ISO/IEC 42001:2023 specifies the requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It targets entities that develop, provide, or use AI-based products or services.

The standard provides a management framework aligned with the Plan‑Do‑Check‑Act methodology and structured to be compatible with other ISO management system standards. It helps organizations address AI-specific challenges such as transparency, ethical behavior, and continuous learning.

ISO/IEC 42001 applies to any organization, regardless of size or sector. It guides the integration of key AI-related processes into the organization’s overall governance, including risk management, supplier oversight, and the assessment of AI system impacts. This supports accountability and builds stakeholder trust.

Benefits of implementing ISO/IEC 42001 include:

• Effective management of AI-related risks and opportunities

• Support for responsible and ethical AI practices

• Enhanced transparency, traceability, and accountability

• Strengthened governance and oversight over AI

• Increased trust among stakeholders in AI outcomes

Additional features of ISO/IEC 42001

The standard supports a risk-based approach, allowing organizations to tailor the level of governance to the risks posed by different AI use cases. It also addresses unique AI challenges, such as the continuous learning and changing behavior of AI systems, which require dynamic oversight. ISO/IEC 42001 adopts the harmonized structure used by ISO management system standards, ensuring easy integration with existing frameworks such as quality, security, and environmental management.

Relationship with other AI standards

ISO/IEC 42001 is the first management system standard specifically for AI. It complements other standards that address key AI aspects:

• ISO/IEC 22989:2022, defines terminology and key AI concepts

• ISO/IEC 23053:2022, provides a framework for describing AI and machine learning systems

• ISO/IEC 23894:2023, offers guidance on managing AI-related risks

While those standards focus on terminology, system architecture, and risk measures, ISO/IEC 42001 provides an overarching governance approach—helping organizations manage AI consistently across all functions and processes.

Applicability and certification

ISO/IEC 42001 is applicable to organizations of any size or sector, including companies developing AI-based applications, healthcare providers using diagnostic AI, financial institutions deploying algorithmic systems, and public sector entities. Certification to the standard is voluntary but provides third-party validation of an organization's commitment to responsible AI governance.

Contribution to Sustainable Development Goals

ISO/IEC 42001 supports several of the United Nations Sustainable Development Goals, including SDG 5 (Gender Equality), SDG 7 (Affordable and Clean Energy), SDG 8 (Decent Work and Economic Growth), SDG 9 (Industry, Innovation and Infrastructure), SDG 10 (Reduced Inequalities), SDG 12 (Responsible Consumption and Production), and SDG 14 (Life Below Water).

More information about ISO/IEC 42001, the management system standard for responsible development and use of AI, is available on the official ISO page.