ISO/IEC 42001:2023 is the world's first certifiable AI management system standard, published 18 December 2023. It follows the Annex SL harmonised structure shared by ISO 9001 and ISO 27001, making integrated management systems practical.
ISO/IEC 42001 was developed jointly by ISO and IEC through Joint Technical Committee SC 42 on AI. It provides requirements for establishing, implementing, maintaining, and continually improving an AI Management System (AIMS) within an organisation.
It is part of an ISO/IEC family of AI standards including:
| Clause | Title |
|---|---|
| 1 | Scope |
| 2 | Normative references |
| 3 | Terms and definitions |
| 4 | Context of the organization |
| 5 | Leadership |
| 6 | Planning |
| 7 | Support |
| 8 | Operation |
| 9 | Performance evaluation |
| 10 | Improvement |
| Area | Sample Control |
|---|---|
| A.2 Policies | A.2.2 AI policy |
| A.3 Internal organization | A.3.2 AI roles and responsibilities |
| A.4 Resources | A.4.5 Data resources |
| A.5 Assessing AI system impacts | A.5.3 AI system impact assessment |
| A.6 AI system lifecycle | A.6.1 Requirements for AI systems |
| A.7 Data for AI | A.7.5 Data acquisition |
| A.8 Information for interested parties | A.8.2 Information for users of the AI system |
| A.9 AI system use | A.9.2 Intended use of the AI system |
| A.10 Third-party relationships | A.10.3 Suppliers |
Anthropic — Publicly committed to pursuing ISO 42001 certification in 2024 and has published its Responsible Scaling Policy aligned with Annex A controls.
KPMG, PwC, Deloitte, EY — All launched ISO 42001 readiness services in 2024.
BSI — Issued its first ISO 42001 certificates in 2024, including to Japanese SoftBank subsidiary.
Microsoft and Google Cloud — Rolling ISO 42001 into enterprise trust-and-compliance portfolios.
Adopting ISO 42001:
Q: Is ISO 42001 mandatory? No — it is voluntary, but increasingly demanded in enterprise procurement.
Q: How does it differ from NIST AI RMF? AI RMF is a risk-management framework; ISO 42001 is a management-system standard that can be certified.
Q: How long does certification take? Typically 6-12 months: 3-6 months to implement + 2-stage audit (Stage 1 documentation, Stage 2 operations).
Q: Who certifies? Accredited bodies including BSI, DNV, TUV SUD, Bureau Veritas, SGS, and TUV Rheinland.
Q: Does it help with the EU AI Act? Yes — it operationalises Articles 9, 10, 13, 14, 17, and 62.
Q: Is 42001 the same as ISO 42005? No — 42001 is the AIMS standard; 42005 is the AI impact assessment standard published in 2025.
Q: Cost? Implementation (staff time + consultants) USD 50K-500K depending on size; certification fees USD 10K-100K.
ISO/IEC 42001 is the fastest way to demonstrate responsible AI to customers, regulators, and investors — with a recognised certificate on the wall.
Reach ISO 42001 certification with Misar AI's readiness programme.
Free newsletter
Join thousands of creators and builders. One email a week — practical AI tips, platform updates, and curated reads.
No spam · Unsubscribe anytime
NIST AI Risk Management Framework 1.0 and the Generative AI Profile — the 2026 playbook for GOVERN, MAP, MEASURE, MANAGE…
A practical 2026 responsible AI framework for enterprises: governance, risk, compliance, and operations aligned with NIS…
Survive an IRS or HMRC audit with AI: organize records, draft responses, identify risk areas, and prepare clear document…
Comments
Sign in to join the conversation
No comments yet. Be the first to share your thoughts!