ISO 42001 & AI governance
ISO 42001 is a real, accredited certification, and it is available now. AWS, Anthropic and OpenAI hold certificates.
It is not EU AI Act compliance, and it cannot be. That distinction is most of what this page is for - because the market is selling it hard, and a buyer who checks will find out.
CQI/IRCA ISO/IEC 27001:2022 Lead Auditor trained · IRCA Associate Auditor - ISMS · CQI Practitioner Member - PCQI
The problem
The standard is genuinely certifiable. Accredited certification bodies exist, real companies hold certificates, and the criteria those bodies are audited against were published in July 2025. None of that is in doubt, and none of it is the problem.
The problem is what gets stapled onto it. ISO 42001 cannot ever be a harmonised standard under the EU AI Act, so it cannot give you a presumption of conformity. No AI Act harmonised standard has been cited in the Official Journal at all, which means a presumption of conformity is currently available to nobody, at any price. Anyone offering you one is describing something that does not exist yet.
The same goes for the urgency. You may have seen a "€4.2M Belgian facial-recognition fine" or "€42M first EU AI Act fines". Neither happened. There are zero AI Act enforcement actions to date. The Article 99 penalty powers have applied since 2 August 2025, so the exposure is real enough to plan around - but we are not going to invent a case to hurry you.
What ISO 42001 is
Edition 1, 51 pages, published December 2023, with no revision in progress. If you have been through ISO 27001, four things will orient you quickly.
A management system, in the shape you know
ISO/IEC 42001:2023 was published on 18 December 2023. Clauses 4 to 10 follow the ISO Harmonized Structure - the same spine as ISO 27001. If you run an ISMS, the machinery is familiar: context, leadership, risk, operation, audit, review.
38 Annex A controls, and both annexes are normative
Annex A carries 38 controls across 9 groups, with 10 objectives - A.6 splits into A.6.1 and A.6.2, which is why both framings are defensible. Annex A and Annex B are both normative, unlike ISO 27001, which keeps its guidance in the separate, non-normative ISO 27002.
A Statement of Applicability, again
ISO 42001 requires an SoA. Controls are selectable and non-exhaustive, so inclusions and exclusions both need a justification that survives questioning. The discipline is the one you already know from Stage 1.
Climate change is native here
Clause 4.1 carries the climate-change text from the start. ISO 27001 needed Amd 1:2024 to get it. A small detail, and a useful signal of how recently this standard was drafted.
Certification, precisely
ANAB lists 18 accredited certification bodies for ISO 42001, none withdrawn as of 17 July 2026. UKAS granted its first accreditation, to BSI, on 15 January 2026. ISO/IEC 42006:2025 - the requirements for bodies auditing AI management systems, which is what makes accreditation possible in the first place - was published on 7 July 2025. ANAB is not the only route: Microsoft's and Salesforce's certification bodies are IAS-accredited.
Here is the caveat nobody selling this will lead with. Unlike ISO 27001, ISO 42001 is not a named scope in the international mutual-recognition arrangement. Cross-border recognition therefore rests on the individual accreditation body behind your certificate, rather than being carried automatically. It is not a reason to avoid certifying. It is a reason to ask who accredits your certification body before you sign, and to know the answer if a buyer in another market asks.
One piece of vocabulary worth getting right. Companies receive certification. Certification bodies receive accreditation. You will see the two swapped constantly, including in certified companies' own announcements. If a supplier tells you they "achieved ISO 42001 accreditation", they have told you something about how carefully they read the standard.
Who already holds one
Verified against certification bodies' public certificate directories rather than company marketing. Dates are the certificate dates.
AWS
Certified 15 November 2024
Anthropic
Certified 6 January 2025, for Claude
OpenAI
Certified 11 December 2025
Microsoft
8 named services, including GitHub Copilot, Microsoft 365 Copilot and Security Copilot
Google Cloud
Certified
IBM
Granite language models only - not IBM as a whole
Salesforce
Scope reads: Salesforce AI Platform, Agentforce and Slack AI
SAP
Certified
Oracle
Certified
Workday
Certified
Snowflake
Certified
ServiceNow
Certified
Zendesk
Certified
Intercom
Certified
Figma
Certified
Rippling
Certified
Harvey
Certified
Read the scope, not the logo. A certificate covers what its scope statement says and nothing more. IBM's covers the Granite language models only, not IBM as a whole. Slack has no certificate of its own at all - it is covered through Salesforce, and only for "Slack AI", not the platform. Google Cloud holds a certificate but names no certification body anywhere. Apply the same reading to your own suppliers, and expect your buyers to apply it to you.
One correction while we are here: the first accredited ISO 42001 certificate in the world went to ORO, on 16 July 2024. Not Microsoft, not Google, however often you have read otherwise.
ISO 42001 and the EU AI Act
The reasoning is short enough to check yourself. Harmonised standards under the AI Act must be European standards, produced by CEN, CENELEC or ETSI on a Commission request - Regulation (EU) 1025/2012, Article 2(1)(c) and Annex I. ISO and IEC are international bodies, and they are not on that list. A standard that cannot be harmonised cannot confer a presumption of conformity. No drafting, no revision and no amount of vendor enthusiasm changes that.
