ISO/IEC 42001
Executive summary
ISO/IEC 42001 is widely described as “the world’s first AI management system standard.” The description is correct but operationally thin. The substantive question is not whether it is the first; it is what kind of instrument it actually is and why it has become the global structural reference point for AI governance within 24 months of publication.
The dominant narrative says ISO/IEC 42001 helps organizations manage AI responsibly. That framing is incomplete. The standard does not prescribe how to build AI safely. It does not contain technical specifications for fairness measurement, robustness testing, or content provenance. It does not tell engineers what to do. What it does is something more structural: it specifies the management system that an organization must operate to govern AI systematically, certifiably, and consistently with how organizations are already governed for quality (ISO 9001), security (ISO/IEC 27001), privacy (ISO/IEC 27701), and continuity (ISO 22301).
This distinction matters because it determines how the standard affects organizational design. A company can adopt the NIST AI RMF without changing its organizational structure; the framework slots into existing risk management practices. A company that pursues ISO/IEC 42001 certification cannot. The standard requires defined leadership accountability, documented policy, a Statement of Applicability, internal audit programs, management review cycles, and a continuous improvement loop — all of which must be auditable artifacts before a certification body will issue a certificate. The standard creates organizational structure, not just governance content.
ISO/IEC 42001 is built on the Harmonized Structure (formerly Annex SL) that ISO uses for all modern management system standards. Ten clauses define what the management system must do: context (clause 4), leadership (clause 5), planning (clause 6), support (clause 7), operation (clause 8), performance evaluation (clause 9), and improvement (clause 10). Within this architecture, the AI-specific content appears in two places: in the operational requirements of clauses 6 through 8, which reference AI risk and impact assessment, and in Annex A, which provides 38 reference controls organized into 9 control objectives that an organization selects based on its AI risk profile.
The structural choice to use the Harmonized Structure is not cosmetic. It allows ISO/IEC 42001 to integrate seamlessly with ISO/IEC 27001, ISO 9001, and ISO 22301. An organization that already operates an information security management system can extend it to cover AI risks rather than building a parallel program. Annex D of the standard explicitly addresses this integration. The practical effect is that ISO/IEC 42001 has been adopted at speed by organizations with mature management systems — cloud providers, financial institutions, healthcare networks — because the architectural cost of adoption is marginal compared to building from scratch.
The other operative property of ISO/IEC 42001 is its certifiability. Unlike the NIST AI RMF, which produces attestation reports of varying rigor, ISO/IEC 42001 follows the ISO certification model: a two-stage audit by a certification body accredited under ISO/IEC 17021-1 produces a certificate valid for three years, with annual surveillance audits and a recertification audit at year three. The certificate is recognized internationally because the accreditation bodies that authorize certification bodies operate under the IAF Multilateral Recognition Arrangement. This produces a single global market for AI management system certificates that does not exist for any other AI governance instrument.
What ISO/IEC 42001 actually does, then, is not “manage AI responsibly” in the abstract. It establishes the certifiable management system architecture that organizations need to operationalize AI risk management at scale, demonstrate due care to regulators and counterparties, and integrate AI governance with the rest of the organization’s governance. That structural role is why the standard has become the operational backbone of EU AI Act preparation, NIST AI RMF implementation, and procurement-driven AI assurance simultaneously.
Who can be certified? ISO/IEC 42001 applies to any organization that develops, provides, or uses AI systems, regardless of size, sector, or jurisdiction. Clause 4.3 of the standard requires the organization to determine the scope of the AI management system — which AI systems, business units, geographies, and processes are included. The scope can be narrow (a single product line) or organization-wide. Certification covers what is in scope; what is excluded is excluded explicitly and justified.
The standard addresses three primary roles: AI providers (organizations that develop and supply AI systems to others), AI users or deployers (organizations that integrate AI systems into their operations or decisions), and AI subjects (the individuals or entities affected by AI system outputs). Most organizations are simultaneously providers of some AI systems and users of others; the AIMS must address both roles where applicable.
A significant feature of the standard is its applicability to organizations that rely solely on third-party AI rather than developing their own. These organizations can legitimately exclude some development-specific controls from their Statement of Applicability, but they cannot exclude controls related to impact assessment (A.5), human oversight (within A.6.2.3), information disclosure (A.8), and third-party governance (A.10). The organization remains accountable for the impact of AI systems it deploys, regardless of whether it built them. This is operationally important because it means a company adopting GenAI from a foundation model provider still needs an AIMS to cover its deployment context.
