ISO 42001:2023 has been on the shelf for three months and the number one question we hear from organisations is the same one every time: “What does it actually require us to do?”

It is a fair question. The standard runs to dozens of pages of requirements, guidance, and annexes. Reading it cold, without context, produces a mental model that is either too abstract (“we need to govern AI”) or too overwhelming (“we need to document everything”). Neither is useful.

This post gives you the practical breakdown — what ISO 42001 requires, why each element exists, and what it looks like in an organisation that has implemented it properly.

The AI Inventory: Where Everything Starts

Before a single control is implemented, ISO 42001 requires you to know what AI systems your organisation actually operates. This sounds obvious. In practice, it is one of the most revealing exercises organisations undertake — because AI has proliferated quietly across many businesses in ways that are not centrally tracked.

Your AI inventory should document: what each AI system does, who developed it (internally or third party), what data it uses, what decisions or outputs it produces, who is affected by those outputs, and what risk classification applies. The risk classification is particularly important — ISO 42001 expects organisations to apply differentiated governance based on the risk level of each AI system. A low-risk AI tool for scheduling meetings requires different controls from a high-risk AI system making credit or hiring decisions.

The AI Policy: More Than a Statement of Intent

ISO 42001 Clause 5.2 requires top management to establish an AI policy. Unlike a generic technology policy, this must address topics specific to AI governance:

An AI policy that simply says “we are committed to using AI responsibly” is not an ISO 42001-compliant AI policy. It needs to make commitments that can be operationalised and evidenced.

AI Risk Assessment: The Core of the Standard

ISO 42001’s risk management requirements are where the standard does its most distinctive work. Clause 6.1 and Clause 8 require organisations to establish and apply an AI-specific risk assessment process — one that goes beyond standard information security risk management to address risks particular to AI.

AI-specific risks include:

Risks to affected individuals. What are the potential harms to people who are affected by your AI system’s outputs? An AI system that makes recommendations about loan eligibility, medical treatment, or employment carries risks of unfair outcomes, discrimination, or harm to individuals who had no say in the AI’s training or deployment.

Risks from model behaviour. How does the AI system behave in conditions that differ from its training environment? What happens if input data is manipulated, incomplete, or out of distribution? AI systems can fail in ways that conventional software does not — and those failure modes require specific assessment.

Risks from data. What data was used to train the system? Is it representative, accurate, and obtained appropriately? Training data quality directly affects the reliability and fairness of AI outputs — and poor training data is one of the most common sources of AI-related harm.

Transparency and explainability risks. Can the AI system’s outputs be explained to the people they affect? For high-risk applications, the inability to explain an AI decision may itself constitute a regulatory non-compliance — particularly under the EU AI Act and GDPR’s automated decision-making provisions.

Annex A Controls: What You Choose and Why

ISO 42001’s Annex A provides a reference set of controls covering: AI system impact assessment, data governance for AI, AI system documentation, responsible AI use guidelines, human oversight of AI systems, and incident response for AI-related failures.

As with ISO 27001’s Annex A, organisations must review all controls, document applicability decisions in a Statement of Applicability, and implement applicable controls with evidence. The key requirement is that your control choices must be justified by your risk assessment — not selected from a template.

Two controls deserve particular attention because they are most commonly under-implemented:

AI system impact assessment. Before deploying a new AI system, you should assess its potential impacts on individuals, groups, and society. This is distinct from a technical risk assessment — it focuses on the downstream consequences of AI outputs, not just the probability of system failure.

Human oversight mechanisms. For AI systems whose outputs affect significant decisions, controls must be in place to ensure humans can monitor, review, and override those outputs. This is not just a policy commitment — it requires documented processes, trained personnel, and evidence of oversight operating in practice.

Internal Audit and Management Review

ISO 42001 requires planned internal audits of the AIMS and formal management reviews — the same continuous improvement cycle required by ISO 27001 and ISO 27701. The internal audit tests whether controls are implemented and operating. The management review tests whether the AIMS is achieving its objectives and whether leadership is appropriately engaged.

For organisations already running ISO 27001 or ISO 27701, these requirements will be familiar in structure. The content is different — AI-specific metrics, AI incident records, AI system changes — but the governance machinery is the same.

What a Well-Implemented AIMS Looks Like

An organisation with a mature ISO 42001 AIMS can answer the following questions clearly and with documented evidence: What AI systems do we operate and what do they do? How have we classified each by risk? What controls have we implemented for each? How do we monitor them? What incidents have occurred and how were they handled? When did management last formally review our AI governance programme?

Organisations that cannot answer these questions do not have an AIMS — they have AI systems and a policy document. The standard exists to close that gap.

Bitsecura builds ISO 42001 AIMS implementations that start with your actual AI footprint — not a template. We map your AI systems, classify them by risk, design controls proportionate to that risk, and build the governance infrastructure that makes certification achievable and maintainable. No boilerplate. No checkbox exercise.

If you want a clear picture of what ISO 42001 implementation would involve for your organisation, talk to us here. No strings attached.


Bitsecura provides ISO 42001 AIMS implementation, internal audit, and maintenance services. Learn more about our ISO 42001 services.