This is the public page of the Artificial Intelligence Framework (MPAI-AIF) standard.

MPAI-AIF  specifies an infrastructure enabling implementations of MPAI Application Standards to execute in a secure environment and to access the MPAI Store.

MPAI-AIF Version 1 – Version 2

Version 1: Figure 1 depicts the MPAI-AIF Reference Model where an AIF Implementation executes AI Workflows (AIW), composed of basic processing elements called AI Modules (AIM).

Figure 1 – Reference Model of MPAI-AIF V1

MPAI Application Standards normatively specify Syntax and Semantics of the input and output data and the Function of the AIW and the AIMs, and the Connections between and among the AIMs of an AIW.

In particular, an AIM is defined by its Function and data, but not by its internal architecture, which may be based on AI or data processing, and implemented in software, hardware or hybrid software and hardware technologies.

The MPAI AI Framework (MPAI-AIF) Technical Specification specifies architecture, interfaces, protocols and Application Programming Interfaces (API) of an AI Framework (AIF), especially designed for execution of AI-based implementations, but also suitable for mixed AI and traditional data processing workflows.

MPAI-AIF possesses the following main features:

  • Independence from the Operating System.
  • Component-based modular architecture with standard interfaces.
  • Interfaces encapsulate Components to abstract them from the development environment.
  • Interface with the MPAI Store enables access to validated Components.
  • Component can be Implemented as:
    • Software only, from MCUs to HPC.
    • Hardware only.
    • Hybrid hardware-software.
  • The features of Component system are:
    • Execution in local and distributed Zero-Trust architectures.
    • Possibility to interact with other Implementations operating in proximity.
    • Direct support to Machine Learning functionalities.

The MPAI-MMC Technical Specification has been developed by the MMC Development Committee (AIF-DC) chaired by Andrea Basso (Synesthesia).The MPAI-AIF Technical Specification and a Reference Software implementation are available for download.

MPAI-AIF Version 1 – Version 2

Version 2: AIF V1 assumes that the whole AI Framework runs in a Trusted Zone without specifying any trusted service that an implementer should follow.

AIF-V2 intends to identify specific trusted services to support the implementation of a Trusted Zone meeting a set of functional requirements by enabling AIF Components to access trusted services via APIs as defined in Table 1, such as:

  1. Encryption Service.
  2. Attestation Service.
  3. Trusted Communication Service.
  4. Trusted AIM Model Services
  5. Trusted AIM Storage Service
  6. AIM Security Engine.

Figure 2 represents the Reference Model of MPAI-AIF V2.

Figure 2 – Reference Model of MPAI-AIF V2

The MPAI-AIF V2 standard extends the functionalities specified in the MPAI-AIF V1 standard. Specifically, to enable the following functionalities, the following is required:

  1. The AIF Components shall access high-level implementation-independent Trusted Services API to handle:
    1. Encryption Service.
    2. Attestation Service.
    3. Trusted Communication Service.
    4. Trusted AIM Storage Service including the following functionalities:
      1. Initialisation (secure and non-secure flash and RAM)
      2. Read/Write.
      3. De-initialisation.
    5. Trusted AIM Model Services including the following functionalities:
        1. Secure and non-secure Model Storage.
        2. Model Update.
        3. Model Validation.
    6. AIM Security Engine including the following functionalities:
          1. Model Encryption.
          2. Model Signature.
          3. Model Watermarking.
  1. The AIF Components shall be easily integrated with the above Services.
  2. The AIF Trusted Services shall be able to use hardware and OS security features already existing in the hardware and software of the environment in which the AIF is implemented.
  3. Application developers shall be able to select the application’s security either or both by:
    1. Level of security that includes a defined set of security features for each level.
    2. Developer-defined security, i.e., a level that includes a developer-defined set of security features.
  4. The specification of the AIF V2 Metadata shall be an extension of the AIF V1 Metadata supporting security with either or both standardised and developer-defined levels.

Read MPAI-AIF V2 Use Cases and Functional Requirements WD1.3

MPAI will hold an event to present and discuss the document (11 July 2022).


If you wish to participate in this work you have the following options

  1. Join MPAI
  2. Actively participate in the reference software implementation by sending an email to the MPAI Secretariat.
  3. Keep an eye on this page.

Return to the MPAI-AIF page.