ISO 42001 Explained: The AI Management System Standard
A board asked us last quarter to certify their new AI-powered credit-scoring engine against ISO 42001. Reasonable request. Except when we sat down with the data science team, nobody could tell us which model version was in production, who had signed off on the training data, or what happened if the model started declining loans for applicants from a particular pin code. The model was live. It was making decisions on real people. And the organisation had no management system around it at all.
That gap is exactly what ISO/IEC 42001 exists to close. It is the world's first management system standard for artificial intelligence, published in December 2023, and it does for AI governance roughly what ISO 27001 did for information security: it gives you an auditable structure to prove that you actually run your AI responsibly, rather than just claiming you do in a slide deck.
What ISO 42001 actually is (and is not)
ISO/IEC 42001:2023 is an AI Management System standard, or AIMS. It is a certifiable, third-party-auditable framework. If your organisation develops, provides, or uses AI systems, it tells you how to build a repeatable process for identifying AI risks, setting controls, and continuously improving. A CERT-In empanelled certification body can assess you against it and issue a certificate that carries weight with regulators, enterprise buyers, and boards.
It is not a technical standard for how to build a neural network. It says nothing about which algorithm to pick or what accuracy threshold to hit. It is a governance standard. It cares about whether you decided those things deliberately, documented the decision, assigned an owner, and can show an auditor the evidence eighteen months later.
Structurally it follows the same Annex SL high-level structure as ISO 27001 and ISO 9001. Clauses 4 to 10 carry the mandatory requirements. Context, leadership, planning, support, operation, performance evaluation, improvement. If your team has already done ISO 27001, roughly 60 to 70 percent of the machinery, the internal audit programme, management review, corrective action, document control, is reused wholesale. That is the single biggest cost saving available to you, and most teams miss it.
The parts that are genuinely new
Three things in ISO 42001 have no equivalent in the security standards you already know, and these are where audits fail.
1. The AI system impact assessment
This is the beating heart of the standard. Before an AI system goes live, you must assess its potential consequences for individuals, groups, and society, not just for your own organisation. For that credit-scoring engine, that means asking, in writing, what happens to a person wrongly declined. What happens if the model quietly encodes a bias that correlates with caste, gender, or region. Who is harmed, how badly, and how likely is it. In the Indian context, this assessment is also where your DPDP Act 2023 obligations around automated decision-making start to bite, because a rejected applicant has rights over how that decision was made.
2. Data governance for the AI lifecycle
Annex A of the standard is explicit about data provenance, quality, and preparation. Auditors will ask where your training data came from, whether you had the right to use it, how you checked it for bias, and how you version it. The scene I opened with, nobody knowing who signed off on the training data, is a direct Annex A control failure.
3. Transparency and human oversight
You must document how the system communicates with the people it affects and where a human can intervene or override. Automated decisions cannot be a black box even to your own staff.
The Annex A controls you will actually be audited against
ISO 42001 ships with 38 controls across nine control objectives in its Annex A, plus implementation guidance in Annex B. You do not implement all 38 blindly. You justify inclusion or exclusion in a Statement of Applicability, exactly as you do for ISO 27001. Here are the control areas that trip teams up most often.
| Annex A control area | What the auditor asks | The evidence you must produce |
|---|---|---|
| AI policy (A.2) | Do you have a board-approved AI policy distinct from your infosec policy? | Signed policy, version-controlled, review date |
| Internal organisation (A.3) | Who owns AI risk? Is it a named role? | Role definition, RACI, appointment record |
| Resources for AI systems (A.4) | Have you documented data, tooling, and compute as governed resources? | Asset inventory including models and datasets |
| Impact assessment (A.5) | Where is the impact assessment for this specific system? | Completed AI system impact assessment per model |
| AI system lifecycle (A.6) | How do you manage models from design to retirement? | Model cards, version log, decommissioning record |
| Data for AI systems (A.7) | Prove provenance and quality of training data | Data lineage, consent basis, bias-check report |
| Information for interested parties (A.8) | What do affected users get told? | User-facing notices, explainability documentation |
| Third-party and supplier (A.10) | Do your AI vendors meet your controls? | Vendor due diligence, contractual clauses |
Notice A.10. If you are buying an AI capability from a foundation-model provider or a SaaS vendor, you are still on the hook. The standard makes you push your controls down the supply chain. In practice this is where financial services clients spend the most negotiation effort, because their model provider often will not disclose training data provenance, and the client has to document that residual risk and get it accepted by the board.
