What is ISO 42001?
ISO/IEC 42001 is the first international standard for governing AI. If your organisation builds or uses AI, it is the framework to know.
ISO/IEC 42001:2023 is the first international standard for an Artificial Intelligence Management System (AIMS). It does for AI what ISO 27001 does for information security: it gives organisations a certifiable, risk-based way to govern how AI is developed, deployed, and used responsibly.
As AI moves into core products and workflows, customers, regulators, and boards increasingly ask how it is governed. ISO 42001 is becoming the answer, and this guide covers what it involves.
- ISO 42001 is a certifiable management-system standard for AI, launched in 2023.
- It is risk-based and lifecycle-focused, covering how AI is built, bought, and used.
- It complements ISO 27001 and maps well to the NIST AI RMF and the EU AI Act.
- It signals to customers and regulators that your AI use is governed, not ad hoc.
What an AIMS covers
An AI Management System is the set of policies, roles, and controls for governing AI across its lifecycle. ISO 42001 expects you to define scope and objectives, assess AI-specific risks and impacts, put controls in place to treat them, and continually improve, with leadership accountability throughout.
AI-specific concerns it addresses
Beyond general security, ISO 42001 targets risks that are unique to AI:
- Data quality, provenance, and bias in training and inputs.
- Transparency and explainability of AI decisions.
- Impact assessments for people affected by AI systems.
- Human oversight and accountability for AI outcomes.
- Governance of third-party and foundation models you consume.
How it fits with what you already do
ISO 42001 is designed to sit alongside ISO 27001 and reuse its management-system structure, so an organisation already certified for information security has a head start. It also aligns with the NIST AI RMF and supports readiness for the EU AI Act, letting one governance programme serve several obligations.
Frequently asked questions
Govern your AI with confidence
Start by seeing how AI is used across your organisation, then govern it against a framework.
Talk to us