ISO 42001 asks for two linked exercises, not one. An AI risk assessment weighs risks to your objectives from building or using AI. An AI system impact assessment weighs the consequences for individuals, groups and society. Together they decide which Annex A controls you record in the Statement of Applicability.
What is an AI risk assessment under ISO 42001?
It is the clause 6 planning exercise that identifies and treats risks to your objectives from developing, providing or using AI systems. The standard then pairs it with a second exercise the security world does not have, the AI system impact assessment. Run only the first and you have built half of what an auditor expects. ISO/IEC 42001:2023, published in December 2023, is the first standard that certifies an AI management system. It shares the clause 4 to 10 backbone of ISO 27001, so planning sits in clause 6 and operation in clause 8. The risk assessment feeds control selection: you weigh what your risks need against the 38 Annex A controls across nine objectives, then record each inclusion or exclusion, with justification, in a Statement of Applicability.
How is it different from an ISO 27001 information security risk assessment?
An information security risk assessment asks what could harm your information: its confidentiality, integrity and availability. An AI risk assessment widens that lens twice. The risk sources are particular to AI, and the assessment of impact runs outward to the people the system affects, not only inward to the organisation. Annex C of the standard lists AI specific risk sources a security register rarely captures: the level of automation and human oversight, the complexity of the operating environment, opacity and limited explainability in machine learning, the quality and provenance of training data, and the potential for a system to behave in ways its designers did not intend. A confidentiality, integrity and availability register does not see most of these. An existing ISO 27001 management system gives you the scaffold but not the AI content. ISO 42001 adds the AI specific obligations, a point we develop in why AI governance matters now.
What does the AI system impact assessment cover?
It assesses the potential consequences of an AI system for individuals, groups and society, not just the risk to the organisation. ISO 42001 requires it in planning under clause 6 and requires you to perform and document it in operation under clause 8. The areas it reaches are the ones that make AI different: fairness and bias in outcomes, transparency and explainability of decisions, safety, accountability for what the system does, and the privacy of the people whose data it uses. It is about harm to people. A recruitment screening model that quietly down ranks a class of applicants passes every availability and integrity test and still fails an impact assessment. Document who could be affected, how, and what you will do about it. Cite the requirement at clause level, since the sub clause numbering varies between editions and summaries; name clauses 6 and 8 rather than a precise decimal.
How do you actually run one?
Work outward from an inventory to a treatment decision, then let the result drive control selection. Build an AI system inventory first, because you cannot assess what you have not listed and shadow AI is the usual gap. Set the scope and the risk criteria. Identify risk sources against Annex C. Assess likelihood and consequence for your objectives, then assess the impacts on individuals, groups and society. Decide treatment. Select the Annex A controls your treatment needs and record them, with the exclusions, in the Statement of Applicability. The two assessments run together but answer different questions, which the table below sets out.
| Aspect | AI risk assessment | AI system impact assessment |
|---|---|---|
| Core question | What could go wrong for our objectives? | Who could the system harm, and how? |
| Direction | Inward, risk to the organisation | Outward, consequences for people and society |
| Typical inputs | Annex C risk sources, likelihood and consequence | Fairness, bias, transparency, safety, accountability, privacy |
| Where in the standard | Clause 6 planning | Clauses 6 and 8, planned then performed |
| Output | Risk treatment decisions | Documented impacts and mitigations |
| Feeds | Annex A control selection in the SoA | Annex A control selection in the SoA |
How does it line up with Australian and EU expectations?
Closely enough that one well run assessment serves several masters, though a certificate is not legal compliance. The Department of Industry, Science and Resources published a Voluntary AI Safety Standard in September 2024 with ten guardrails; risk management, data governance, testing and human oversight map straight onto the ISO 42001 assessment work. In the EU, the AI Act requires certain deployers of high risk AI to run a fundamental rights impact assessment under Article 27, which covers much of the same ground as the AI system impact assessment. ISO 42001 certification does not by itself make you compliant with the EU AI Act, and the Act does not require the certificate, but the assessment you build for one is most of the evidence for the other. Neither replaces advice on where your systems actually fall.
No. The risk assessment weighs risks to your objectives; the impact assessment weighs the consequences for individuals, groups and society. ISO 42001 requires both, and both feed your Statement of Applicability.
No. Like ISO 27001, it sets requirements, not a fixed method. You choose the risk criteria and the scoring approach. Annex B gives implementation guidance and Annex C lists AI risk sources to consider.
You assess every AI system in scope, but the depth scales with its potential to affect people. A low impact internal tool and a customer facing decision model do not warrant the same effort. Record the reasoning either way.
No. It is not government mandated; demand is commercial and procurement driven. The Voluntary AI Safety Standard aligns with it, so an AI management system is a practical route to those guardrails.
Written by Gaurav Vikash, an ASD endorsed IRAP assessor and senior cyber security leader with 18 years of experience across Australia, the UK and Asia, including CISO and senior security leadership roles. He holds CISSP, CISA, CISM and CRISC and is an ISO 27001 and ISO 42001 Lead Implementer, and speaks regularly at industry conferences.
Sources:
- ISO/IEC 42001:2023, Information technology, Artificial intelligence, Management system, December 2023
- Voluntary AI Safety Standard, Department of Industry, Science and Resources, September 2024
- EU AI Act, European Commission, 2024, for the Article 27 fundamental rights impact assessment
- ISO/IEC 27001:2022, Information security management systems, 2022, for the shared clause 4 to 10 backbone
Last updated: 21 June, 2026