How it maps to the EU AI Act and NIST AI RMF
The question every CISO asks in the first meeting is whether ISO 42001 gets them EU AI Act compliance for free. It does not, but it gets you most of the way, and it is the recognised route to demonstrating the AI Act's required quality-management and risk-management systems. The three frameworks are complementary, not competing. Here is how they line up.
| Dimension | ISO/IEC 42001 | EU AI Act | NIST AI RMF |
|---|---|---|---|
| Type | Certifiable management standard | Binding law (EU) | Voluntary framework |
| Enforceable | Via certification and contracts | Yes, with fines up to 35m euros or 7% turnover | No, guidance only |
| Core unit | The management system (AIMS) | Risk tiers per AI system | Govern, Map, Measure, Manage |
| Impact focus | AI system impact assessment | Conformity assessment for high-risk AI | Contextual risk mapping |
| Best used as | The operating backbone | The compliance obligation to satisfy | The risk vocabulary and method |
The practical play is this. Use ISO 42001 as your management system, the thing that makes governance repeatable. Use NIST AI RMF's Map-Measure-Manage functions as the method inside your risk assessments, because it is more prescriptive about how to actually characterise AI risk. Then treat the EU AI Act as the external obligation your ISO 42001 system is designed to help you meet. If you sell into Europe, a mature AIMS is your strongest evidence that your high-risk systems have the required risk and quality management in place.
For Indian organisations there is no equivalent statute yet. The DPDP Act 2023 touches automated decisions on personal data, the RBI and SEBI expect model-risk discipline for anything touching credit or markets, and the forthcoming Digital India Act is expected to address AI more directly. ISO 42001 lets you get ahead of all of it with one auditable system rather than scrambling later.
What certification actually costs and how long it takes
Let me be concrete, because the vague answers you get from most consultancies are useless for budgeting. Certification is a two-stage audit, Stage 1 documentation review and Stage 2 implementation audit, followed by annual surveillance and a full recertification at three years. That is identical to the ISO 27001 rhythm.
| Item | Small org (under 200 staff, 1-3 AI systems) | Mid to large (multiple AI products) |
|---|---|---|
| Gap assessment and readiness | INR 3-6 lakh | INR 8-15 lakh |
| Implementation and documentation | INR 6-12 lakh | INR 15-40 lakh |
| Certification body audit fees | INR 4-8 lakh | INR 10-20 lakh |
| Annual surveillance (per year) | INR 2-4 lakh | INR 5-10 lakh |
| Realistic timeline to certificate | 4-6 months | 8-12 months |
The number that surprises boards is not the audit fee. It is the internal effort. Expect your data science, legal, and risk functions to spend real hours building impact assessments and model cards for systems that currently have neither. If you already run ISO 27001, halve the process cost, because the audit machinery is reused. If you are starting from nothing, the AIMS is a genuine new build.
Five gaps that sink an ISO 42001 audit
After enough of these assessments you start to see the same failures. These are the five that turn a Stage 2 audit into a nonconformity report.
- No system inventory. You cannot govern AI you have not listed. Teams routinely forget the shadow model a business unit spun up on a cloud API without telling anyone.
- Impact assessments that are box-ticking. A one-line 'low risk' with no analysis of who gets harmed is worse than nothing, because it proves you looked and did not think.
- Broken data provenance. You cannot show where training data came from or whether you had the legal basis to use it. This is the single most common finding.
- No human-in-the-loop definition. The system makes consequential decisions and no one can point to where a human can override it.
- Static governance. You certified once and never re-ran the impact assessment after the model was retrained. AI drifts. Your management system has to notice.
