November 2025: New Standards Advance Transparency and Security in IT

The Information Technology sector continues its rapid evolution with the publication of five significant international standards in November 2025. These new documents address AI system transparency, specialized IT security personnel competencies, the expanding architecture underpinning the Internet of Media Things (IoMT), and foundational ergonomic improvements in keyboard design for diverse applications. Collectively, these standards are poised to influence not only regulatory compliance but also product design, testing, and organizational workflows across the globe.

Overview / Introduction

The Information Technology landscape is both an engine of innovation and a nexus for risk—especially as artificial intelligence (AI), cybersecurity, digital media, and user equipment converge. International standards play a critical role in this arena, ensuring that systems are secure, transparent, and interoperable. This November, five new standards have been released, advancing the industry's approach to AI transparency, competency for security assessment professionals, architecture for interconnected media devices, and usability in keyboard layout.

In this article, you'll learn:

• The key requirements and implications of each new standard
• Which industries and professionals must comply or benefit
• How these updates facilitate better compliance, risk management, and operational efficiency
• Where to access the latest standards directly via iTeh Standards

Detailed Standards Coverage

EN ISO/IEC 12792:2025 - AI Transparency Taxonomy for Modern Systems

Information technology - Artificial intelligence (AI) - Transparency taxonomy of AI systems (ISO/IEC 12792:2025)

This landmark standard introduces a taxonomy of information elements tailored to the needs of all AI stakeholders: developers, integrators, users, and regulators. EN ISO/IEC 12792:2025 provides a structured vocabulary and semantic framework that enables organizations to identify, communicate, and address transparency requirements throughout the lifecycle of AI systems.

Scope & Requirements:

• Offers comprehensive taxonomies at the context, system, and model levels
• Defines stakeholder roles and transparency objectives (societal, environmental, operational)
• Outlines information elements such as data provenance, system decompositions, intended use, and governance requirements
• Recommends transparency disclosures constrained by regulatory and competitive needs

Target Audience:

• Any organization developing, deploying, or managing AI systems—across finance, healthcare, manufacturing, public sector, and more

Practical Implications:

• Promotes trust, accountability, and explainability in AI deployments
• Facilitates risk management and auditability by making transparency requirements explicit
• Supports regulatory reporting and internal governance

Notable Changes:

• First edition; establishes taxonomy for broad, evolving AI transparency targets

Key highlights:

• Comprehensive taxonomy clarifies what and how to disclose
• Aligns with global governance and ethical AI frameworks
• Enables cross-stakeholder communication and compliance

Access the full standard:View EN ISO/IEC 12792:2025 on iTeh Standards

ISO/IEC 19896-1:2025 - Competence Overview for IT Security Assessment Personnel

Information security, cybersecurity and privacy protection - Requirements for the competence of IT security conformance assessment body personnel - Part 1: Overview and concepts

This standard forms the foundation for a series defining the required knowledge, skills, and conceptual understanding for personnel engaged in IT security conformance assessment. ISO/IEC 19896-1:2025 articulates the framework that underpins competence, ensuring professionals involved in security testing and evaluation meet consistent, transparent criteria.

Scope & Requirements:

• Defines terminology, concepts, and relationships for personnel competence in IT security evaluation
• Specifies the role of conformance-testers, evaluators, validators, and reviewers
• Details competence elements: knowledge, skills, and their application in IT security contexts
• Outlines levels of competency and methods for measurement and record-keeping

Who Needs to Comply:

• Testing and evaluation bodies working under ISO/IEC 17025, 17065, or similar schemes
• Accreditation bodies, evaluators, validators, reviewers, and organizations seeking IT product certification

Practical Implications:

• Provides a harmonized framework for hiring, developing, and managing IT security professionals
• Reduces interpretation gaps between organizations and certification schemes
• Supports audit readiness, regulatory acceptance, and mutual recognition

Notable Changes:

• Updated terms and restructured content over previous editions
• Now includes competence requirements for validators and reviewers

Key highlights:

• Shared understanding of essential competence concepts
• Structures personnel development and certification
• Facilitates global comparability for IT security assessment

Access the full standard:View ISO/IEC 19896-1:2025 on iTeh Standards

ISO/IEC 19896-3:2025 - Specialized Skills for Evaluators and Reviewers under Common Criteria

Information security, cybersecurity and privacy protection - Requirements for the competence of IT security conformance assessment body personnel - Part 3: Knowledge and skills requirements for evaluators and reviewers according to the ISO/IEC 15408 series and ISO/IEC 18045

Focusing on advanced, role-specific requirements, this standard sets out knowledge and skills benchmarks for those performing IT product security evaluations and reviews using the ISO/IEC 15408 series (Common Criteria) and ISO/IEC 18045 methodologies. It enables organizations to identify and train competent evaluators and reviewers for complex security certification projects.

Scope & Requirements:

• Defines knowledge areas: information security principles, assurance paradigms, evaluation methodologies, and relevant technologies
• Details skills for evaluation planning, core security testing, and reviewing technical evidence
• Applies to evaluators in ISO/IEC 17025 bodies and reviewers in ISO/IEC 17065 bodies
• Includes technology-specific competence requirements (hardware, software, cryptographic modules, etc.)

