INDUSTRIES

The same regulation. Different conversations.

ISO/IEC 42001 applies to a bank, a hospital, a SaaS vendor, and a public administration. The regulatory overlays, the evidence standard, and the controls that matter are specific to each. Zertia's methodology is built around that distinction.

AI governance certification is a relatively new discipline. Most frameworks apply a consistent methodology across sectors, which makes sense as a starting point. The challenge is that regulatory obligations in financial services, healthcare, the public sector, and AI product companies diverge significantly, and the evidence standard each of those contexts requires is different.

A foundation model vendor carries provider obligations under the EU AI Act that a deploying bank does not. That bank answers to supervisors applying model risk frameworks that predate AI by a decade. A consultancy advising both operates under independence constraints that create a structural governance problem. A public administration buying any of them carries constitutional obligations no private deployer faces.

ISO/IEC 42001 is the governance architecture for all of them. The standard is the same. The scope, the regulatory overlays, and the evidence standard that buyers and supervisors require are specific to each sector.

Zertia's audit scope reflects the regulatory obligations specific to your industry, the risk profile of your AI deployments, and the standard your regulators and customers will apply. The accreditation is the same across sectors. The methodology behind it is not.

Advisory Services

Big 4 firms, GRC consultancies, AI strategy boutiques, law firms with technology practices. The firms that shape how others govern AI are deploying AI internally faster…

Learn more

Aerospace & Defense

Commercial aviation, defense primes, dual-use technology companies, MRO operators, and space systems. Aerospace and defense sits at the intersection of AI Act civil obligations, dual-use compliance,…

Learn more

AI, SaaS & Software

Foundation model labs, AI-native vendors, vertical SaaS with AI embedded, agentic product companies. If your product is AI, or AI is the layer that makes your…

Learn more

Education

Universities, business schools, research institutions, and public education systems. Education sits at the intersection of constitutional obligations, protection of minors, and accelerating AI deployment. The governance…

Learn more

Financial Services

Retail and corporate banking, insurance, asset management, fintech, payments. Financial services operates under the most mature regulatory framework of any industry, and yet none of those…

Learn more

Industrials

Manufacturing, energy, utilities, transport, chemicals, supply chain. Industrial AI sits where critical infrastructure, operational technology, and machine learning converge. The risk surface covers safety, continuity, and…

Learn more

Media & Telecom

Broadcasters, publishers, streaming platforms, telecommunications operators, content distributors. Media and telecom companies operate at the intersection of the AI Act, the Digital Services Act, the Digital…

Learn more

Public Sector

Central administrations, regional governments, agencies, and public-sector buyers. Public institutions are technically deployers under the EU AI Act, but operate under constitutional and democratic obligations no…

Learn more

Retail & E-commerce

Retailers, e-commerce platforms, marketplaces, direct-to-consumer brands. Digital commerce operates simultaneously under the AI Act, the Digital Services Act, and the Digital Markets Act, with autonomous AI…

Learn more

Why sector specificity matters for certification

ISO/IEC 42001 specifies the management system. How that system maps onto each industry's regulatory obligations is where the audit work actually lives.

The certificate is the same. The path to it, and the evidence it produces, reflects the sector it was built for.

FREQUENTLY ASKED QUESTIONS

Frequently asked questions

Does ISO/IEC 42001 certification cover EU AI Act compliance?

ISO/IEC 42001 certification addresses the organizational AI management system obligations that align with EU AI Act deployer requirements under Article 26. It does not substitute for EU AI Act conformity assessment for high-risk AI systems under Annex III, which is a separate process. Zertia provides both, independently or combined, depending on your obligations.

Is Zertia accredited to certify under ISO/IEC 42001?

Yes. Zertia is accredited by ANAB (ANSI National Accreditation Board) for ISO/IEC 42001 certification. ANAB is a globally recognized accreditation body. Zertia is also the European authorized auditor for AIUC-1, the certification standard for agentic AI systems.

Which industries does Zertia certify?

Zertia certifies organizations across ten industry verticals: Advisory Services, Aerospace and Defense, AI SaaS and Software, Education, Financial Services, Healthcare and Life Sciences, Industrials, Media and Telecom, Public Sector, and Retail and E-commerce. Each has a dedicated methodology reflecting its specific regulatory obligations and risk profile.

What is the difference between a Readiness Audit and ISO/IEC 42001 Certification?

A Readiness Audit is a fixed-fee diagnostic: it assesses your current AI governance posture against ISO/IEC 42001, identifies gaps, and produces a remediation plan and certification timeline. ISO/IEC 42001 Certification is the formal three-year audit cycle that produces the accredited certificate. Organizations that complete a Readiness Audit with Zertia proceed to certification with an independent auditor to avoid conflicts of interest.

Does the EU AI Act apply to my organization?

The EU AI Act applies to any organization that places an AI system on the EU market or puts it into service in the EU, regardless of where the organization is based. Deployers (organizations using AI in a professional context) are subject to Article 26 obligations. Providers (organizations developing AI systems) carry heavier obligations under Article 16. The specific obligations depend on the risk classification of the AI systems involved.

What is AIUC-1?

AIUC-1 is the certification standard for autonomous and agentic AI systems: AI that takes actions and executes tasks independently rather than generating outputs for human review. Zertia is the European authorized auditor for AIUC-1. It addresses the specific risk profile of agentic systems, which falls outside the scope of ISO/IEC 42001.

How long does ISO/IEC 42001 certification take?

Timeline depends on your organization's size, AI footprint, and existing governance maturity. The Readiness Audit establishes the gap and the realistic timeline to certification readiness. The formal audit cycle (Stage 1 and Stage 2) follows. We scope the timeline in the Readiness Audit.

ANAB-accredited · UKAS in process · ENAC in process · AIUC-1 European authorized auditor · EU AI Pact signatory

Independent, accredited AI certification. Recognized by regulators, investors, and the organizations that buy from you.

Not sure where to start? Talk to us. 30 minutes, no commercial pressure.