Compliance Hub: ISO 42001
Build responsible Al — governed, audited, and EU Al Act ready
The world’s first Al governance standard. Get EU Al Act ready and demonstrate responsible Al practices with ISO 42001:2023 certification — independently audited evidence that your Al systems are governed, monitored, and aligned to emerging global regulation.
Why Get Certified Now?
ISO 42001 was published in December 2023. The EU Al Act is already in effect. Organisations that move now get certified, compliant, and competitive — those that wait face penalties, lost deals, and reactive scrambles.
EU Al Act enforcement
The EU Al Actis in force and carries penalties up to €35M or 7% of global revenue. ISO 42001 provides the documented governance framework regulators expect.
EU Al Act enforcement
The EU Al Actis in force and carries penalties up to €35M or 7% of global revenue. ISO 42001 provides the documented governance framework regulators expect.
AI Liability Exposure
Al failures, algorithmic bias, and hallucinations create legal liability. ISO 42001 certification demonstrates due diligence and systematic risk mitigation in Al deployment.
Investor & board confidence
VCs and institutional investors increasingly require responsible Al practices. Certification signals organisational maturity and reduces reputational and governance risk.
What is ISO 42001?
The world's first international standard for Al governance
ISO/IEC 42001:2023 is the world's first international standard for Artificial Intelligence Management Systems (AIMS). It provides a comprehensive framework for responsible Al development, deployment, and use — covering governance, risk management, ethics, transparency, and continuous oversight.
The standard helps organisations establish Al governance structures, manage Al-specific risks including bias, explainability failures, hallucinations, and unintended outputs — ensure ethical Al practices and maintain continuous oversight of Al systems throughout their lifecycle.
ISO 42001 can be implemented alongside ISO 27001 (information security) and ISO 27701 (privacy) to create a comprehensive governance stack covering security, privacy, and Al responsibility.
Benefits
AI System Inventory
Week 1-2AIMS Design
Weeks 2-5Controls & Risk Register
Weeks 4-8Internal Audit
Week 9Stage 1 & 2
Week 10 -12Understanding your Al system's risk tier
and what's
required
Unacceptable risk
Social scoring, real-time biometric surveillance, subliminal manipulation. Banned outright from February 2025.
High risk
Al in critical infrastructure, hiring, education, law enforcement, credit scoring, medical devices. Requires conformity assessment, AIMS documentation, and registration from August 2026.
Limited risk
Chatbots, Al-generated content, emotion recognition. Transparency obligations — users must be informed they are interacting with Al.
Minimal risk
AI enabled spam filters, recommendation engines, Alin video games. No mandatory requirements — but ISO 42001 certification provides voluntary best-practice evidence.
What's leaving Al-deploying organisations exposed
From AI inventory to certified AIMS
the full delivery journey
AI systems inventory
Map every AI system in use — built, bought, and embedded in SaaS
AIMS design
AI governance framework, policy suite, roles, and risk methodology
Controls & risk register
AI risk register built, controls implemented, bias and explainability tested
Internal audit
Pre-certification AIMS audit to close all gaps before external auditor
Stage 1 & 2 support
On-site audit support through both stages to ISO 42001 certificate
WHAT'S INCLUDED — The full scope of our ISO 42001 programme
Al systems inventory & risk classification
Comprehensive audit of every Al system in use — built, bought, and SaaS- embedded — with EU Al Act risk tier classification and AIMS scope definition.
AIMS documentation suite
Complete, bespoke Al management system documentation — Al policy, acceptable use policy, risk methodology, bias assessment framework, and all supporting procedures.
Al risk register & bias testing
Al-specific risk register covering bias, explainability, data quality, hallucination, and unintended outputs — with documented testing and treatment plans for each identified risk.
Controls implementation
Hands-on implementation of all applicable ISO 42001 controls — Al oversight mechanisms, incident response for Al failures, third-party Al assessments, and change management for Alsystems.
Internal AIMS audit
Full pre-certification internal audit simulating the external auditor's approach —witha corrective action plan to close all gaps before Stage 1 assessment.
HOW WE GET STARTED
From first call to certified AIMS — in four steps
1
AI inventory & gap assessment
We map every AI system, classify by EU AI Act risk tier, and deliver a written gap report against ISO 42001 within 2 weeks
2
AIMS design & documentation
Bespoke AI policy, acceptable use policy, risk methodology, AI register, and governance structure built for your organisation
3
Controls, bias testing & internal audit
Control implemented, staff trained, Internal Audit completed and all findings remediated before external audit.
4
Certification & aftercare
Stage 1 and Stage 2 audit supported on-site — then a 12-month aftercare programme to maintain your AIMS certificate
BUSINESS OUTCOMES — What our customers achieve
8–12 wk
Fast-track from AI inventory to certified AIMS
100%
EU AI Act article alignment coverage
First
Mover advantage — ISO 42001 published Dec 2023
Audit-ready
Annual surveillance and recertification supported
Certified AI governance — not just claimed
ISO 42001 certification is independently audited — giving customers, regulators, and investors documented evidence of responsible AI, not just an AI ethics statement
Complete governance stack
ISO 42001 + ISO 27001 + ISO 27701 — security, privacy, and AI governance certified together. One partner, one integrated programme, one audit-ready evidence library