ISO/IEC 42001 explained
ISO/IEC 42001 is the international standard for an Artificial Intelligence Management System (AIMS). Published in 2023, it gives organizations a certifiable framework to govern AI responsibly — covering risk assessment, controls, roles, and continual improvement — much like ISO 27001 does for information security.
Overview
ISO/IEC 42001 is the world's first AI management system standard. It specifies requirements for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS).
What it covers
- AI policy and objectives
- Roles, responsibilities and governance
- AI risk assessment and treatment
- Controls across the AI lifecycle (Annex A)
- Performance evaluation and continual improvement
Why it matters
Because it is certifiable, ISO/IEC 42001 lets organizations demonstrate responsible AI governance to customers, regulators and partners. It follows the same high-level structure as ISO 27001, so teams with an existing management system can extend it to AI.
Relationship to the EU AI Act
ISO 42001 is voluntary, but adopting it builds much of the operational evidence the EU AI Act requires for high-risk systems.
Want to know where you stand against this framework?
Start an AI governance gap analysis →