standardInternational Organization for Standardization (ISO) / International Electrotechnical Commission (IEC)v2023

ISO/IEC 42001:2023 Information Technology — Artificial Intelligence — Management System

Overview

ISO/IEC 42001 is the world's first international standard for an Artificial Intelligence Management System (AIMS), published in December 2023 jointly by ISO and IEC. The standard specifies requirements for establishing, implementing, maintaining, and continually improving a management system for AI within an organization. Like ISO 9001 (quality) and ISO 27001 (information security), 42001 follows the high-level structure for management-system standards (Annex SL) and is designed to be auditable and certifiable by third-party accredited bodies. The standard includes core management-system clauses (context, leadership, planning, support, operation, performance evaluation, improvement) plus AI-specific Annexes: - **Annex A** — reference controls covering policy, internal organization, AI resources, impact assessment, system lifecycle, third-party relationships, and use information - **Annex B** — implementation guidance for the controls - **Annex C** — AI-related organizational objectives and risk sources - **Annex D** — domain or sector-specific use considerations Certification provides a credible, internationally recognized signal of AI governance maturity that maps to obligations in the EU AI Act, NIST AI RMF, and emerging US state AI laws. Certification audits are typically conducted on a 3-year cycle.

Certification

Certifiable via Accredited certification bodies under ISO/IEC 17021-1.

Core controls / obligations

Mapped to state laws

Common controls in ISO/IEC 42001 that satisfy or overlap with US state AI law obligations.

Sources

Last verified: April 25, 2026

We may receive referral commissions from recommended compliance tools. Recommendations are based on product fit and not on commission size. Links marked “partner link” include a tracked redirect.