Ayliea — AI Security Assessment & Compliance Consulting

ISO/IEC 42001

Also called: ISO 42001, AI Management System standard, AIMS

ISO/IEC 42001:2023 is the first international certifiable management-system standard for artificial intelligence. It defines requirements for establishing, implementing, maintaining, and continually improving an AI Management System (AIMS) within an organization.

Published in December 2023, ISO/IEC 42001 is structured like other ISO management-system standards (27001, 9001, 14001) using the High-Level Structure: clauses 4-10 cover context, leadership, planning, support, operation, performance evaluation, and improvement. Annex A lists 38 reference controls organized into 9 categories:

  • A.2 Policies related to AI
  • A.3 Internal organization
  • A.4 Resources for AI systems
  • A.5 Assessing impacts of AI systems
  • A.6 AI system life cycle
  • A.7 Data for AI systems
  • A.8 Information for interested parties of AI systems
  • A.9 Use of AI systems
  • A.10 Third-party and customer relationships

Unlike NIST AI RMF (voluntary, US-flavored) or the EU AI Act (binding, regulation-flavored), ISO 42001 is certifiable. An accredited body can audit your AIMS and issue a certificate that's recognized internationally — the same credibility model that made ISO 27001 the global default for information-security attestation.

Early certifications were issued in 2024-2025; the certification ecosystem is still maturing, with most major audit firms now offering ISO 42001 services.

Why it matters

ISO 42001 will likely become the international procurement default for AI vendors, the way ISO 27001 did for security. Organizations that get certified early signal maturity to enterprise buyers and gain a defensible posture against the patchwork of national AI regulations. The structure also forces the rigor that NIST and EU AI Act expect — once you have an AIMS, mapping it to those frameworks becomes a documentation exercise rather than a build effort.

Assess your ISO 42001 readiness

Related terms

NIST AI RMF

The NIST AI Risk Management Framework (AI RMF 1.

EU AI Act

The EU AI Act (Regulation 2024/1689) is the European Union's binding legal framework for artificial intelligence systems.

AI Governance

AI governance is the set of policies, processes, roles, and controls an organization uses to develop, deploy, and operate AI systems responsibly and in compliance with applicable laws, standards, and stakeholder expectations.

← Back to glossary