Skip to content
Misar.io

ISO/IEC 42001 AI Standards in 2026: Complete Guide to Compliance

All articles
Guide

ISO/IEC 42001 AI Standards in 2026: Complete Guide to Compliance

ISO/IEC 42001:2023 — the world's first AI management system standard. Scope, clauses, certification path, and how it maps to NIST AI RMF and the EU AI Act.

Misar Team·Jun 25, 2025·5 min read
Table of Contents

Quick Answer

ISO/IEC 42001:2023 is the world's first certifiable AI management system standard, published 18 December 2023. It follows the Annex SL harmonised structure shared by ISO 9001 and ISO 27001, making integrated management systems practical.

  • Certifiable by accredited bodies (BSI, DNV, TUV SUD, Bureau Veritas)
  • 10 clauses + Annex A (38 controls) + Annex B (implementation guidance) + Annex C (objectives) + Annex D (application across sectors)
  • Complements NIST AI RMF (risk) and ISO/IEC 23894 (risk management in AI)

What Is ISO/IEC 42001?

ISO/IEC 42001 was developed jointly by ISO and IEC through Joint Technical Committee SC 42 on AI. It provides requirements for establishing, implementing, maintaining, and continually improving an AI Management System (AIMS) within an organisation.

It is part of an ISO/IEC family of AI standards including:

  • ISO/IEC 22989:2022 — AI concepts and terminology
  • ISO/IEC 23053:2022 — Framework for AI systems using ML
  • ISO/IEC 23894:2023 — Guidance on risk management
  • ISO/IEC 38507:2022 — Governance implications of AI
  • ISO/IEC 25059:2023 — Quality model for AI systems
  • ISO/IEC 42005:2025 — AI system impact assessment

Key Details / Requirements

The 10 Clauses

Clause

Title

1

Scope

2

Normative references

3

Terms and definitions

4

Context of the organization

5

Leadership

6

Planning

7

Support

8

Operation

9

Performance evaluation

10

Improvement

Annex A Controls (38 across 9 areas)

Area

Sample Control

A.2 Policies

A.2.2 AI policy

A.3 Internal organization

A.3.2 AI roles and responsibilities

A.4 Resources

A.4.5 Data resources

A.5 Assessing AI system impacts

A.5.3 AI system impact assessment

A.6 AI system lifecycle

A.6.1 Requirements for AI systems

A.7 Data for AI

A.7.5 Data acquisition

A.8 Information for interested parties

A.8.2 Information for users of the AI system

A.9 AI system use

A.9.2 Intended use of the AI system

A.10 Third-party relationships

A.10.3 Suppliers

Real-World Examples / Case Studies

Anthropic — Publicly committed to pursuing ISO 42001 certification in 2024 and has published its Responsible Scaling Policy aligned with Annex A controls.

KPMG, PwC, Deloitte, EY — All launched ISO 42001 readiness services in 2024.

BSI — Issued its first ISO 42001 certificates in 2024, including to Japanese SoftBank subsidiary.

Microsoft and Google Cloud — Rolling ISO 42001 into enterprise trust-and-compliance portfolios.

What This Means for Organisations

Adopting ISO 42001:

  • Fits alongside ISO 27001 (information security) and ISO 9001 (quality) in an integrated management system
  • Provides a recognised certification for customer and regulator assurance
  • Maps cleanly to EU AI Act Art. 17 (quality management system) obligations
  • Is increasingly required in enterprise AI RFPs

Compliance Checklist

  • Define AIMS scope (Clause 4.3)
  • Issue an AI Policy (A.2.2)
  • Establish AI roles and responsibilities (A.3.2)
  • Implement AI System Impact Assessments (A.5.3, aligns with ISO 42005)
  • Document the AI system lifecycle (A.6)
  • Manage data quality and provenance (A.7)
  • Publish user information (A.8)
  • Conduct internal audits (Clause 9.2)
  • Schedule management review (Clause 9.3)
  • Engage an accredited certification body

FAQs

Q: Is ISO 42001 mandatory?

No — it is voluntary, but increasingly demanded in enterprise procurement.

Q: How does it differ from NIST AI RMF?

AI RMF is a risk-management framework; ISO 42001 is a management-system standard that can be certified.

Q: How long does certification take?

Typically 6-12 months: 3-6 months to implement + 2-stage audit (Stage 1 documentation, Stage 2 operations).

Q: Who certifies?

Accredited bodies including BSI, DNV, TUV SUD, Bureau Veritas, SGS, and TUV Rheinland.

Q: Does it help with the EU AI Act?

Yes — it operationalises Articles 9, 10, 13, 14, 17, and 62.

Q: Is 42001 the same as ISO 42005?

No — 42001 is the AIMS standard; 42005 is the AI impact assessment standard published in 2025.

Q: Cost?

Implementation (staff time + consultants) USD 50K-500K depending on size; certification fees USD 10K-100K.

Conclusion

ISO/IEC 42001 is the fastest way to demonstrate responsible AI to customers, regulators, and investors — with a recognised certificate on the wall.

Reach ISO 42001 certification with Misar AI's readiness programme.

iso-42001ai-managementcertificationai-governancecompliance
Enjoyed this article? Share it with others.
Next ArticleHow to Train an AI Chatbot on Website Content Safely

More to Read

View all posts
Guide

How to Train an AI Chatbot on Website Content Safely

Website content is one of the richest sources of information your business has. Every help article, FAQ, service description, and policy page is a direct line to your customers’ most pressing questions—yet most of this d

9 min read
Guide

E-commerce AI Assistants: Use Cases That Actually Drive Revenue

E-commerce is no longer just about transactions—it’s about personalized experiences, instant support, and frictionless journeys. Today’s shoppers expect more than just a website; they want a concierge that understands th

11 min read
Guide

What a Healthcare AI Assistant Needs Before Launch

Healthcare AI isn’t just about algorithms—it’s about trust. Patients, clinicians, and regulators all need to believe that your AI assistant will do more than talk; it will listen, remember, and act responsibly when it ma

12 min read
Guide

Website AI Chat Widgets: What Converts Better Than Generic Bots

Website AI chat widgets have become a staple for SaaS companies looking to engage visitors, answer questions, and drive conversions. Yet, most chat widgets still rely on generic, rule-based bots that frustrate users with

11 min read

Explore Misar AI Products

From AI-powered blogging to privacy-first email and developer tools — see how Misar AI can power your next project.

Explore ProductsGet in Touch

Stay in the loop

Follow our latest insights on AI, development, and product updates.

Get Updates