Compliance & Regulatory
ISO/IEC 42001
The international standard for establishing an AI management system within an organization.
ISO/IEC 42001:2023 is the first international standard specifically for artificial intelligence management systems (AIMS). Published in December 2023, it provides a framework for organizations that develop, provide, or use AI systems to manage associated risks and opportunities responsibly.
Key requirements include:
- Establishing an AI management system with defined scope, policies, and objectives
- Conducting AI impact assessments for systems in use or under development
- Implementing lifecycle controls (from design through deployment and retirement)
- Managing AI supply chain risks (third-party models, data providers, infrastructure)
- Maintaining documentation for internal audit and external certification
- Continuous improvement of AI management practices
ISO 42001 is certifiable — organizations can undergo third-party audits to demonstrate compliance, similar to ISO 27001 for information security.
Why it matters
ISO 42001 certification is becoming a procurement requirement for AI vendors. For enterprises using AI tools, implementing ISO 42001 demonstrates a systematic approach to AI management that satisfies auditors, regulators, and enterprise customers.