ISO/IEC 42001
ISO/IEC 42001 is the international management-system standard for artificial intelligence, published in 2023. It specifies how an organisation should establish, implement, maintain, and continually improve an AI management system (AIMS) - the AI equivalent of ISO 27001 for information security - and is increasingly requested by enterprise customers.
What it covers
ISO/IEC 42001 defines a governance framework: AI policy, roles and responsibilities, risk and impact assessment, controls (Annex A), and continual improvement. Unlike the EU AI Act it is voluntary, but certification is a strong trust signal in enterprise procurement and RFPs.
Relationship to the EU AI Act
The two overlap heavily: the risk-management, data-governance, and oversight work you do for the EU AI Act maps onto ISO 42001 Annex A controls. ComplyAgent reuses a single classification across both, so you don't redo the work per standard.
Last reviewed June 2026 by the ComplyAgent team.
See also our EU AI Act compliance guide, ISO/IEC 42001 and NIST AI RMF, or browse the full glossary.