ISO 42001:2023

The ISO/IEC 42001 is the International Standard for AI Management Systems. It presents a mechanism for organisations to manage their AI systems responsibly and consistently. It offers a set of requirements and guiding principles for organisations that develop, provide, or use AI systems, to manage risks relating to AI while also supporting innovation, trust, and accountability. ISO/IEC 42001 is the first global standard that defines the pathways to establish, implement, maintain and continually improve an AI management system. It offers a common framework for managing AI systems consistently across an organization.

The ISO/IEC 42001 addresses an AI management system, which refers to a structured set of policies, processes, and controls that help organisations govern the design, development, deployment, and use of AI systems. An AI management system effectively helps an organisation define the responsibilities for AI use, identify and assess AI-related risks, ensure transparency and accountability, manage data quality and system performance, address ethical, legal and societal concerns, and monitor AI systems throughout their lifecycle.

The ISO/IEC 42001 specifically supports organizational AI compliance when they engage in regulated or high-risk environments. It helps organizations demonstrate responsible AI governance, align their AI practices with regulatory and legal expectations, manage their risks around bias, safety, security, and misuse, and increase trust with customers, partners, and regulators. It complements existing laws rather than replace them. 

ISO/IEC 42001 applies to organisations that develop AI systems, integrate AI into their products or services, use AI for decision-making or automation, and manage AI systems provided by third parties. It covers technology companies, financial institutions, healthcare providers, manufacturers, public authorities, and service organisations.

Broadly, it defines the key requirements for an AI management system and covers items such as leadership and organizational context, AI policy and objectives, risk management for AI systems, data governance and system lifecycle controls, transparency and information provision, performance evaluation and monitoring, and continual improvement. These requirements are intended to support organizations move from ad hoc AI use to structured, accountable AI management. Certifying for ISO/IEC 42001 is voluntary, and the certification happens through independent certification bodies that may or may not be nationally accredited by relevant accreditation bodies.