ISO IEC 42001-2023 PDF

Full title and description

ISO/IEC 42001:2023 — Information technology — Artificial intelligence — Management system. This international standard specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS) to govern the responsible development, deployment and use of AI systems within an organization.

Abstract

ISO/IEC 42001:2023 sets out a management-system approach (aligned with Plan–Do–Check–Act principles) to help organizations identify and manage AI-related risks and opportunities, strengthen governance and accountability, and support transparency, human oversight and continual improvement across AI lifecycles. It is applicable across industries and organization types that provide or use AI-enabled products or services.

General information

• Status: Published.
• Publication date: 18 December 2023 (publication recorded December 2023).
• Publisher: International Organization for Standardization (ISO) / IEC joint standard (ISO/IEC).
• ICS / categories: 35.020; 03.100.70 (Information technology; Artificial intelligence).
• Edition / version: Edition 1.0 (ISO/IEC 42001:2023).
• Number of pages: 51 pages.

Scope

Applies to any organization, regardless of size, type or nature, that provides or uses products or services that utilize AI systems. The standard focuses on management-system requirements for responsible AI governance rather than technical specifications for particular AI models; it helps organizations integrate AI risk management, compliance, and ethical considerations into their existing management systems.

Key topics and requirements

• Establishing an Artificial Intelligence Management System (AIMS) aligned with organizational context, leadership and policies.
• Risk identification, assessment and treatment for AI systems across their lifecycle.
• Governance, roles and accountability, including responsibilities for AI outcomes and human oversight.
• Data governance and lifecycle management (quality, provenance, privacy and security considerations).
• Transparency, explainability and documentation to support traceability and stakeholder communication.
• Compliance with legal, regulatory and stakeholder requirements and continuous monitoring of obligations.
• Competence, training and awareness for personnel involved in AI activities.
• Performance monitoring, evaluation, incident management and continual improvement of the AIMS.

Typical use and users

Organizations developing, integrating or using AI-enabled products or services (private companies, public-sector agencies, non-profits), AI program managers, risk and compliance teams, auditors and certification bodies. Early adopters and service providers have begun implementing the standard and seeking third‑party certification to demonstrate responsible AI governance.

Related standards

ISO/IEC 42001:2023 is part of the broader ISO/IEC JTC 1/SC 42 AI work programme and is complementary to other AI and IT standards such as ISO/IEC 22989 (AI — Concepts and terminology), ISO/IEC 23053 (AI frameworks for ML), ISO/IEC 23894 (AI risk management guidance) and established management-system standards (for example ISO 9001, ISO/IEC 27001) for quality and information security management.

Keywords

Artificial intelligence management system (AIMS), AI governance, responsible AI, AI risk management, transparency, accountability, human oversight, data governance, certification, PDCA, ISO/IEC 42001:2023.

FAQ

Q: What is this standard?

A: ISO/IEC 42001:2023 is an international management‑system standard that defines requirements and guidance for establishing an Artificial Intelligence Management System to manage risks and opportunities associated with AI.

Q: What does it cover?

A: It covers organizational governance, risk assessment and treatment for AI systems, data governance, transparency and documentation, competence and oversight, compliance and continual improvement of AI practices—focusing on management controls rather than model‑level technical details.

Q: Who typically uses it?

A: Any organization that develops, deploys, purchases or operates AI systems—this includes product teams, AI engineers, risk/compliance officers, legal teams, auditors and certification bodies.

Q: Is it current or superseded?

A: Current. ISO/IEC 42001:2023 was published in December 2023 (Edition 1.0) and is the active international standard for AI management systems. Organizations adopting the standard should reference the published 2023 edition.

Q: Is it part of a series?

A: It is part of the ISO/IEC JTC 1/SC 42 family of AI standards and is intended to work alongside other ISO/IEC AI and IT standards (for terminology, risk guidance and technical frameworks) and established management‑system standards.

Q: What are the key keywords?

A: Responsible AI, AI management system (AIMS), governance, risk management, transparency, accountability, data governance, human oversight, certification, ISO/IEC 42001:2023.