What it covers. The standard applies to AI systems as defined in ISO/IEC 22989: engineered systems that generate outputs such as content, forecasts, recommendations, or decisions for a given set of human-defined objectives. The definition is intentionally broad and aligns with the OECD/NIST taxonomy. AI risks are addressed through the management system rather than through technology-specific requirements, which means the standard remains applicable as the technology evolves — the move from classical machine learning to generative AI to agentic systems does not require revising the standard, only updating the controls organizations select and how they implement them.
Obligations
ISO/IEC 42001 obligations operate at two levels: the management system requirements in clauses 4 to 10 (mandatory), and the reference controls in Annex A (selected based on risk).
Clauses 4 to 10 — The management system requirements
Clause 4 — Context of the organization. The organization determines internal and external issues relevant to AI, identifies interested parties and their requirements, and defines the scope of the AIMS. This is where the organization establishes the boundaries of what will be certified.
Clause 5 — Leadership. Top management must demonstrate leadership and commitment by ensuring AI policy and objectives are established, that responsibilities and authorities are assigned, and that the AIMS achieves its intended outcomes. Clause 5.1 is where the certifier confirms that AI is a board-level concern with a defined accountable executive, not a buried compliance task.
Clause 6 — Planning. The organization addresses risks and opportunities to the AIMS, conducts an AI risk assessment (clause 6.1.2) and an AI impact assessment (clause 6.1.4), determines AI risk treatment (clause 6.1.3), and produces a Statement of Applicability that justifies which Annex A controls are included, modified, or excluded. The Statement of Applicability is the operational core of the AIMS.
Clause 7 — Support. Resources, competence, awareness, communication, and documented information. The organization must ensure that personnel involved in AI governance have the relevant technical competence and that documentation supports operational continuity.
Clause 8 — Operation. Operational planning and control, AI risk treatment in practice, AI risk assessment results applied to AI system development and deployment. This is the clause in which the controls selected in the Statement of Applicability are actually implemented.
Clause 9 — Performance evaluation. Monitoring, measurement, analysis, and evaluation, internal audit, and management review. The organization must demonstrate that the AIMS is functioning and that management is reviewing it at planned intervals.
Clause 10 — Improvement. Nonconformity and corrective action, continual improvement. The standard explicitly requires a feedback loop from incidents and audit findings into AIMS improvements.
Annex A — The 38 reference controls in 9 objectives
Annex A organizes 38 reference controls into 9 control objectives (A.2 through A.10). The controls are not prescriptive; they are reference controls that the organization selects from during risk treatment (clause 6.1.3) and documents in the Statement of Applicability. The 9 objectives are:
- A.2 — Policies related to AI. Establishing the AI policy and aligning it with other organisational policies (information security, privacy, ethics, business strategy).
- A.3 — Internal organisation. Defining roles, responsibilities, authorities, and reporting relationships for AI management. Includes the figure of the AI risk owner and the integration of AI governance into existing organisational structures.
- A.4 — Resources for AI systems. Managing the data, tooling, computing infrastructure, and human resources required to operate AI systems responsibly. Includes documentation of resource adequacy.
- A.5 — Assessing impacts of AI systems. Conducting AI system impact assessments (AIIAs) to evaluate effects on individuals, groups, communities, and society. The release of ISO/IEC 42005:2025 provides specific guidance for these assessments.
- A.6 — AI system life cycle. Managing AI systems from inception through design, development, verification, validation, deployment, operation, and decommissioning. Includes controls for objective definition, data quality, technical documentation, human oversight, performance assessment, and end-of-life management.
- A.7 — Data for AI systems. Governing data acquisition, quality, preparation, provenance, and management throughout the AI lifecycle. This is the control objective most closely aligned with Article 10 of the EU AI Act.
- A.8 — Information for interested parties. Providing information about AI systems to users, affected persons, regulators, and other interested parties. Covers transparency obligations, user instructions, and disclosure of AI system characteristics.
- A.9 — Use of AI systems. Establishing processes for responsible use of AI systems within the organisation, including intended use definition, prevention of mission creep, and monitoring of operational use.
