Cybereen / Standards / ISO 42001
STANDARD · INTERNATIONAL · AI GOVERNANCENEW

ISO 42001: the 2026 guide to AI management systems.

The first international standard for AI governance, published December 2023. If your board, regulator, or biggest customer is asking how you govern AI, this is the answer they'll accept. Cybereen ships 42001 as a first-class management system alongside 27001.

Map your AI usage to 42001 → Jump to the AIMS
In this guide → What 42001 is Who's adopting it The AIMS Annex A controls AI risk & impact Certification Path to ML2
01

What ISO 42001 is — and why it exists

ISO/IEC 42001:2023 is the first international standard for an Artificial Intelligence Management System (AIMS). Published in December 2023, it gives an organisation a structured, certifiable way to govern how it develops, procures and uses AI — the same way ISO 27001 gives it a way to govern information security.

It exists because AI moved faster than anyone's governance did. Boards approved tools they couldn't explain, regulators started asking pointed questions, and procurement teams began writing "how do you govern AI?" into their security questionnaires. 42001 is the answer that doesn't require inventing your own framework: an internationally recognised management system that says, in audit-ready terms, we know what AI we run, what it could do, and who is accountable for it.

The honest version: 42001 isn't about whether you're allowed to use AI. It's about being able to prove you use it deliberately — with a register, an owner, an impact assessment and a review cycle — instead of by accident.
02

Who is adopting it first

The early movers are the organisations whose customers are already asking. The large cloud and AI vendors certified quickly to take the question off the table in enterprise sales — and in doing so made it a line item their customers now have to answer too.

  • Major AI & cloud providers. Microsoft, AWS and other hyperscalers pursued 42001 certification early, turning it into a trust signal in enterprise procurement.
  • Enterprise procurement. "How do you govern AI?" is now appearing in vendor security questionnaires — and a 42001 certificate is the cleanest way to answer it once, not per-deal.
  • Government & regulated tenders. AU and UK public-sector and regulated buyers are beginning to reference AI governance expectations, with 42001 as the recognisable benchmark.
AU/UK note: 42001 is not yet legally mandatory in Australia or the UK. But the demand is arriving through your customers and tenders well before it arrives through legislation — which is exactly how 27001 became table stakes.
03

The AI Management System — analogous to 27001's ISMS

If you already run a 27001 ISMS, the shape of 42001 will feel familiar. It uses the same Plan-Do-Check-Act lifecycle and the same harmonised management-system structure (context, leadership, planning, support, operation, evaluation, improvement). The machinery is the same; the subject is AI instead of information security.

Plan

Establish the AIMS

Set AI policy, scope, objectives and risk criteria; identify the AI systems in play.

Do

Implement

Operate the Annex A controls — impact assessments, lifecycle gates, data governance.

Check

Monitor

Internal audit, performance review and AI-incident monitoring against objectives.

Act

Improve

Management review, corrective action and continual improvement of the system.

The reuse dividend: a 27001 ISMS already gives you the leadership, document control, internal-audit and management-review backbone 42001 needs. The genuinely new work is the Annex A controls and the AI impact assessment — not the management system itself.
04

The Annex A controls — what's there

Annex A of 42001 lists 38 controls grouped into nine objectives, with Annex B giving implementation guidance for each. They're the AI-specific work: where the management-system clauses are reused from 27001, these controls are what make it an AI management system.

A.2POLICIES

Policies related to AI

An AI policy aligned to business objectives, reviewed and owned at leadership level.

A.3ORG

Internal organisation

Roles, responsibilities and reporting lines for AI accountability across the org.

A.4RESOURCES

Resources for AI systems

Data, tooling, compute and human competence documented as AI system resources.

A.5IMPACT

Assessing impacts

AI system impact assessments on individuals, groups and society, before deployment.

A.6LIFECYCLE

AI system life cycle

Responsible design, development, verification, deployment and decommissioning.

