ISO/IEC 42001:2023 AI Management System
ISO/IEC 42001:2023 is the first international management-system standard for artificial intelligence, published in December 2023 jointly by ISO and IEC. It specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system (AIMS) within an organisation. The standard follows the harmonised high-level structure used by ISO 27001 and ISO 9001, making integration with existing management systems straightforward. ISO 42001 is voluntary but is the most credible signal a vendor or operator can provide that AI risk is governed at the management-system level. Certification is granted by accredited third-party certification bodies (the ISO/IEC body itself does not issue certificates) and follows a typical 3-year cycle with annual surveillance audits.
Jurisdiction
Global
Enforcement
December 18, 2023
Maximum penalty
Certification standard; no statutory penalties
Key obligations
- 01Define the scope of the AI management system, including the AI systems, organisational units, and lifecycle stages it covers.
- 02Establish an AI policy, objectives, and roles & responsibilities approved by top management.
- 03Conduct AI risk assessments and AI impact assessments addressing fairness, transparency, safety, security, privacy, accountability, and societal impact.
- 04Implement Annex A controls (organisational, lifecycle, data, system, third-party, customer/end-user, and use-case controls) selected via a Statement of Applicability.
- 05Maintain documented information for AI system lifecycle (data, design, verification, deployment, operation, retirement) sufficient for an external auditor.
- 06Operate continual-improvement processes: internal audits, management review, corrective actions, and incident handling for AI-related events.
- 07For certification: pass a Stage 1 (documentation) and Stage 2 (implementation) audit by an accredited certification body, then complete annual surveillance audits.
Vendors that support ISO/IEC 42001
Sorted by coverage level. Full coverage shown first.
24 vendors
| Vendor | HQ | Founded | Size | Pricing | Coverage | Last verified |
|---|---|---|---|---|---|---|
| LatticeFlow AI | Zurich, Switzerland | 2020 | 11-50 | No public pricing. Enterprise platform sold via direct sales. Contact sales for demo and pricing. | Full | Apr 22, 2026 |
| Prompt Security | Tel Aviv, Israel | 2023 | 11-50 | Now part of SentinelOne Singularity Platform. Continues as a standalone product. Enterprise pricing only; contact sales or SentinelOne. | Full | Apr 22, 2026 |
| Enzai | Belfast, United Kingdom | 2021 | 2-10 | SaaS platform, enterprise subscription. No public pricing listed. Contact sales via enz.ai. | Full | Apr 22, 2026 |
| Fairly AI | Kitchener, Canada | 2020 | 11-50 | On-premises or private-cloud deployments; quote-based. | Full | Apr 21, 2026 |
| Collibra AI Governance | New York, United States | 2008 | 1000+ | Enterprise subscription; contact sales for custom quote based on users, assets, modules. | Full | Apr 23, 2026 |
| Trustible | Arlington, United States | 2023 | 11-50 | Contact sales for enterprise pricing; no public plans listed | Full | Apr 23, 2026 |
| ModelOp | Chicago, United States | 2018 | 11-50 | No public pricing listed; contact sales for enterprise quotes. | Full | Apr 23, 2026 |
| Modulos AI Governance | Zurich, Switzerland | 2018 | 11-50 | Contact for pricing | Comprehensive | Apr 24, 2026 |
| Scrut Automation | Palo Alto, US | 2021 | 51-200 | Contact for pricing | Comprehensive | Apr 24, 2026 |
| BABL AI | Iowa City, US | 2018 | 11-50 | Contact for pricing | Comprehensive | Apr 24, 2026 |
| Drata | San Francisco, US | 2020 | 501-1000 | Contact for pricing | Comprehensive | Apr 24, 2026 |
| Naaia | Louveciennes, FR | 2021 | 11-50 | No public pricing tiers; demo and quote requested via website. | Comprehensive | Apr 27, 2026 |
| Saidot | Helsinki, Finland | 2018 | 11-50 | No public pricing listed; contact sales implied via demos and sign-ups. | Partial | Apr 23, 2026 |
| HiddenLayer | Austin, United States | 2022 | 51-200 | Enterprise-only, contact sales for pricing. No public pricing listed on website. | Partial | Apr 22, 2026 |
| OneTrust AI Governance | Atlanta, United States | 2016 | 1000+ | Enterprise platform; contact sales for quote, no public pricing listed | Partial | Apr 23, 2026 |
| Vanta | San Francisco, USA | 2018 | 500-1000 | Contact for pricing | Partial | Apr 26, 2026 |
| IBM watsonx.governance | Armonk, USA | — | 1000+ | Contact for pricing | Partial | Apr 26, 2026 |
| Credo AI | Palo Alto, US | 2020 | 51-200 | Contact sales for enterprise subscription quote. Credo AI homepage | Partial | Apr 26, 2026 |
| Holistic AI | London, UK | 2020 | 51-200 | Enterprise platform; contact sales for quote. | Partial | Apr 26, 2026 |
| FairNow | McLean, US | 2023 | 11-50 | Contact sales for quote; no public pricing listed | Partial | Apr 26, 2026 |
| Lasso Security | Tel Aviv, IL | 2023 | 11-50 | Enterprise pricing only. Not publicly listed. | Partial | Apr 27, 2026 |
| Cranium | Short Hills, US | 2023 | 51-200 | Contact for pricing | Partial | Apr 27, 2026 |
| Citrusˣ | Tel Aviv, IL | 2021 | 11-50 | Enterprise pricing not publicly listed; demo available upon request. | Partial | Apr 27, 2026 |
| 2021.AI | Copenhagen, DK | 2016 | 51-200 | Contact for pricing | Partial | Apr 27, 2026 |
Buyer’s guide
Independent ranking with documented criteria.
See our top picks for ISO/IEC 42001Frequently asked
In-depth answers about ISO/IEC 42001.
Looking for an audit firm?
Compare 12 independent ISO/IEC 42001 audit firms by accreditation, region, and services.
See all ISO 42001 audit firmsCompare across industries
See which vendors support ISO/IEC 42001 in your sector.
Last verified April 28, 2026. Informational summary only — not legal advice. Consult qualified counsel for specific obligations.