You do not have to take our word for it. The European Commission's AI Act standardisation FAQ of 10 March 2026 names the standard directly:
"although ISO/IEC 42001:2023 helps to set up an AI management system, its goals and definitions are not aligned with the quality management system that is required under the AI Act. This is why the Commission has requested the development of a new standard for a quality management system that focuses on regulatory compliance with the AI Act."
That new European standard is EN 18286, commissioned for the AI Act quality management system. It deliberately does not adopt ISO 42001, though it does map to it in its Annex D. The AI Act itself mentions "ISO" zero times and "42001" zero times.
So what is ISO 42001 worth? A great deal, as long as you buy it for what it is. It is an auditable AI management system that a buyer can check, from a body that can be held to account - which is more than a policy page and a promise. And because EN 18286 maps to it in Annex D, the governance work is not stranded. What it is not, and what we will not sell it as, is a shortcut to conformity. Nobody has one of those to sell today.
Where the AI Act actually stands
Article 113 of the AI Act as adopted is still operative law. These are its dates, re-checked on 17 July 2026.
In force. Prohibitions and the AI literacy obligation.
In force. GPAI obligations - and the Article 99 penalties. Not 2026: that is a widely repeated error.
General application. Article 50 transparency duties and Article 101, the Commission's fining power over GPAI providers, start that day regardless of the Digital Omnibus. General application is also what residually covers standalone high-risk under Article 6(2) - it is the default with three carve-outs, not an Annex III-specific rule.
Article 6(1) and Annex I - high-risk AI embedded in products already covered by EU product legislation.
Agreed and adopted; awaiting publication in the Official Journal. It would move standalone high-risk obligations to 2 December 2027 and the Annex I date to 2 August 2028. Until it is published it is not in force, and there is no regulation number to cite because none exists yet. Plan against Article 113 as adopted, and watch the Official Journal.
High-risk systems placed on the market before 2 August 2026 are caught only if, from that date, they are subject to significant changes in their designs. If what you already shipped stays as it is, the obligation may not reach it at all. Public-authority deployers are the exception: they must comply by 2 August 2030. This is worth settling before you budget anything.
What Kellwick delivers
The Harmonized Structure means most of the management system carries over. We build what genuinely does not exist yet, and we are explicit about where the standard stops.
An ISO 42001 readiness review, clauses 4-10 and Annex A
Where your AI governance sits against the standard as written, control by control, with the gaps that would stop a certification body ranked by what to close first.
The AI system impact assessment, built
Clauses 6.1.4 and 8.4 ask you to assess impact on third parties and society - not risk to yourself. It is the part teams with a mature ISMS most often have nothing for, because nothing in ISO 27001 asks for it.
AI system inventory, scope and Statement of Applicability
A defensible management system boundary, an inventory that includes the models you only reach through an API, and an SoA where every inclusion and exclusion across the 38 controls has a reason behind it.
Honest AI Act classification
Whether Article 6 catches your systems, whether Article 111(2) leaves what you already shipped alone, and where Article 50 transparency applies. A scoping exercise, not a conformity claim - because no one can offer you a conformity claim today.
Mapped onto the ISMS you already run
The Harmonized Structure means your context, leadership, audit and management review carry over. We map what genuinely overlaps and build only what does not, so you run one management system with two scopes rather than two of everything.
A prioritised roadmap
Sequenced by effort and buyer exposure, so certification is a project with an order to it rather than a scramble before a deadline.
ISO 27001 vs ISO 42001
If you already hold ISO 27001, this is the row-by-row answer to "what are we actually adding?"
| Area | ISO 27001 | ISO 42001 |
|---|---|---|
| What it governs | Your information - confidentiality, integrity, availability. | Your AI systems, and the people affected by them. |
| Direction of risk | Risk to your organisation. | Risk to your organisation, plus a required assessment of impact on third parties and society. This is the genuine addition. |
| Main clauses | Harmonized Structure, clauses 4-10. | Harmonized Structure, clauses 4-10. Same spine. |
| Controls | Annex A, with guidance in the separate, non-normative ISO 27002. | Annex A: 38 controls, 9 groups, 10 objectives. Annex A and Annex B are both normative. |
| Statement of Applicability | Required. | Required. Controls are selectable and non-exhaustive. |
| Climate change in clause 4.1 | Added by Amd 1:2024. | Native to the standard as published. |
| Mapping between the two | No official ISO mapping to 42001 exists. | Any mapping you have been shown is third-party. Ours included - we show our reasoning. |
| Certification | Accredited certification, long established. | Accredited certification is real and available now. ISO/IEC 42006:2025, the criteria for bodies auditing AI management systems, was published 7 July 2025. |
| Cross-border recognition | A named scope in the international mutual-recognition arrangement. | Not a named scope. Recognition rests on the individual accreditation body - worth checking before you choose one. |
Want the ongoing side handled? See vCISO / Managed ISMS - the AI system impact assessment is a standing duty, not a one-off.