A.7DATA

Data for AI systems

Provenance, quality, preparation and governance of data used to train and run AI.

A.8INFO

Information for interested parties

What you must tell users, subjects and partners about the AI they interact with.

A.9USE

Responsible use of AI

Intended-use definitions and guardrails for how AI systems are actually operated.

A.10THIRD-PARTY

Third-party & customer relationships

Allocating responsibility across suppliers, providers and customers of AI.

05

AI risk management & the AI impact assessment

42001 frames AI risk on two axes that 27001 doesn't fully cover. First, the familiar one: risk to the organisation — security, continuity, reputation. Second, the one that's new to most teams: risk to individuals and society from the AI itself — bias, opacity, safety, misuse. Both feed the AI risk register the standard expects you to keep.

The AI impact assessment

The centrepiece is the AI system impact assessment (clause 6). Where a 27001 risk assessment asks "what could happen to this asset?", the 42001 impact assessment asks "what could this AI system do to the people it touches?" — and it triggers whenever you register or materially change an AI system.

  • Triggered by registration. Adding a new AI system to the inventory — or changing its purpose — is what fires the assessment, so it can't be skipped.
  • Structured, not freeform. It considers affected parties, potential harms, likelihood and the controls that reduce them — documented and reviewable.
  • Feeds the risk treatment. The output drives which Annex A controls apply to that system, and what evidence "responsible use" requires.
06

Roles, responsibilities and lifecycle management

42001 is explicit that AI needs named accountability, not diffuse ownership. Someone owns the AI policy; someone owns each registered AI system; someone signs off impact assessments. The standard wants those roles defined and resourced — the absence of a clear owner is itself a finding.

It also expects AI to be managed across its whole lifecycle, not just at launch. The same system is governed from design and development, through verification and deployment, into operation and monitoring, and finally to retirement — with controls and evidence at each stage rather than a one-time approval that never gets revisited.

Why retirement matters: the most common AI governance gap isn't approving a system — it's the model quietly still running, unowned and unreviewed, a year after the project that introduced it ended. Lifecycle controls are what close that gap.
07

How 42001 interacts with 27001 and NIST

42001 was designed to sit alongside the management systems you may already run, not to replace them. It shares the harmonised Annex SL structure, so the overlap is real and reusable.

  • ISO 27001. If you run a 27001 ISMS, 42001 reuses most of the management-system machinery — leadership, document control, audit, review. The Annex A controls are the genuinely new work.
  • NIST AI RMF. A useful, US-origin complement — strong on risk vocabulary and function mapping. It's a framework, not a certifiable management system, so it sits next to 42001 rather than replacing it.
Reuse note: the leadership, internal-audit and management-review evidence you already produce for 27001 typically satisfies the equivalent 42001 clauses with little rework — Cybereen maps them so you don't re-collect the same artefacts twice.
08

Certification — who certifies, and what to expect

42001 is a certifiable standard. An accredited certification body audits your AIMS and, if it conforms, issues a certificate — the same Stage 1 / Stage 2 model as 27001, followed by surveillance audits and a three-year recertification cycle.

  • Stage 1. A documentation and readiness review — is the AIMS designed, scoped and documented?
  • Stage 2. An operational audit — is it actually running, with impact assessments, a populated AI register and dated evidence?
  • Surveillance & recert. Periodic surveillance audits keep the certificate live, with full recertification on a three-year cycle.

The accreditation ecosystem is still young — fewer bodies offer 42001 than 27001 today — but it is expanding quickly as demand rises. For most AU/UK organisations the practical first step isn't booking an auditor; it's reaching internal readiness, which is where the maturity path below comes in.

09

Common myths about 42001

The standard is new enough that the misconceptions are still forming. Three come up in nearly every first conversation.

