International standard · certifiable · 2023

ISO/IEC 42001, the standard that makes your AI auditable.

The first certifiable AI management standard. It does not judge your models: it judges the system that governs them.

The essentials

Published in December 2023, ISO/IEC 42001 is the first international certifiable standard dedicated to the AI management system, the AIMS. It does for AI what ISO 27001 did for information security: transform good intentions into a verifiable system.

The standard follows the harmonized ISO management system structure: context, leadership, planning, support, operation, performance evaluation, improvement. An annex of AI-specific controls completes it, from system lifecycle to impact assessment.

Its logic is the plan-do-check-improve cycle. You do not certify a perfect AI; you certify an organization that knows how to govern its AI and can prove it.

What

A management system standard, like ISO 9001 or ISO 27001, but for AI. Third-party certification is possible.

Since

December 2023. The first organizational certifications followed in 2024.

For whom

Any organization that develops or uses AI and wants demonstrable governance, from a small business to a large enterprise.

What the standard requires, in practice

RequirementIn plain language
Context and stakeholdersKnow which AI systems affect you, and who they affect.
Leadership and policyAn AI policy backed by leadership, with named roles.
Risk and impact assessmentAssess the risks and impacts of each system, before and during its use.
Governed lifecycleDeployment, monitoring, modification, and decommissioning documented.
Continual improvementInternal audits, management reviews, corrective actions: the system learns.

In the AI id framework, ISO/IEC 42001 weighs heavily on the Governed, Accountable, and Reproducible properties. identifiable attests a state and a trajectory toward the standard; the firm is not an accredited certification body.

How identifiable gets you ready

identifiable prepares your organization for ISO/IEC 42001: training on the standard, building your AIMS, and assessing your trajectory against the AI id framework.

TrainingISO/IEC 42001 literacy for your teams and your leadership
AdvisoryConsulting support to close the gaps, practice by practice
AttestationEvaluation against the AI id framework and a trajectory toward the standard
See corporate training The AI id framework

Three questions that keep coming up

Is certification mandatory?

No. But it is becoming a competitive advantage in tenders, and a solid answer when a client asks how your AI is governed.

What is the difference from the NIST AI RMF?

The NIST AI RMF is a voluntary risk management framework; ISO/IEC 42001 is a certifiable management system standard. The first feeds the second. The AI id framework brings them together.

How long does preparation take?

It depends on your starting point, and that is exactly what the AI Index measures. A small business with documented practices can target a trajectory in months, not years.

How far are you from ISO/IEC 42001?

The AI Index measures your six properties against the four frameworks, including ISO/IEC 42001. First read in twelve questions.

Get your AI Index Talk to identifiable