Blog archive

ISO/IEC 42001 – the first AI management system standard

09.12.2025

yucelyilmaz/Shutterstock.com

AI rapidly evolves and offers numerous advantages, such as safer and cleaner transportation, more efficient manufacturing, more affordable and sustainable energy, and improved decision-making. It generally refers to systems that utilize text mining, computer vision, speech recognition, natural language generation, machine learning, or deep learning.

These technologies can be applied to gather or utilize data to predict, recommend or decide the optimal actions to achieve specific objectives. AI systems can be software-based or embedded in devices. In 2025, 20% of enterprises in the European Union employed AI.

As AI capabilities grow exponentially, significant concerns arise regarding privacy, bias, inequality, safety, and security. Examining how AI risks affect users is essential to ensuring the responsible and sustainable deployment of these technologies.

What is ISO/IEC 42001 AI management systems?

ISO/IEC 42001 is the international standard for AI management systems. It provides requirements and guidance for organisations that develop, provide or use AI systems. The standard helps organisations manage risks related to AI.

Why are AI management systems important?

AI management systems supports compliance by helping organisations demonstrate responsible AI governance, align their AI practices with legal and regulatory requirements, manage risks like bias, safety, security and misuse. It also helps to strengthen trust among customers, partners and regulators.

This standard does not replace laws or regulations. Instead, it provides a structured framework that helps organisations to meet their compliance obligations. 

Who should use ISO/IEC 42001?

ISO/IEC 42001 applies to organisations of all sizes and sectors that:

  • develop AI systems,
  • integrate AI into products or services,
  • use AI for decision-making or automation,
  • manage AI systems provided by third parties.
The structure of the standard

ISO/IEC 42001 follows the footsteps of other management systems standards like ISO 9001 for quality, ISO 14001 for the environment, and ISO/IEC 27001 for IT security.

The standard covers understanding the organisation and its context, leadership commitments, and planning actions to address risks and opportunities. It also includes support through resources and competence, operational planning, AI risk assessment, performance evaluation through monitoring and audits, and continual improvement with corrective actions.

Annex A – Reference control objectives and controls,
Annex B – Implementation guidance for AI controls,
Annex C – Potential AI-related organisational objectives and risk sources,
Annex D – Use of the AI management system across domains or sectors and Integration with other management system standards.

 Preview of EVS-EN ISO/IEC 42001