Microsoft recently released a draft of version 10 of their Data Protection Requirements (DPR) which now includes significant AI mandates in Section K. This update, aiming to address the increasing risks associated with AI integration in service delivery, introduces 18 new requirements for suppliers involved in AI systems. The new mandates cover administrative and technical controls, such as contractual terms, oversight responsibilities, incident response procedures, risk assessments, transparency disclosures, and accountability frameworks
Furthermore, Microsoft has integrated references to ISO 42001 certification in the new DPR version, indicating that suppliers delivering AI-related services must comply with ISO 42001 standards as an alternative to independent assessments specific to AI requirements. This move aligns with Microsoft's emphasis on trustworthy AI usage, with detailed mappings provided to help organizations understand how the AI requirements in Section K align with ISO 42001 standards. Suppliers must act swiftly to meet these new requirements to maintain their status with Microsoft and ensure compliance with the latest DPR version.https://cloudsecurityalliance.org/articles/an-overview-of-microsoft-dpr-its-new-ai-requirements-and-iso-42001-s-potential-role