Prof. Hernan Huwyler, MBA CPA

AI GRC Director & Professor

Driving Compliance, Risk & AI Governance for Multinationals

Cutting Incidents, 2x Faster Assessments, Boosting Risk ROI

Capgemini  |  IE Law School & University of Cambridge  |  Copenhagen Metropolitan Area

The Huwyler AI GRC Framework

I curate open-source datasets bridging Legal/Compliance requirements and AI Engineering execution. My resources translate 20+ ISO standards and the EU AI Act into actionable controls, risk scenarios, and implementation frameworks.

View All Datasets LinkedIn Profile Contact

Core Datasets

AI Threat Vectors

45+ adversarial and negligent threats mapped to MITRE ATLAS, OWASP LLM Top 10, and NIST AI 100-2.

Includes: Severity ratings, detection methods, mitigations, real-world examples, CVE references.

View Dataset →

AI Loss Taxonomy

32 financial loss categories quantified from $10K to $500M+ across Compliance, Technical, Operational, and Revenue domains.

Includes: Loss ranges, accounting treatment, insurance coverage, regulatory frameworks.

View Dataset →

AI Quality Objectives (ISO/IEC 25059)

47 quality characteristics with implementation guidance covering functional suitability, performance, security, reliability, and robustness.

Includes: Validation methods, metrics, testing approaches, maturity levels.

View Dataset →

AI Risk Scenarios

100 common risk scenarios with controls mapped to ISO 42001, ISO 42005, and COBIT 2019.

Includes: Priority ratings, detection methods, prevention measures, monitoring KPIs.

View Dataset →

Comprehensive Standards Framework

All datasets are mapped to a complete ISO AI standards stack plus major regulatory frameworks:

GOVERNANCE LEVEL (Strategic Direction & Principles)
ISO/IEC 38507:2022 – Governance of IT: AI Implications
Foundation for AI governance at board/executive level ensuring effective, efficient, and acceptable use of AI.
ISO/IEC 22989:2022 – AI Concepts and Terminology
Universal language for AI governance communication across stakeholders.
ISO/IEC 23053:2022 – Framework for AI Systems Using Machine Learning
Technical architecture reference model describing ML-based AI system components.
ISO/IEC 24368:2022 – AI Ethical and Societal Concerns
Ethical principles: transparency, fairness, accountability, privacy, human oversight.
PROCESS LEVEL (Implementation & Operations)
ISO/IEC 5338:2023 – AI System Lifecycle Processes
End-to-end lifecycle management from inception to disposal.
ISO/IEC 23894:2023 – Guidance on AI Risk Management
Practical risk management implementation tailored to AI-specific challenges.
ISO/IEC 42001:2023 – AI Management System (AIMS)
Gold standard: Certifiable management system with 39 control objectives across 11 domains.
ISO/IEC 5339:2024 – Guidance for AI System Deployment and Use
Stakeholder engagement throughout AI development and deployment.
ISO/IEC 42005:2025 – AI System Impact Assessment
Structured methodology for human rights, ethical, societal, environmental, and economic impact assessments.
ISO/IEC 42006:2025 – Conformity Assessment for AI Systems
Requirements for third-party auditors and certification bodies.
ISO/IEC 24028:2020 – AI Trustworthiness Overview
Holistic framework: transparency, explainability, robustness, safety, accountability.
ISO/IEC 25059:2023 – Quality Model for AI Systems
47 quality characteristics across 9 domains (functional suitability, performance, security, etc.).
ISO/IEC 25028:2024 – Quality Evaluation for AI Systems
Quality evaluation methods and metrics.
ISO/IEC/IEEE 29119-11:2020 – AI Testing
Comprehensive AI testing guidelines covering test planning, design, execution, and reporting.
ISO/IEC 12791:2024 – Bias Treatment
Actionable methods for identifying and mitigating unwanted bias in ML classification and regression.
ISO/IEC 12792:2025 – Transparency Taxonomy (Draft)
Structured approach to AI transparency requirements.
ISO/IEC 5259:2024 – Data Quality for Analytics and ML
Comprehensive data quality framework (4 Parts): terminology, measures, management, process framework.
ISO/IEC 27090 (Draft) – Security Threats and Failures in AI Systems
AI-specific cybersecurity: adversarial attacks, data poisoning, model extraction.
SECTOR LEVEL (Domain-Specific)
ISO/PAS 21434:2021 – Road Vehicles: Cybersecurity Engineering
Automotive AI security for ADAS and autonomous driving.
SUPPORT LEVEL (Foundational)
ISO 31000:2018 – Risk Management
Universal risk management foundation principles and guidelines.
ISO/IEC 27001:2022 – Information Security Management
Certifiable information security management system (114 controls).
ISO/IEC 27701:2019 – Privacy Extension
Privacy extension for GDPR compliance.
ISO/IEC 27036-1:2021 – Cybersecurity in Supplier Relationships
Third-party and supply chain security protocols.
EMERGING STANDARDS
ISO/IEC 24970:2026 (Draft) – AI System Logging
Logging requirements for auditability, explainability, and regulatory compliance.

Regulatory Framework Coverage

About Prof. Hernan Huwyler

AI GRC Director & Professor specializing in AI governance, risk management, and regulatory compliance for multinational enterprises.

Current Positions

Credentials

Proven Impact

Contact & Collaboration

Open for collaboration on Enterprise Implementations, Academic Research, Training, and Speaking Engagements.

Explore Datasets Connect on LinkedIn

License: All datasets released under MIT and CC-BY-4.0 | Citation: Required attribution to Prof. Hernan Huwyler

Last Updated: November 2025