Stand up an ISO/IEC 42001 AI management system (AIMS) — inventory your AI, assess risk and impact, operate the Annex A controls, and keep audit-ready evidence — in one workspace.
Standard
ISO/IEC 42001:2023 — AI management systems
Who it is for
Any organisation that develops, provides or uses AI
What you build
A certifiable AI management system (AIMS)
ISO/IEC 42001:2023 is a voluntary, certifiable international standard — not a law. It specifies how to establish, operate and improve an AI management system, through a main body (Clauses 4–10) and 38 Annex A controls. In force since December 2023.
ISO 42001 sets the management-system shape for trustworthy AI: a plan-do-check-act cycle in the main body plus Annex A controls. The core building blocks:
Define context and scope, set leadership and an AI policy, plan around AI risks, provide resources and competence, operate the system, evaluate performance and improve continually.
Identify and treat AI risks, and assess the impact of AI systems on individuals and groups — with documented assessments you can show an auditor.
Operate 38 controls spanning AI policies, internal roles, resources, data, the AI system life cycle, information for interested parties, responsible use and third-party relationships.
Keep documented information and event logs, run internal audits and management reviews, and handle nonconformities so you can prove the system works.
The platform gives you the AIMS tooling out of the box — the governance you would otherwise assemble from spreadsheets and documents.
Catalogue every AI system with its owner, purpose and life-cycle stage — the resource and life-cycle backbone of your AIMS (Annex A.4 / A.6).
Run AI risk classification and fundamental-rights impact assessments (FRIA), and keep the documented outputs Clause 6 and Annex A.5 expect.
Track each Annex A control against your evidence, see the gaps, and assign corrective actions to close them.
Capture an immutable, timestamped audit trail of every change — the documented information and event logs Clause 9 and Annex A.6.2.8 rely on.
ISO/IEC 42001:2023 is the first international management-system standard for artificial intelligence. It specifies how to establish, implement, maintain and continually improve an AI management system (AIMS) so an organisation can govern its development and use of AI responsibly. It has been in force since December 2023.
Any organisation that develops, provides or uses AI systems — regardless of size or sector — can adopt it. It is increasingly requested in enterprise procurement and AI-vendor selection.
No. It is a voluntary, certifiable standard rather than legislation. Certification is a recognised way to demonstrate responsible AI governance to customers, partners and regulators.
They are complementary. ISO 42001 gives you the management-system scaffolding — AI policies, risk and impact assessment, Annex A controls and audit — that also supports EU AI Act obligations such as the risk-management and quality-management systems required for high-risk AI systems. Evidence built for one largely supports the other.
Establish your AIMS, operate it long enough to generate evidence, run an internal audit and management review, then engage an accredited certification body for a two-stage external audit. LandingRed helps you build and evidence the AIMS up to that point.
Take the free self-assessment to map your AI governance against an AI management system in a few minutes — no account required.