On 18 December 2023, the International Organization for Standardization and the International Electrotechnical Commission published ISO/IEC 42001:2023, titled “Information technology - Artificial intelligence - Management system.” Developed by the joint technical committee ISO/IEC JTC 1/SC 42, it is described as the first certifiable management-system standard created specifically for artificial intelligence.
The standard specifies requirements, and provides guidance, for establishing, implementing, maintaining, and continually improving an AI management system (AIMS) within an organization. It is built on the same “management system” model used by widely adopted standards such as ISO 9001 for quality and ISO/IEC 27001 for information security, meaning organizations can be independently audited and certified against it. Its requirements include AI risk management, AI system impact assessments, lifecycle management of AI systems, and oversight of third-party suppliers. It applies to organizations of any size that provide or use AI products and services.
ISO/IEC 42001 matters because it gives organizations a structured, auditable way to demonstrate responsible AI governance, rather than relying on self-declared principles. As laws such as the EU AI Act and frameworks like the NIST AI Risk Management Framework take hold, a certifiable standard offers companies a common reference for showing customers, regulators, and partners that their AI practices meet an internationally recognized bar.