For years, the honest answer to "how well does this vendor govern its AI?" was a shrug. You could ask, but there was no shared standard to ask against, no certificate to check, and no independent auditor to lean on. ISO/IEC 42001 changes that. Published in December 2023 by ISO and IEC, it is the world's first international AI management system standard, and it is certifiable, which means a third party can audit a vendor against it and issue a certificate you can request and verify. For TPRM teams, that is a meaningful new signal. It is also one that is easy to over-read, so it is worth understanding both what the standard gives you and what a certificate does not prove.
What ISO/IEC 42001 Actually Is
ISO/IEC 42001:2023 specifies the requirements for establishing, implementing, maintaining, and continually improving an AI management system, often abbreviated AIMS. It applies to any organization that develops, provides, or uses AI, regardless of size or industry, which means it spans the whole AI value chain from the model builders to the companies embedding AI in their products to the enterprises deploying it.
If you know ISO/IEC 27001, the information security standard, the shape will feel familiar. ISO 42001 uses the same harmonized management-system structure, with requirement clauses covering organizational context, leadership, planning, support, operation, performance evaluation, and improvement. Like ISO 27001, it pairs those requirements with a reference set of controls, in this case 38 controls organized across nine areas, spanning AI policy, roles and resources, data governance, the AI system lifecycle, transparency to interested parties, responsible use, and third-party relationships. Organizations select which controls apply based on a risk assessment and document their choices in a Statement of Applicability, which an auditor reviews.
One requirement sets ISO 42001 apart from a pure security standard: the AI system impact assessment. Beyond assessing risk to the organization, the standard asks an organization to assess the impact of its AI systems on individuals, groups, and society. That is a governance idea, not just a security one, and it is the clearest sign that ISO 42001 is about responsible AI, not only about protecting data.
Where It Fits With NIST and the EU AI Act
ISO 42001 does not stand alone. It sits alongside two other instruments that TPRM teams increasingly track together, and the relationship is worth getting right.
The EU AI Act is binding law, structured around risk tiers, that imposes obligations based on how an AI system is used. The NIST AI Risk Management Framework is a voluntary operational framework built around the functions of govern, map, measure, and manage. ISO 42001 is the certifiable management system that can operationalize both, letting an organization run one control set and map it to the day-to-day practices of the NIST framework and the legal obligations of the Act. The common shorthand is that the Act is the legal floor, the NIST framework is the operating method, and ISO 42001 is the management system that ties them together and can be independently certified.
Who Is Actually Certified
Adoption moved quickly among the large AI providers, which matters because those are the fourth parties sitting behind many vendors' AI features. Amazon Web Services announced accredited ISO/IEC 42001 certification in November 2024, initially covering a defined set of AI services including Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe. Anthropic announced certification in January 2025. Microsoft first certified Microsoft 365 Copilot and Copilot Chat in March 2025 and has since extended certification to additional AI products. Each of these certifications was issued by an accredited certification body.
Read those announcements carefully, because scope is everything. In every case, the certificate covers specific named products and their management system, not the entire company. A vendor may hold ISO 42001 certification for one AI product while the product you are actually buying sits outside the certified scope. Confirming that the certificate covers the specific service you are procuring is the single most important check, and the one most often skipped.
Using ISO 42001 in Vendor Assurance
The standard becomes useful the moment you turn it into questions and evidence requests. Here is how to put it to work in a third-party AI assessment.
| Action | What it gives you |
|---|---|
| Require or prefer accredited certification | Independent, audited evidence of AI governance, not vendor self-attestation |
| Verify the certificate scope | Confirmation that the certified AIMS covers the specific product you are buying |
| Request the Statement of Applicability | Visibility into which controls the vendor applied, and which they excluded and why |
| Map your questionnaire to the controls | Targeted questions on impact assessment, data governance, bias, oversight, and transparency |
| Ask for surveillance audit results | Evidence the program is maintained over time, since ISO certification includes periodic surveillance |
The Statement of Applicability deserves particular attention. Because the standard lets organizations exclude controls with justification, the excluded list tells you where a vendor decided a control did not apply. Sometimes that is reasonable. Sometimes it is a gap worth questioning. Either way, it is far more informative than a checkbox on a questionnaire, and it is the kind of evidence-based diligence that goes well beyond what a form can capture.
For regulated organizations, ISO 42001 also slots neatly into existing third-party governance obligations. If you already assess critical vendors under regimes like DORA or manage AI vendors as part of your shadow AI program, a certification requirement gives you a clean, auditable bar to hold vendors to, and a way to compare them against one another on AI governance rather than marketing claims.
A Realistic Take
ISO 42001 is young, and certification is still far from universal, so requiring it outright would rule out many capable vendors today. The pragmatic approach is to treat it as a strong positive signal and a clear direction of travel: prefer certified vendors where they exist, ask uncertified vendors about their roadmap toward it, and use the standard's control set as the backbone of your AI questionnaire even when a vendor is not yet certified. As the large model providers and major SaaS vendors continue to certify, a portfolio-wide expectation becomes realistic. Starting now, with your highest-risk AI vendors, puts you ahead of that curve.
Protect Your Organization from Third-Party Risk
Fair TPRM is a free, open-source platform for vendor risk management, GRC compliance, and FAIR risk quantification.
Free Demo Download SourceSources & References
- ISO/IEC 42001:2023 Information technology, Artificial intelligence, Management system - International Organization for Standardization, December 2023
- AWS achieves ISO/IEC 42001:2023 accredited certification - Amazon Web Services, November 2024
- Anthropic achieves ISO 42001 certification for responsible AI - Anthropic, January 2025
- Microsoft 365 Copilot achieves ISO/IEC 42001:2023 certification - Microsoft, 2025
- How ISO/IEC 42001 and NIST AI RMF help comply with the EU AI Act - Cloud Security Alliance, January 29, 2025
- Artificial Intelligence standardization (JTC 21) - CEN-CENELEC
- ISO 42001 vs ISO 27001: how the standards differ - ISMS.online