ARTICLE

ISO/IEC 42001 — AI Management System

The international standard for AI management systems

Updated 2 May 2025
legalstandardsisomanagement-systemcompliance

ISO/IEC 42001 — AI Management System

Overview

ISO/IEC 42001:2023 is the world’s first international standard for an AI Management System (AIMS). It provides a structured framework for organisations that develop, provide, or use AI systems to manage risks, ensure responsible behaviour, and demonstrate compliance.

Think of it like ISO 27001 (information security) but for AI.

What It Covers

Core Requirements

  • Context: Understand your organisation’s AI landscape and stakeholder needs
  • Leadership: Top management commitment to responsible AI
  • Planning: Risk assessment, objectives, treatment of AI risks
  • Support: Resources, competence, awareness, communication
  • Operation: Control of AI system lifecycle (design, development, deployment, monitoring)
  • Performance evaluation: Monitoring, measurement, internal audit, management review
  • Improvement: Continual improvement, corrective actions

AI-Specific Controls (Annex A)

  • AI system impact assessment
  • Data quality management
  • Transparency and explainability
  • Bias and fairness monitoring
  • Human oversight mechanisms
  • AI system lifecycle documentation
  • Third-party AI governance (supply chain)

Why It Matters

  • Certification: Organisations can be certified (like ISO 27001) — demonstrates compliance to regulators and customers
  • EU AI Act alignment: ISO 42001 can support demonstrating conformity with EU AI Act requirements
  • Framework: Provides structure for organisations that want to “do AI responsibly” but don’t know where to start
  • Supply chain: Customers increasingly asking suppliers about AI governance

Relationship to Other Standards

StandardFocus
ISO/IEC 42001AI management system (overarching)
ISO/IEC 23894AI risk management
ISO/IEC 38507Governance of AI
ISO/IEC 22989AI concepts and terminology
NIST AI RMFUS AI risk management framework

Key Implications for AICI

  • Understanding this standard is essential for consulting/advisory work
  • Can help position AICI as advisor to organisations seeking certification
  • Aligns with the Legal & Compliance pillar of the hub

Resources

  • ISO/IEC 42001:2023 official publication
  • BSI (British Standards Institution) — certification guidance
  • NIST AI Risk Management Framework (complementary US approach)
enes