ISO/IEC 42001
The certifiable AI management system standard. What ISO 27001 is for information security, 42001 is for AI governance.
ISO/IEC 42001:2023 is the certifiable AI management system standard, the only AI governance standard that can be independently audited and certified against, comparable to what ISO 27001 is for information security. If certifiable AI governance is the requirement, this standard is the answer.
ISO/IEC 42001:2023 is the certifiable AI management system standard. The only AI governance standard that can be independently audited and certified against, comparable to what ISO 27001 is for information security.
Adoption requires enterprise-wide commitment, cross-functional governance, risk management, AI impact assessments, lifecycle management and third-party supplier oversight. Major certification bodies have already operationalized audit services to cover the standard, while leading vendors are in the process of acquiring certification.
In the three-layer standards landscape it holds the middle ground: NIST AI RMF for multi-framework alignment, ISO 42001 for certifiable AI governance in a broad sense, AIUC-1 for agent-specific certification. If certifiable AI governance is the requirement for stakeholders, customers or regulators, this standard is the answer.
| Claim | Source | Status |
|---|---|---|
| ISO/IEC 42001:2023 is the certifiable AI management system standard, independently auditable, comparable to ISO 27001 for information security. | ISO/IEC 42001:2023, AI Management System | verified 2026-07-02 |