Target Audience:

• Laboratories, certification bodies, and organizations involved in Common Criteria security assessment
• Testing laboratory personnel, scheme managers, and professional credentialing bodies

Practical Implications:

• Elevates assurance and repeatability of IT security assessments
• Streamlines personnel qualification and scheme certification
• Supports mutual recognition between international evaluation authorities

Notable Changes:

• Expanded content to include both evaluators and reviewers; updated to reflect current Common Criteria practices

Key highlights:

• Detailed mapping of required knowledge and skills for advanced assurance roles
• Consistency in global certification processes
• Supports quality improvement for security testing personnel

Access the full standard:View ISO/IEC 19896-3:2025 on iTeh Standards

ISO/IEC 23093-1:2025 - Architecture for the Internet of Media Things

Information technology - Internet of media things - Part 1: Architecture

As smart devices proliferate in multimedia, surveillance, smart homes, and industrial automation, ISO/IEC 23093-1:2025 defines the architecture of the Internet of Media Things. This framework covers a wide spectrum of devices—cameras, microphones, displays, sensors—and their interaction within connected networks. The standard is critical for product designers, integrators, and organizations building large-scale, interoperable audio-video IoT systems.

Scope & Requirements:

• Specifies the system architecture for IoMT, including entities and interactions
• Details API requirements for device discovery, data exchange, and real-time processing
• Provides a suite of use cases: smart cities, smart agriculture, healthcare, digital signage, and media-rich metaverse environments
• Addresses interoperability, security, and extension to new applications

Who Benefits:

• Consumer electronics, industrial automation, smart cities, media production, and healthcare tech vendors
• System integrators, architects, and procurement specialists

Implementation Impact:

• Enables innovation and rapid deployment of interoperable media IoT devices
• Facilitates robust data management and device orchestration
• Encourages the creation of advanced, media-aware smart environments

Notable Changes:

• Added smart city/factory/agriculture/health/metaverse scenarios; supplementary diagrams improve usability for engineers

Key highlights:

• Unified IoMT architecture for scalable integration
• Comprehensive, real-world deployment guidance
• Supports extension to emerging smart media applications

Access the full standard:View ISO/IEC 23093-1:2025 on iTeh Standards

ISO/IEC 9995-4:2025 - Numeric Section of Keyboard Layouts

Information technology - Keyboard layouts for text and office systems - Part 4: Numeric section

A new revision of this fundamental standard addresses the numeric section layout for keyboards used in office, banking, POS, telematic, and industrial systems. ISO/IEC 9995-4:2025 provides ergonomic specifications and key function assignments essential for design and interoperability among a range of devices, from workstations to PIN pads and CNC controllers.

Scope & Requirements:

• Details arrangement, number, and placement of keys in the numeric (ZN0) and function (ZN1) zones
• Defines functional allocation for each key, including "1-2-3" and "7-8-9" layouts
• Specifies usage contexts: office use, data entry, banking, telematics, telecommunications, industrial machinery, home systems, and more
• References alignment with ITU-T standards for telephony

Who Needs to Comply:

• Keyboard and device manufacturers, system integrators, retail banking solution providers, office equipment procurement teams

Practical Implications:

• Ensures device interoperability and user familiarity
• Facilitates faster, error-resistant data entry
• Supports accessibility for specialized and general applications

Notable Changes:

• Major layout revision to reflect the latest ergonomic and technological practices

Key highlights:

• Updated numeric section design for broad application
• Improved usability and international harmonization
• Direct support for emerging devices and legacy systems

Access the full standard:View ISO/IEC 9995-4:2025 on iTeh Standards

Industry Impact & Compliance

Adopting these standards is not just a matter of compliance—it’s a competitive advantage. For businesses, these requirements translate into:

• Improved product quality and user trust: Transparency taxonomies for AI and robust evaluation frameworks support safer, more effective technologies
• Regulatory agility and reduced risk: Early conformance with internationally recognized standards simplifies audits, regulatory filings, and cross-border operations
• Operational consistency: Clearly defined architectures and personnel competencies ensure smooth system integration and consistent, high-quality assessment results
• Implementation timelines: Most of these standards become effective upon publication, but harmonization with national frameworks may specify additional local transition periods
• Risks of non-compliance: Potential for failed certifications, loss of market access, increased incident exposure, and reputational harm

Technical Insights

Despite spanning a variety of IT sub-fields, these standards share core technical themes:

• Structured documentation and taxonomy: From AI to user interfaces, each standard emphasizes structured documentation, taxonomy, and clear definitions as foundations for interoperability and communication
• Competency and qualification: Emerging focus on demonstrable skills for IT security, with pathways for training and professional development
• Data and function harmonization: Whether in the composition of AI transparency elements, keyboard layouts, or media device APIs, harmonization underpins compatibility and efficiency
• Testing and certification best practices:
  1. Develop internal guidelines and training plans mapped to new requirements
  2. Leverage cross-functional review teams for updated procedures
  3. Employ checklists and audit trails to streamline certification
  4. Engage with accredited testing bodies early and incorporate pre-certification reviews

Conclusion / Next Steps

November 2025’s new standards in Information Technology mark a leap forward for transparency, accountability, and usability. Organizations seeking leadership roles—or simply sustained market participation—should prioritize reviewing and adopting these standards promptly. Action steps should include:

• Assessing existing processes and training for gaps against new requirements
• Engaging with quality, compliance, and technical teams to develop project plans for adaptation
• Visiting iTeh Standards to access the latest documents and related implementation resources

Staying ahead means not just meeting, but exceeding compliance baselines—ensuring your organization is resilient, innovative, and trusted in today’s dynamic IT environment.