A scene from a real Stage 2 audit
Picture the room. A fintech, mid-size, AI-driven collections prioritisation. The auditor asks a simple question: show me the impact assessment for the model currently in production, and the record of who approved the last retraining. The head of data science pulls up a notebook. It has last month's model. Nobody can produce the approval, because retraining was automated on a schedule and no human ever reviewed the new model's behaviour before it went live. The model had, in fact, started deprioritising a segment of borrowers in a way that would have looked ugly under any fairness lens.
That is a major nonconformity against A.6, the lifecycle control. Not because the model was malicious, but because the organisation had no management system to catch the drift. The fix was not technical. It was a mandatory human sign-off gate on every retrain, with the impact assessment re-run and logged. Six weeks later they passed. The technology never changed. The governance did.
Your fix-it checklist before you call an auditor
- Build an AI system inventory. Every model, every AI-enabled feature, every third-party AI service. Include the shadow ones.
- Write and get the board to sign a standalone AI policy, separate from your infosec policy.
- Name an owner for AI risk. A real role with authority, not a committee that meets quarterly.
- Complete an AI system impact assessment for each system, covering harm to individuals and groups, not just to you.
- Document data provenance and legal basis for every training dataset, and run at least one bias check.
- Produce a model card per system: purpose, data, performance, limitations, and known risks.
- Define the human oversight point for every consequential decision and test that the override actually works.
- Draft your Statement of Applicability across the 38 Annex A controls, justifying every inclusion and exclusion.
- Run one internal audit and one management review before Stage 1, so the certification body sees a system that already cycles.
Where this leaves you
Come back to that board and their credit-scoring engine. The model was never the problem. The absence of a system around it was. ISO 42001 is not paperwork for its own sake; it is the difference between an organisation that can look a regulator, a customer, and an affected individual in the eye and explain its AI, and one that is hoping nobody asks. As AI moves into decisions that change people's lives, that difference stops being optional.
If you want a straight read on how far your current AI governance is from a defensible ISO 42001 system, that is the kind of hands-on gap assessment our CERT-In empanelled auditors at CyberSigma do in the room with your data and risk teams, not from a template.
FAQs
Is ISO 42001 mandatory in India?
No. It is a voluntary certifiable standard. But with the DPDP Act 2023 touching automated decisions, RBI and SEBI expecting model-risk discipline, and the Digital India Act on the horizon, certifying now puts you ahead of regulation rather than scrambling after it. Enterprise buyers increasingly ask for it in vendor due diligence too.
We already have ISO 27001. How much extra work is ISO 42001?
Considerably less than a fresh start. The Annex SL machinery, internal audit, management review, corrective action, and document control, is shared, so you reuse 60 to 70 percent of it. The genuinely new work is the AI system impact assessments, data provenance and lifecycle governance, and the 38 Annex A controls. Budget roughly half of a first-time ISO 27001 effort.
Does ISO 42001 certification make us EU AI Act compliant?
Not automatically, but it is the strongest evidence you can offer. The AI Act requires risk-management and quality-management systems for high-risk AI, and a mature ISO 42001 AIMS is purpose-built to demonstrate exactly that. Treat the standard as your operating backbone and the AI Act as the legal obligation it helps you satisfy.
What is the AI system impact assessment and why does it matter so much?
It is the mandatory analysis of how an AI system could affect individuals, groups, and society, done before the system goes live and re-run when it materially changes. It matters because it is where fairness, safety, and DPDP automated-decision obligations converge, and it is the control auditors probe hardest. A box-ticked 'low risk' with no reasoning is a guaranteed finding.
How many controls are in ISO 42001?
Annex A defines 38 controls across nine control objectives, with implementation guidance in Annex B. You are not required to implement all of them; you justify inclusion and exclusion in a Statement of Applicability based on your context and risk, just as with ISO 27001.
How long from starting to holding a certificate?
For a smaller organisation with one to three AI systems, realistically four to six months. For a larger organisation with multiple AI products and a complex supply chain, eight to twelve months. The long pole is almost never the audit; it is building impact assessments, model cards, and data provenance for systems that never had them.
Liked the post? Share on:





Leave A Comment