ISO 42001 for AI product companies certifies the management system behind your AI, not the model or its outputs. It pulls hardest on the controls a builder owns: the AI system life cycle, data governance, and the impact assessment. Buyers and procurement teams now ask for it, and certification is the recognised, auditable answer.
Why are AI product companies being asked for ISO 42001?
Because a buyer cannot inspect your model, so they ask for the system around it. Enterprise customers and procurement teams now want evidence that an AI vendor governs how its product is built and run, and a contract clause is no longer enough on its own. ISO/IEC 42001:2023, published in December 2023, is the first certifiable AI management system standard, and accredited certification bodies have run audits against it since 2024. A certificate is not a quality claim about the model. It is proof you govern how AI is built, shipped and watched. If you want the ground rules first, start with what ISO 42001 is.
What does ISO 42001 actually certify for a company that builds AI?
The AI management system, not the algorithm. ISO 42001 sets management system requirements in clauses 4 to 10, the same Annex SL backbone as ISO 27001, and a normative Annex A of 38 controls across nine objectives. You do not implement all 38 by default. You select them against your AI risk and impact assessment and record each inclusion and exclusion in a Statement of Applicability. As a developer you sit at the sharp end of more of those controls than a pure user: the AI system life cycle, the data that feeds your models, and the impact assessment. Where product teams trip is treating Annex A as a tick list. The controls come from the assessment first, not the other way round. The readiness checklist walks the clauses.
Are you a provider or a deployer, and why does it change the scope?
The standard applies to organisations that develop, provide or use AI, and an AI product company is rarely just a user. If you build and sell an AI feature you are a provider and a developer, which pulls the life cycle and data governance controls in hardest: training and testing data lineage, model documentation, testing before release, monitoring after it ships. If your product runs on a third party foundation model, you are a deployer of someone else’s model and a provider of your own system at the same time, and both sets of obligations apply. The scope is wider than most teams first draw it.
What does the AI system impact assessment mean when your customers’ users are affected?
It is a distinct requirement, and broader than information security risk. Clause 6 requires you to assess the potential consequences of an AI system for individuals, groups and society, covering fairness and bias, transparency, safety and accountability. Clause 8 requires you to perform and document it through the life of the system. For a product company the people at risk are mostly your customers’ end users, not your own staff, so the assessment has to reach past your own walls and into how the product behaves in someone else’s hands. It is about harm to people, not only risk to your business. This is the part most readiness work underestimates, so it is worth seeing how an AI risk assessment under ISO 42001 actually works.
How does ISO 42001 sit with ISO 27001 and SOC 2?
They answer different questions. ISO 27001 secures the platform through an information security management system; ISO 42001 governs the behaviour of the AI running on top of it. The two share clauses 4 to 10, so if you already hold ISO 27001 you reuse the management system and add the AI specific controls and the impact assessment, rather than starting again. SOC 2 is a different instrument again: an attestation report against your own control commitments, common when selling to United States customers, and it does not certify a management system. None of the three substitutes for another. The split between the two ISO standards is the same idea as ISO 27001 vs SOC 2: a certified system against a fixed standard versus a report against your own commitments.
What does the EU AI Act mean if you sell your AI product into Europe?
Certification is not legal compliance, and the two are easy to confuse. The EU AI Act is binding regulation, in force since 1 August 2024 and phased in through 2025 to 2027. If you are the provider of a system the Act treats as high risk, you face it directly, with penalties reaching EUR 35 million or 7 percent of worldwide annual turnover for the most serious breaches. ISO 42001 maps onto the Act’s risk management and quality management expectations, so the governance scaffold carries over and gives you a head start. It is not a shortcut. ISO 42001 is not a harmonised standard listed in the Official Journal, so the certificate does not by itself grant the Act’s presumption of conformity, and the high risk deadlines are themselves moving while the Commission’s deferral proposals work through. Treat certification as evidence and foundation, not a legal shield, and read ISO 42001 vs the EU AI Act before you rely on one for the other.
How long does ISO 42001 take, and what does it cost?
It depends on how many AI systems you ship and how much governance already exists, so treat any single number with care. As an indicative guide, Cybernion scopes a gap analysis and AI system inventory at 3 to 6 weeks and full implementation at 4 to 9 months. There is no published certification fee, the standard sets none, and price is scoped to your AI footprint. If you already run ISO 27001, the management system is built and the AI work is the increment, which is the cheapest path in. For the drivers behind the number see what drives ISO 42001 cost, and for the wider case, why AI governance matters now.
| Annex A control objective | Why it bites for a company that builds AI |
|---|---|
| AI system life cycle | You own design, development, verification, deployment and decommissioning, so the most evidence sits here |
| Data for AI systems | Training and testing data provenance, quality and governance are yours to document, not your provider’s |
| Assessing impacts of AI systems | The harm assessment has to reach your customers’ end users, not only your own staff |
| Third party and customer relationships | You are a deployer of foundation models and a provider to customers at once, so obligations run both ways |
| Information for interested parties | What you tell customers and users about what the AI does, and where its limits are |
Frequently asked questions
No. It certifies the management system around how you develop, provide and monitor AI, not the model’s accuracy or its outputs. The model is governed, it is not graded.
Yes, if you build it into a product you provide to others. You are a deployer of that model and a provider of your own system, and both sets of obligations apply.
No. It is not government mandated, and demand is commercial and procurement driven. The DISR Voluntary AI Safety Standard, published September 2024 with ten guardrails, aligns closely with it.
No. The Act is binding law and ISO 42001 is a voluntary standard. The certificate maps onto the Act’s risk and quality expectations and is a strong foundation, but it is not legal compliance and is not a listed harmonised standard.
Written by Gaurav Vikash, an ASD endorsed IRAP assessor and senior cyber security leader with 18 years of experience across Australia, the UK and Asia, including CISO and senior security leadership roles. He holds CISSP, CISA, CISM and CRISC and is an ISO 27001 and ISO 42001 Lead Implementer, and speaks regularly at industry conferences.
Talk to us. We aren’t always chasing a transaction.
Sources:
- ISO/IEC 42001:2023, December 2023
- Voluntary AI Safety Standard, Department of Industry, Science and Resources, September 2024
- EU AI Act, European Commission, 2024
- AI Act implementation timeline, European Commission AI Act Service Desk, 2026
Last updated: 21 June, 2026