- A.10 — Third-party and customer relationships. Managing the AI value chain through supplier due diligence, contractual allocation of responsibilities, and customer-facing communications about the AI systems the organisation provides.
The controls are deliberately high-level and principle-based. They are not technical specifications. The implementation detail lives in Annex B (informative implementation guidance for each control), in companion standards such as ISO/IEC 42005 for impact assessments and ISO/IEC 23894 for risk management, and in the organization’s own technical procedures.
Timeline / Implementation
ISO/IEC 42001 has no statutory implementation calendar. Its operational timeline is the publication and revision cadence of the standard and its companion documents:
- December 2023 — ISO/IEC 42001:2023 published.
- January 2024 — ANAB launches the ISO/IEC 42001 accreditation programme. First applicant certification bodies enter the accreditation queue.
- 2024–2025 — First certificates issued. Early certified organisations include large cloud providers (Google Cloud, AWS, Microsoft), SaaS leaders (Miro), and ANAB-accredited certification bodies become operational.
- 2025 — ISO/IEC 42005:2025 published, providing guidance on AI system impact assessments referenced by Annex A.5.
- 2025–2026 — UKAS, RvA, ENAC, DAkkS, JAS-ANZ accreditation programmes become operational. ISO/IEC 42006:2025 published in July 2025, providing the criteria document for certification body accreditation under ISO/IEC 42001.
- 2026 — ISO/IEC 42001 expected to become the de facto operational layer for EU AI Act Article 17 (quality management system) compliance, supported by formal recognition discussions between ISO and the European Commission.
- Future review. ISO standards are subject to systematic review every five years. ISO/IEC 42001:2023 will be subject to its first systematic review in 2028, with potential publication of an updated edition in the 2028–2030 window depending on review outcomes.
For organizations planning certification, the operational milestone that matters most is the availability of an accredited certification body in their jurisdiction. By mid-2026, this is no longer a constraint in the United States, the United Kingdom, Spain, the Netherlands, Germany, or Australia. It remains a development in some Asian and Latin American jurisdictions.
How Zertia covers it
ISO/IEC 42001 is enforced through the international ISO conformity assessment infrastructure rather than through a regulatory authority.
ISO/IEC JTC 1/SC 42. The joint technical committee of ISO and IEC on artificial intelligence is responsible for developing and maintaining the standard. SC 42 is the consensus body where revisions, companion standards, and clarifications are negotiated. Member countries participate through their national standards bodies (ANSI for the United States, BSI for the United Kingdom, AENOR for Spain, DIN for Germany).
Accreditation bodies. National accreditation bodies authorize certification bodies to issue ISO/IEC 42001 certificates. The principal accreditation bodies for ISO/IEC 42001 globally are ANAB (United States), UKAS (United Kingdom), RvA (Netherlands), ENAC (Spain), DAkkS (Germany), and JAS-ANZ (Australia/New Zealand). Accreditation bodies operate under the IAF Multilateral Recognition Arrangement, which provides international recognition of certificates issued by accredited certification bodies. ANAB launched its ISO/IEC 42001 accreditation program in January 2024; UKAS, RvA, and ENAC followed within the next twelve months.
Certification bodies. Independent third parties are accredited to perform certification audits and issue certificates. As of mid-2026, the global pool of certification bodies accredited to ISO/IEC 42001 includes BSI, NSF, A-LIGN, Schellman, BureauVeritas, DNV, Intertek, Zertia, and others. Certification bodies operate under the requirements of ISO/IEC 42006, the standard that specifies requirements for bodies providing audit and certification of AI management systems. ISO/IEC 42006 covers the same role for AI management that ISO/IEC 27006 covers for information security.
The audit cycle. Certification involves a two-stage initial audit (Stage 1: documentation review and readiness assessment; Stage 2: implementation audit), annual surveillance audits in years 1 and 2, and a recertification audit in year 3. Audit duration is calculated under the ISO/IEC 42006 Model B methodology based on organizational complexity, scope, and risk profile.
International recognition. Certificates issued by certification bodies accredited under IAF MLA signatories are recognized globally. A US organization certified by an ANAB-accredited body holds a certificate that is recognized in the EU, UK, and other IAF MLA jurisdictions. This is the practical mechanism through which ISO/IEC 42001 has become the operative international standard for AI management system certification.
Regulation you understand is regulation you can turn into competitive advantage.
Not sure if this framework applies to your organization? Talk to us.