"42001 means we can't use third-party AI."
False. 42001 is explicitly built for organisations that procure and use AI, not only those that build it. Annex A.10 is about governing third-party AI responsibly — registering it, assessing it, allocating responsibility — not banning it.
"It's only for AI companies."
False. The fastest-growing group of adopters is ordinary organisations that use AI tools — a marketing team on a copywriting assistant, an ops team on an analytics model. If you use AI, you're in scope.
"We need a whole new compliance programme."
False. If you run 27001, you already have the backbone. 42001 reuses the management system and adds AI-specific controls on top — it's an extension, not a parallel programme.
10

The realistic path — from "we use ChatGPT" to ML2 in 6 months

Most organisations don't start at zero policy and zero AI — they start at lots of unmanaged AI and no policy. The standard doesn't grade maturity, so Cybereen adds an internal ML0–ML3 progression to track the same AIMS the way you'd track a 27001 ISMS. A realistic target is reaching ML2 in about six months.

Month 1ML0 → ML1

Register what you already run

Inventory the AI tools already in use, stand up an AI policy and assign owners. Visibility first — you can't govern what you can't see.

Months 2–3ML1

Assess and scope the AIMS

Run impact assessments on the higher-risk systems, define AIMS scope and objectives, and decide which Annex A controls apply.

Months 4–5ML1 → ML2

Operate the controls

Run the Annex A controls for real — lifecycle gates, data governance, third-party allocation — collecting evidence as you go.

Month 6ML2

Internal review & readiness

Internal audit and management review complete, AI register live, impact assessments dated — a defensible AIMS, ready to show a board or a certifier.

42001 mandates no maturity model, so the ML0–ML3 ladder is a Cybereen convention — the same one we use for 27001 and Essential Eight — to make "where are we?" answerable on one screen instead of in a 38-control spreadsheet.
INSIDE CYBEREEN

42001 as a first-class management system.

Three things do the heavy lifting: an AIMS scaffolded against Plan-Do-Check-Act, an impact assessment that fires the moment you register an AI system, and an ML0–ML3 dashboard that tracks the AIMS the way you'd track a 27001 ISMS.

Cybereen AIMS scaffolding, ISO 42001 Annex A controls and AI risk register pre-loaded

AIMS scaffolding, pre-loaded

The full Plan-Do-Check-Act lifecycle and all Annex A controls, with an AI risk register ready on day one — not a blank management system you build from the PDF.

Cybereen AI impact assessment workflow, triggered by AI system registration per ISO 42001 clause 6

AI impact assessment workflow

Registering an AI system triggers a structured impact assessment per 42001 §6 — affected parties, harms, controls — so nothing ships ungoverned.

Cybereen maturity dashboard, ML0 to ML3 progression across the ISO 42001 AIMS

ML0–ML3 maturity dashboard

Track progression across the AIMS the same way you'd track a 27001 ISMS — one screen for "where are we?", with the 27001 overlap mapped so evidence isn't collected twice.

RELATED STANDARDS

What sits next to ISO 42001.

The standards teams most often run alongside an AI management system.

ISO · MANAGEMENT SYSTEM

ISO 27001

If you run a 27001 ISMS, 42001 reuses most of the management-system machinery — leadership, audit, review. The Annex A controls are the new work.

Read the ISO 27001 guide →
NIST · FRAMEWORK

NIST AI RMF

A US-origin framework, strong on AI risk vocabulary. Useful as a complement to 42001, not a replacement — it isn't a certifiable management system.

See the NIST guides →
APRA · INFORMATION SECURITY

APRA CPS 234

For APRA-regulated entities, 42001 and CPS 234 share evidence territory — third-party governance, incident workflows and Board accountability all overlap.

Read the CPS 234 guide →

Board asking how you govern AI? Have an ISO 42001 answer ready.

Cybereen ships 42001 as a first-class management system. Book a 30-minute walkthrough of the AIMS scaffolding against your current AI usage. Free trial, no card.

Start free trial → Book a 30-minute walk-through
Other standards on Cybereen →
Essential Eight APRA CPS 234 APRA CPS 230 ISO 27001 ISO 27002 ISO 42001 NIST CSF 2.0