Hael
Sign inRequest a demo
ISO/IEC 42001 · Introduction

What is ISO 42001?

Updated 30 June 2026 · 6 min read
Key takeaway
ISO/IEC 42001 is the world's first international standard for an Artificial Intelligence Management System (AIMS). Published in December 2023, it gives organisations a structured, certifiable framework for governing AI responsibly across its lifecycle. Its defining feature is that you can be independently certified against it: an accredited body can audit your AI management system and issue a certificate recognised across jurisdictions.
  • ISO/IEC 42001 is the first international, certifiable standard for an AI management system.
  • It governs how an organisation manages AI as a whole, using the Plan-Do-Check-Act cycle.
  • It is the only AI governance standard you can be independently certified against.
  • It suits any organisation that develops, provides, or uses AI and wants demonstrable governance.
  • Current as of June 2026. This is general information, not legal advice.

What the standard does

ISO 42001 sets out the requirements for establishing, implementing, maintaining, and continually improving a management system for AI. Rather than focusing on a single AI system, it governs how an organisation manages AI as a whole: its policies, roles, risk processes, controls, and improvement cycle. It follows the same high-level management-system structure as well-known standards like ISO 27001 (information security) and ISO 9001 (quality), so organisations familiar with those will recognise the shape.

The management-system approach

The standard is built on the Plan-Do-Check-Act cycle of continual improvement. You plan your AI governance (policies, objectives, risk assessment), do it (implement controls and processes), check it (monitor, audit, review), and act on what you find (improve). This makes AI governance an ongoing system rather than a one-time project, which is the central idea of any management-system standard.

What it covers

ISO 42001 addresses the things responsible AI governance requires: leadership and policy, planning and risk assessment, support and resources, operation and controls, performance evaluation, and improvement. It also includes a set of AI-specific controls in its annex, covering areas such as AI risk, data for AI, transparency, and the lifecycle of AI systems. Together these give an organisation a comprehensive structure for governing AI.

Why it is significant

Before ISO 42001, organisations had no certifiable standard to point to when asked for proof of responsible AI. They could describe their practices, but they could not show an independent certificate. ISO 42001 changes that. It is the only certifiable AI governance standard, which makes it uniquely useful when a buyer, regulator, or partner asks for verifiable proof rather than a description.

Who it is for

ISO 42001 is for any organisation that develops, provides, or uses AI and wants a structured, demonstrable way to govern it. That includes AI vendors who want to prove responsible AI to enterprise buyers, and enterprises that want to govern AI across the business and evidence it to regulators and customers. Certification is optional, and adopting the standard delivers value even before certification, but the certificate is what turns good practice into independent proof.

Key terms

ISO/IEC 42001
The first international, certifiable standard for an AI management system.
AI management system (AIMS)
The structured set of policies, processes, roles, and controls used to govern AI.
Certifiable standard
A standard against which an accredited body can audit and issue an independent certificate.
Plan-Do-Check-Act
The continual-improvement cycle that underpins ISO management-system standards.

References

Related guides

Keep reading on ISO/IEC 42001.

Free check

See where you stand on ISO/IEC 42001, free.

Answer a few questions and get an indicative view of what ISO/IEC 42001 expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
ISO/IEC 42001 · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to ISO/IEC 42001~ 5 MIN