ISO 42001 -- AI Management System
What is ISO 42001
ISO/IEC 42001:2023 is the first international standard specifying requirements for an AI Management System (AIMS) — a system for managing AI in an organization. The standard provides a structured framework for the responsible development, deployment, and operation of AI systems.
Why ISO 42001
Regulatory context
ISO 42001 is a harmonized standard — its implementation helps demonstrate compliance with the EU AI Act, particularly in the areas of:
- Risk management of AI systems
- Transparency and documentation
- Human oversight
Business value
- Customer trust — certification demonstrates a responsible approach to AI
- Competitive advantage — there are still few ISO 42001-certified organizations
- Systematic approach — the standard brings order to AI governance
- Synergy — easily integrated with ISO 27001 (information security)
Standard structure
ISO 42001 follows the classic ISO management system structure (Annex SL):
| Chapter | Content | Relationship to NATIVE |
|---|---|---|
| 4. Context of the organization | Understanding the environment and stakeholders | L0 — Navigate |
| 5. Leadership | Management commitment, AI policy | L1 — Align |
| 6. Planning | Risk and opportunity management | L1 + L3 |
| 7. Support | Resources, competence, awareness | L2 — Transform |
| 8. Operation | AI system management, impact assessment | L5 — Execute |
| 9. Performance evaluation | Monitoring, internal audit, management review | L4 — Verify |
| 10. Improvement | Nonconformities, corrective actions, continual improvement | Cross-cutting |
Key annexes
- Annex A — Controls for AI
- Annex B — Implementation guidance
- Annex C — Mapping to other AI standards and regulations
- Annex D — Use in various industries
Path to certification
%3btext-align:center%3b%7d%23mermaid-0 .edgeLabel p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .edgeLabel rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .labelBkg%7bbackground-color:rgba(232%2c 232%2c 232%2c 0.5)%3b%7d%23mermaid-0 .cluster rect%7bfill:%23ffffde%3bstroke:%23aaaa33%3bstroke-width:1px%3b%7d%23mermaid-0 .cluster text%7bfill:%23333%3b%7d%23mermaid-0 .cluster span%7bcolor:%23333%3b%7d%23mermaid-0 div.mermaidTooltip%7bposition:absolute%3btext-align:center%3bmax-width:200px%3bpadding:2px%3bfont-family:arial%2csans-serif%3bfont-size:12px%3bbackground:hsl(80%2c 100%25%2c 96.2745098039%25)%3bborder:1px solid %23aaaa33%3bborder-radius:2px%3bpointer-events:none%3bz-index:100%3b%7d%23mermaid-0 .flowchartTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-0 rect.text%7bfill:none%3bstroke-width:0%3b%7d%23mermaid-0 .icon-shape%2c%23mermaid-0 .image-shape%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3btext-align:center%3b%7d%23mermaid-0 .icon-shape p%2c%23mermaid-0 .image-shape p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bpadding:2px%3b%7d%23mermaid-0 .icon-shape .label rect%2c%23mermaid-0 .image-shape .label rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .label-icon%7bdisplay:inline-block%3bheight:1em%3boverflow:visible%3bvertical-align:-0.125em%3b%7d%23mermaid-0 .node .label-icon path%7bfill:currentColor%3bstroke:revert%3bstroke-width:revert%3b%7d%23mermaid-0 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg%3e%3cmarker id='mermaid-0_flowchart-v2-pointEnd' class='marker flowchart-v2' viewBox='0 0 10 10' refX='5' refY='5' markerUnits='userSpaceOnUse' markerWidth='8' markerHeight='8' orient='auto'%3e%3cpath d='M 0 0 L 10 5 L 0 10 z' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-pointStart' class='marker flowchart-v2' viewBox='0 0 10 10' refX='4.5' refY='5' markerUnits='userSpaceOnUse' markerWidth='8' markerHeight='8' orient='auto'%3e%3cpath d='M 0 5 L 10 10 L 10 0 z' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-circleEnd' class='marker flowchart-v2' viewBox='0 0 10 10' refX='11' refY='5' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3ccircle cx='5' cy='5' r='5' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-circleStart' class='marker flowchart-v2' viewBox='0 0 10 10' refX='-1' refY='5' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3ccircle cx='5' cy='5' r='5' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-crossEnd' class='marker cross flowchart-v2' viewBox='0 0 11 11' refX='12' refY='5.2' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3cpath d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9' class='arrowMarkerPath' style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-crossStart' class='marker cross flowchart-v2' viewBox='0 0 11 11' refX='-1' refY='5.2' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3cpath d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9' class='arrowMarkerPath' style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cg class='root'%3e%3cg class='clusters'/%3e%3cg class='edgePaths'%3e%3cpath