SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Codema launches AI committees for continuous assurance

Codema launches AI committees for continuous assurance

Tue, 14th Jul 2026 (Yesterday)
Joseph Gabriel Lagonsin
JOSEPH GABRIEL LAGONSIN News Editor

Codema has launched two Technical Committees to develop a continuous assessment framework for artificial intelligence, which it describes as the first model of its kind.

The new groups, TC23 and TC24, will develop methods for assessing AI systems on an ongoing basis rather than through occasional audits. The framework is designed to embed controls in AI systems and business processes so organisations can collect evidence on performance, governance and compliance throughout an AI system's lifecycle.

The move comes as companies face growing pressure to prove their AI tools are reliable, transparent and compliant with regulation. Codema cited McKinsey's AI Trust Maturity Survey 2026, which found that only 30% of organisations have reached advanced levels of AI governance, strategy and control maturity.

Committee focus

TC23 will focus on methods for assessing AI system performance, reliability, traceability and anomaly monitoring. TC24 will examine the use of AI in business processes, including human oversight, exception management, evidence collection and process verification.

Together, the committees aim to produce a methodology that can be used across industries where AI systems are playing a growing role in decision-making and operations. Codema identified financial services, insurance, healthcare, pharmaceuticals, life sciences, public services, critical digital infrastructure, cybersecurity, legal and compliance services, human resources and industrial processes as key sectors.

Based in Switzerland, Codema describes itself as an independent technical body that develops standards and ratings models for technology, processes and complex systems. Founded in 2017 in the pharmaceutical sector, it has since expanded into artificial intelligence, distributed ledger technology, digital infrastructure, sustainability and life sciences.

Audit model

At the centre of the initiative is an approach Codema calls "Audit as a Layer". Under this model, audits would shift from point-in-time checks to continuous review, with evidence captured directly from systems and processes as they operate.

The structure is intended to give auditors, regulators and other stakeholders a clearer view of how AI systems function over time. It aims to reduce reliance on declarations by turning technical and governance requirements into documented controls, evidence fields and rating thresholds.

Codema says its methods are based on an open process involving businesses, auditors, certification bodies, academics and technology specialists. Through what it calls "stakeholderisation", these groups help define assessment criteria, control matrices and audit protocols that can be adopted more widely.

The model has already been used in other technical areas. Codema cited RP2120/1, a protocol for real-world asset tokenisation, as an example of how it turns a technical subject into an auditable matrix with set requirements, controls, expected evidence and verification methods.

Each rating protocol is designed so neither the applicant nor the auditor has to create a bespoke assessment method from scratch. Instead, it defines the object of the assessment, the controls to be performed, the evidence required, the verification methods and the procedure for recording the outcome.

Governance gap

The launch reflects a broader issue in corporate AI use: adoption is advancing faster than internal oversight. As AI systems become more autonomous and are used in more sensitive functions, companies face tougher questions from regulators, boards and customers about accountability and control.

In sectors such as banking, healthcare and public services, the issue is especially acute because AI outputs can affect rights, safety, operational continuity and regulatory exposure. In these cases, the ability to provide third-party verification and traceable evidence may become as important as the system's technical performance.

Andrea Sacchi, Executive Director of Codema, said the committees were created to help close that gap.

"Artificial intelligence is becoming embedded in business-critical decision-making at unprecedented speed, but governance frameworks are struggling to keep pace. The challenge today is not simply deploying AI, but demonstrating that it operates safely, transparently and in compliance with regulatory and stakeholder expectations. With TC23 and TC24, we are developing a shared methodology that translates principles such as transparency, human oversight and risk management into measurable, verifiable criteria. Trust in AI cannot be based on declarations alone; it must be built on objective evidence and continuous assurance," Sacchi said.