A Bird’s-Eye View Of ISO/IEC 42001

Keyboard with white keys, the shift key is green and has the words Artificial Intelligence

 

We are currently in the initial phases of regulating the responsible use of Artificial Intelligence (AI). In March 2023, NIST released the AI Risk Management Framework, and on October 30, President Biden issued the Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. Furthermore, on December 18, 2023, ISO published ISO/IEC 42001 - Information technology - Artificial Intelligence - Management System, while on March 13 2024 the European Parliament approved the Artificial Intelligence Act that ensures safety and compliance with fundamental rights, while boosting innovation.

All of these initiatives share a common goal: to provide policies and measures that support the use of AI for research, personal services, and business while managing associated risks and ensuring security and fundamental rights.

What is ISO/IEC 42001:2023?

ISO/IEC 42001:2023 is part of a series of upcoming ISO publications on AI. Another publication, ISO/IEC DIS 42005 (still in development) will “provide guidance for organizations performing AI system impact assessments for individuals and societies that can be affected by an AI system and its intended and foreseeable applications”. 

ISO/IEC 42001:2023 and similar initiatives aim to protect various aspects of an AI system throughout its lifecycle. These aspects include safety, security, safeguards, fairness, transparency, data quality, and systems quality. The ultimate goal is to create an artificial intelligence management system (AIMS).

What is ISO/IEC 42001:2023 for?

The purpose of ISO/IEC 42001:2023 is to ensure the responsible development and use of AI systems by:

  • Promoting the development and use of AI systems that are reliable, transparent, and accountable;
  • Emphasizing ethical principles and values in the use of AI systems, such as fairness, non-discrimination, and respect for privacy;
  • Helping organizations identify and mitigate the risks associated with the implementation of AI, and ensuring that appropriate mitigation measures are in place;
  • Encouraging organizations to prioritize human well-being, safety, and user experience in the design and implementation of AI;
  • Helping organizations comply with privacy laws and regulations or stakeholder obligations.


The standard requires applying appropriate controls throughout the product or service delivery lifecycle. AI is dynamic and can lead to unpredictable outcomes if left unchecked. Therefore, it is crucial to constantly review these controls.

Who is it for?

The ISO/IEC 42001 standard applies to any public and private organizations that develop, use, or provide AI-based products or services.

The standard follows the HLS (High-Level Structure) model, which allows for easy integration with other management system standards, such as ISO/IEC 27001:2022, ISO/IEC 27701:2019, and ISO 9001:2015.

What are the implementation requirements?

To successfully implement an AIMS, an organization must consider the following requirements:

  • Organizational background: An organization should understand the purpose of implementing AI and how to govern such systems. It is important to capture stakeholder expectations and define the scope of AI goals.
  • Leadership: An organization should define leadership and implementation of goals. Additionally, they should develop and publish an AI policy that outlines roles, responsibilities, and authorities.
  • Planning: Organizations should conduct a risk and impact assessment and establish AI goals. They should also implement appropriate change management procedures.
  • Support: Organizations must identify and provide resources for expertise, awareness, communication methods, and documented information storage and control.
  • Operational: Organizations must define operational planning and control. They should also conduct AI risk assessments, risk treatments, and AI system impact assessments.  
  • Performance Evaluation: Organizations must monitor, measure, analyze, and evaluate risks and controls of their AI system. Expectations for internal audit and management review should be clearly defined and developed based on evaluation results.
  • Improvement: Organizations should establish feedback methods for AIMS implementation and consider improvement opportunities. The evaluation process should be ongoing as non-conformities and corrective actions are assessed.
Why is it important?

An AI management system like ISO/IEC 42001:2023 empowers your organization to maximize the benefits of AI while mitigating risks and building trust. It can help you:

  • Improve the quality, security, and reliability of your AI applications. For example, implementing the standard's data quality requirements can help identify and address biases in your training data, leading to fairer and more accurate AI outputs.
  • Increase public and stakeholder trust in your AI practices. Demonstrating compliance with this internationally recognized standard can reassure stakeholders that your organization takes responsible AI development seriously.
  • Reduce development costs by using efficient AI processes. Thorough planning and risk assessments can help identify and address potential issues early on, saving time and resources during development.
  • Ensure compliance with relevant regulations. Adopting ISO/IEC 42001:2023 can help your organization stay ahead of the curve and demonstrate compliance efforts as AI regulations continue to evolve.
  • Meet the expectations of stakeholders regarding responsible AI use. Implementing ethical principles and ensuring transparency in your AI development aligns with stakeholder expectations for responsible and trustworthy technology.
  • Improve your organization's efficiency and risk management with the systematic approach of the standard for AI development. This approach can streamline processes, identify and mitigate risks, and ultimately enhance overall efficiency.

By implementing this standard, your organization can stay ahead of the curve in the evolving landscape of AI. This will ensure responsible and beneficial use of this powerful technology.

 

Do you want to contribute with an article, a blog post or a webinar?

We’re always on the lookout for informative, useful and well-researched content relative to our industry.

Write to us.

Isabella Massardo

Content strategist at GALA. A linguist and technologist who has lived in Italy, Russia and the Netherlands. Through GALA, Isabella offers the translation community content that’s relevant, reliable, and timely. She is always on the lookout for thought-provoking globalization and localization topics.