ISO/IEC 42001 emerges as key AI management standard

- The standard follows the same high-level structure as other widely adopted ISO management systems, such as ISO/IEC 27001 for information security, which is intended to simplify integration for organizations. - Unlike the legally binding EU AI Act, ISO/IEC 42001 is a voluntary standard; however, its framework aligns with the principles of both the EU regulation and the U.S. National Institute of Standards and Technology's (NIST) AI Risk Management Framework, positioning it as a tool for demonstrating global compliance. - The first ISO/IEC 42001 certificate in China was issued to the robotics company OrionStar in July 2024 by the certification body SGS, signaling the standard's adoption within the country's domestic tech industry. - The development of the standard was a collaborative effort involving a diverse group of stakeholders, including representatives from industry, regulatory bodies, academia, and non-governmental organizations. - Certification to ISO/IEC 42001 is valid for three years and requires annual surveillance audits to ensure ongoing compliance and continuous improvement of the AI Management System. - The standard provides a structured framework for the entire AI system lifecycle, from initial design and data management to deployment and ongoing monitoring, with annexes offering specific implementation guidance. - ISO/IEC 42001 is part of a broader series of AI-related standards from ISO/IEC, and it is designed to complement them by providing a holistic management system approach to AI risks and governance.