 5259 relate to ISO 42001?

ISO/IEC 42001 is the certifiable AI management system standard, and its Annex A.7 covers data for AI systems. An auditor testing those controls is asking whether your data are managed, provenanced and fit for purpose — which is exactly what ISO/IEC 5259-3 sets out requirements for. 5259-3 lists 42001 in its bibliography.

The practical relationship: 42001 asks whether you manage data quality; 5259 is how you do it and evidence it.

What is the difference between BS EN ISO/IEC 5259 and BS ISO/IEC 5259?

The designation tells you the document's status. In the UK, BSI publishes Parts 1 to 4 as BS EN ISO/IEC 5259, meaning they were taken over as European Standards. Part 5 is published as BS ISO/IEC 5259-5 — a British Standard implementing the international text, without the European designation. Part 6 is published as a PD, a Published Document, because it is a Technical Report rather than a standard.

If an obligation in a contract or a regulatory framework is worded around European Standards, that distinction decides which parts of the series it actually reaches.

What is a data quality measure in ISO 5259?

Part 2 defines a data quality model as a set of data quality characteristics — categories such as accuracy, completeness or precision — and a data quality measure as a variable whose value is the result of measuring one of them. Measures are how you test whether data meet a requirement, and how you monitor and report quality over time.

The characteristic the series returns to most is representativeness, because training data that does not represent the production population produces a model that is confidently wrong about the groups it saw least of.

Does ISO 5259 apply to small organisations?

Yes. The requirements and recommendations in Part 3 are generic and apply to organisations of every type, size and sector, and Part 4 says the same. There is no SME carve-out and no risk tier to sit below. What varies is how much of the series you need, not whether it applies to you.

Who wrote ISO 5259?

ISO/IEC JTC 1/SC 42, the joint ISO and IEC subcommittee for artificial intelligence. Experts are nominated through their national standards bodies and serve in a personal and expert capacity; every participating country votes through its own mirror committee, which in the United Kingdom is BSI's ART/1.

Where can I buy ISO 5259?

From ISO, from the IEC, or from your national standards body — in the UK, BSI. Note that the parts are sold separately and the series is not cheap, which is precisely why knowing which parts you actually need is worth doing before you buy. This site does not reproduce any of them; they are copyrighted documents.

Next

Six documents will tell you what good data looks like.

They will not tell you which characteristics matter for your model, what an acceptable representativeness threshold is for your population, how to evidence any of it to a 42001 auditor, or which of the six parts you actually need to buy. That is judgement, and it is what these three do.