2025-09-30 –, Gaston Berger
While everyone is talking about the m(e/a)ss of bureaucracy, we want to show you hands-on what you could need to be doing to operate an ML service. We will give an overview of things like ISO-27001 certifications, Cyber Resilience Act or AIBOMs. We want to highlight their impact/intention and give advice on how integrate them into your development workflow.
This talk is written from a practiconer's perspective and will help you set up your project to make your compliance department happy. It isn't meant as a deep-dive into the individual standards.
There is a lot of talk nowadays about the increase in bureaucracy. It seems often though that the people making up the standards, those ensuthe compliance in companies and thd actual developer live in different worlds. To overcome this gap, we want to show the intentions of the different instances of "bureaucracy" and what you should know about them. With this knowledge, we want to have a look at a simple AI/ML service and what you can do to make sure that your favorite tools fulfill the requests that come from these acts or departments. While there is a wide variety of commercial tools available, we will focus on using open-source tooling in this talk.
As the number of certifications and acts is very large, we will give a brief overview of a selection but won't go into detail of any. This is talk is aimed at showing the software side of compliance. While it has the focus on an ML service, it will not go into modelling specifics.
Uwe Korn is a CTO at the data science company QuantCo. His expertise is in building scalable architectures for machine learning services and the teams & culture around them. Nowadays, he focuses on the data engineering infrastructure that is needed to provide the building blocks to bring machine learning models into production. As part of his work to provide an efficient data interchange, he became a core committer to the Apache Parquet, Apache Arrow and conda-forge projects.