d='M138%2c182L138%2c186.167C138%2c190.333%2c138%2c198.667%2c138%2c206.333C138%2c214%2c138%2c221%2c138%2c224.5L138%2c228' id='L_S1_S2_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_S1_S2_0' data-points='W3sieCI6MTM4LCJ5IjoxODJ9LHsieCI6MTM4LCJ5IjoyMDd9LHsieCI6MTM4LCJ5IjoyMzJ9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M138%2c406L138%2c410.167C138%2c414.333%2c138%2c422.667%2c138%2c430.333C138%2c438%2c138%2c445%2c138%2c448.5L138%2c452' id='L_S2_S3_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_S2_S3_0' data-points='W3sieCI6MTM4LCJ5Ijo0MDZ9LHsieCI6MTM4LCJ5Ijo0MzF9LHsieCI6MTM4LCJ5Ijo0NTZ9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M138%2c654L138%2c658.167C138%2c662.333%2c138%2c670.667%2c138%2c678.333C138%2c686%2c138%2c693%2c138%2c696.5L138%2c700' id='L_S3_S4_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_S3_S4_0' data-points='W3sieCI6MTM4LCJ5Ijo2NTR9LHsieCI6MTM4LCJ5Ijo2Nzl9LHsieCI6MTM4LCJ5Ijo3MDR9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M138%2c854L138%2c858.167C138%2c862.333%2c138%2c870.667%2c138%2c878.333C138%2c886%2c138%2c893%2c138%2c896.5L138%2c900' id='L_S4_S5_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_S4_S5_0' data-points='W3sieCI6MTM4LCJ5Ijo4NTR9LHsieCI6MTM4LCJ5Ijo4Nzl9LHsieCI6MTM4LCJ5Ijo5MDR9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M112.272%2c1102L110.669%2c1108.167C109.067%2c1114.333%2c105.861%2c1126.667%2c106.004%2c1138.364C106.147%2c1150.062%2c109.638%2c1161.124%2c111.383%2c1166.655L113.129%2c1172.185' id='L_S5_S6_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_S5_S6_0' data-points='W3sieCI6MTEyLjI3MTgyOTA0NDExNzY1LCJ5IjoxMTAyfSx7IngiOjEwMi42NTYyNSwieSI6MTEzOX0seyJ4IjoxMTQuMzMyMzEwMjY3ODU3MTQsInkiOjExNzZ9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M161.668%2c1176L163.614%2c1169.833C165.56%2c1163.667%2c169.452%2c1151.333%2c169.963%2c1139.645C170.474%2c1127.957%2c167.604%2c1116.914%2c166.169%2c1111.393L164.734%2c1105.871' id='L_S6_S5_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_S6_S5_0' data-points='W3sieCI6MTYxLjY2NzY4OTczMjE0Mjg2LCJ5IjoxMTc2fSx7IngiOjE3My4zNDM3NSwieSI6MTEzOX0seyJ4IjoxNjMuNzI4MTcwOTU1ODgyMzUsInkiOjExMDJ9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3c/g%3e%3cg class='edgeLabels'%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_S1_S2_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_S2_S3_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_S3_S4_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_S4_S5_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_S5_S6_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel' transform='translate(173.25805%2c 1139.27157)'%3e%3cg class='label' data-id='L_S6_S5_0' transform='translate(-50.6875%2c -12)'%3e%3cforeignObject width='101.375' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3cp%3eRecertification%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='nodes'%3e%3cg class='node default' id='flowchart-S1-0' transform='translate(138%2c 95)'%3e%3crect class='basic label-container' style='' x='-130' y='-87' width='260' height='174'/%3e%3cg class='label' style='' transform='translate(-100%2c -72)'%3e%3crect/%3e%3cforeignObject width='200' height='144'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3e**1. GAP ANALYSIS** (4-6 weeks)%3cbr /%3eMap current state vs. requirements%3cbr /%3eIdentify missing controls%3cbr /%3eCreate implementation plan%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-S2-1' transform='translate(138%2c 319)'%3e%3crect class='basic label-container' style='' x='-130' y='-87' width='260' height='174'/%3e%3cg class='label' style='' transform='translate(-100%2c -72)'%3e%3crect/%3e%3cforeignObject width='200' height='144'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3e**2. IMPLEMENTATION** (3-6 months)%3cbr /%3eBuild/supplement AIMS%3cbr /%3eImplement Annex A controls%3cbr /%3eCreate documentation%2c train employees%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-S3-2' transform='translate(138%2c 555)'%3e%3crect class='basic label-container' style='' x='-130' y='-99' width='260' height='198'/%3e%3cg class='label' style='' transform='translate(-100%2c -84)'%3e%3crect/%3e%3cforeignObject width='200' height='168'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3e**3. INTERNAL AUDIT** (2-4 weeks)%3cbr /%3eConduct internal audit per ISO 19011%3cbr /%3eIdentify nonconformities%3cbr /%3eImplement corrective actions%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-S4-3' transform='translate(138%2c 779)'%3e%3crect class='basic label-container' style='' x='-130' y='-75' width='260' height='150'/%3e%3cg class='label' style='' transform='translate(-100%2c -60)'%3e%3crect/%3e%3cforeignObject width='200' height='120'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3e**4. MANAGEMENT REVIEW** (1 week)%3cbr /%3eManagement reviews AIMS%3cbr /%3eDecision on certification readiness%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-S5-4' transform='translate(138%2c 1003)'%3e%3crect class='basic label-container' style='' x='-130' y='-99' width='260' height='198'/%3e%3cg class='label' style='' transform='translate(-100%2c -84)'%3e%3crect/%3e%3cforeignObject width='200' height='168'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3e**5. CERTIFICATION AUDIT** (2-3 weeks)%3cbr /%3eStage 1: Documentation audit%3cbr /%3eStage 2: Implementation audit%3cbr /%3eCertificate (3-year validity)%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-S6-5' transform='translate(138%2c 1251)'%3e%3crect class='basic label-container' style='' x='-130' y='-75' width='260' height='150'/%3e%3cg class='label' style='' transform='translate(-100%2c -60)'%3e%3crect/%3e%3cforeignObject width='200' height='120'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3e**6. MAINTENANCE** (ongoing)%3cbr /%3eAnnual surveillance audits%3cbr /%3eContinual improvement%3cbr /%3eRecertification after 3 years%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Synergy with ISO 27001
If your organization already holds ISO 27001 (Information Security Management System), implementing ISO 42001 is significantly easier — both standards share:
- The Annex SL structure
- The approach to risk management
- Documentation requirements
- Internal audit processes
We recommend an integrated approach — a single management system covering both standards.
Next steps
- Audit readiness — prepare for the audit
- What to expect from an audit — practical guide
- Contact us: ai@technomaton.com — we can help with selecting a certification body