Standard guide

ISO 42001: the AI management system standard

ISO 42001 is the first international standard for an artificial intelligence management system (AIMS). It gives organisations a certifiable structure for governing AI responsibly and consistently.

The basics

What is ISO 42001?

ISO 42001 and the EU AI Act

An ISO 42001 management system is one of the most practical ways to demonstrate the governance and risk controls the EU AI Act expects, especially for providers of high-risk AI systems.

A management system for AI

ISO 42001 applies the familiar management-system model — plan, do, check, act — to the specific risks and duties of AI.

Built for responsible AI

The standard operationalises responsible AI: governance, risk assessment, impact assessment and continual improvement.

Certifiable

Like ISO 27001, ISO 42001 can be independently certified, giving customers and regulators assurance about your AI practices.

What an ISO 42001 AIMS includes

AI policy

Objectives and commitments for responsible AI.

AI risk assessment

Systematic assessment of AI-specific risks and impacts.

Controls

Operational controls across the AI lifecycle.

Improvement

Monitoring, audit and continual improvement.

Where to next

Connect the AI stack

AI governance

The governance model ISO 42001 formalises.

AI risk management

The risk engine inside the management system.

EU AI Act

The regulation ISO 42001 helps you meet.

ISO 42001 FAQs

What is ISO 42001?

The international standard specifying requirements for an artificial intelligence management system (AIMS).

How does it relate to ISO 27001?

It follows the same management-system structure, so organisations with an ISO 27001 ISMS can extend naturally to ISO 42001.

Does ISO 42001 help with the EU AI Act?

Yes. It provides a structured, certifiable way to evidence the governance and risk controls the AI Act expects.

Stand up an ISO 42001 AI management system.

Build the governance foundation in a hands-on workshop.