ISO 42001: AI Management System Standard

Implementation guide for ISO 42001, the international standard for AI management systems covering risk assessment, documentation, and continuous improvement.

Last updated: March 2026

What is ISO 42001?

ISO/IEC 42001:2023 is the world's first international standard for Artificial Intelligence Management Systems (AIMS). Published in December 2023, it provides a framework for organizations to responsibly develop, provide, or use AI systems.

Key Requirements

  • AI Policy: Establish and communicate an organizational AI policy aligned with business objectives
  • Risk Assessment: Identify, analyze, and evaluate AI-specific risks including bias, fairness, and transparency
  • AI Impact Assessment: Evaluate potential impacts on individuals, groups, and society
  • Data Management: Controls for data quality, provenance, and lifecycle management
  • Documentation: Maintain records of AI system design, testing, and deployment decisions
  • Continuous Improvement: Regular review and improvement of the AI management system

Certification Process

Organizations can seek certification through accredited bodies. The process typically involves a Stage 1 (documentation review) and Stage 2 (on-site assessment) audit, followed by annual surveillance audits.

Related

SOC2 for AI

Security compliance for AI startups.

EU AI Act

The regulation driving ISO 42001 adoption.