AI governance self-check
Answer honestly. This is an indicative signal, not a formal gap analysis - but it will tell you quickly whether you have an AI management system or a set of good intentions about AI.
Coming from the ISO side? Start with an ISO 27001 readiness assessment and build 42001 on top of it.
ISO 42001 questions, answered
It is certifiable, through accredited certification bodies, today. ANAB lists 18 accredited certification bodies for ISO 42001, and UKAS granted its first accreditation, to BSI, on 15 January 2026. The underlying criteria for bodies auditing AI management systems, ISO/IEC 42006:2025, was published on 7 July 2025. ANAB is not the only route either - Microsoft's and Salesforce's certification bodies are IAS-accredited. One honest caveat: unlike ISO 27001, ISO 42001 is not a named scope in the international mutual-recognition arrangement, so cross-border recognition rests on the individual accreditation body. Worth asking about before you sign with one.
No, and it cannot. Harmonised standards under the AI Act must be European standards, produced by CEN, CENELEC or ETSI on a Commission request - that is Regulation (EU) 1025/2012, Article 2(1)(c) and Annex I. ISO and IEC are international bodies and are not listed, so ISO 42001 can never confer a presumption of conformity. The Commission's own AI Act standardisation FAQ of 10 March 2026 names the standard directly: "although ISO/IEC 42001:2023 helps to set up an AI management system, its goals and definitions are not aligned with the quality management system that is required under the AI Act. This is why the Commission has requested the development of a new standard for a quality management system that focuses on regulatory compliance with the AI Act." That new European standard is EN 18286. It deliberately does not adopt ISO 42001, though it maps to it in its Annex D. It is also worth knowing that no AI Act harmonised standard has been cited in the Official Journal at all yet, so a presumption of conformity is currently available to nobody, whatever they hold.
One thing above all: the AI system impact assessment, at clauses 6.1.4 and 8.4. It is a duty to assess your AI systems' impact on third parties and society - not the risk they pose to your organisation. Nothing in ISO 27001 asks for that, and it is the honest answer to why a certified ISMS is not enough. Beyond it: 38 Annex A controls specific to AI, with both Annex A and Annex B normative rather than guidance in a companion standard. The main clauses follow the same Harmonized Structure as ISO 27001, so the management system machinery carries over. Be careful with mappings, though - there is no official ISO mapping between 42001 and 27001. Everything in circulation, ours included, is third-party.
Often not, and this is the question founders ask that almost nobody puts on a marketing page. Article 111(2) says high-risk systems placed on the market before 2 August 2026 are caught only if, from that date, they are subject to significant changes in their designs. If what you shipped stays as it is, the obligation may simply not reach it. Deployers that are public authorities are the exception - they must comply by 2 August 2030. This is worth establishing early, because it can change the size of the problem before you spend anything on it.
AWS (15 November 2024), Anthropic (6 January 2025, for Claude) and OpenAI (11 December 2025) all hold certificates, as do Microsoft across 8 named services including GitHub Copilot, Microsoft 365 Copilot and Security Copilot, plus Google Cloud, SAP, Salesforce, Oracle, Workday, Snowflake, ServiceNow, Zendesk, Intercom, Figma, Rippling and Harvey. The first accredited ISO 42001 certificate in the world went to ORO, on 16 July 2024 - not to Microsoft or Google, whatever the retellings say. Read scopes rather than logos: IBM's certificate covers the Granite language models only, not IBM as a whole, and Slack has no certificate of its own - it is covered through Salesforce, and only for "Slack AI", not the platform. We verify these against certification bodies' public certificate directories, not company blog posts.
Agreed and adopted; awaiting publication in the Official Journal. It would move standalone high-risk obligations to 2 December 2027 and the Annex I embedded high-risk date to 2 August 2028. Until it is published, Article 113 of the AI Act as adopted is still the operative law, and there is no regulation number to cite for the omnibus because none exists yet. We would rather tell you that than plan your programme around a date that is not law.
No. There are zero AI Act enforcement actions to date. If you have seen a "€4.2M Belgian facial-recognition fine" or "€42M first EU AI Act fines", neither happened - they are content-farm fabrications that have travelled a long way. Article 99 penalties have applied since 2 August 2025, so the power exists. The cases do not. We will not use a fine that did not happen to sell you a readiness review.
Scoped on a short call. It depends on how many AI systems are in scope, whether you already run an ISO 27001 ISMS the work can reuse, and whether you are heading for certification or want to know the gap first. We size the work to what you actually need.
An ISO 42001 readiness review against clauses 4-10 and the 38 Annex A controls, the impact assessment built, and honest AI Act scoping. Mapped onto the ISMS you already run. Scoped on a short call.
Certification is issued by accredited certification bodies; DORA supervision is performed by regulators. Kellwick prepares you for these processes; it does not perform them and cannot guarantee their outcome. ISO 42001 certification is not EU AI Act conformity and does not confer a presumption of conformity. Kellwick provides advisory and management-system support, not legal advice.
Kellwick is an independent advisory practice. We are not a certification body and do not issue ISO certifications. Certification decisions are made only by accredited certification bodies.