ISO/IEC 42001:2023 is a standard that specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving an AI (artificial intelligence) management system within the context of an organization. The standard is intended for use by any organization, regardless of size, type and nature, that provides or uses products or services that utilize AI systems.

ISO:42001 aims to help organizations develop, provide or use AI systems responsibly in pursuing their objectives and meeting applicable requirements, obligations related to interested parties and expectations from them. The standard also aims to help organizations improve the quality, security, traceability, transparency and reliability of AI applications, as well as solve some implementation challenges. Moreover, the standard aims to help organizations build greater confidence in AI systems, reduce the costs of AI development, maintain regulatory compliance, meet customer, staff and other stakeholder expectations around the ethical and responsible use of AI, and improve efficiency and risk management.

The standard covers the following topics:

Core components to the standard are principles of AI ethics, such as fairness, accountability, transparency, privacy, security, human dignity, human agency, and social and environmental well-being. The standard also follows the Plan-Do-Check-Act (PDCA) cycle, which is a common approach for managing processes and systems.

This release was developed by the ISO/IEC Joint Technical Committee 1 (JTC 1), which is responsible for information technology standards, and its subcommittee 42 (SC 42), which is responsible for artificial intelligence standards.

The framework is part of the overall ISO/IEC 42000 series, which covers various aspects of AI, such as terminology, reference architecture, trustworthiness, governance, use cases and applications, and assessment. The standard is also aligned with other relevant standards, such as ISO 9001 (quality management), ISO 14001 (environmental management), ISO 27001 (information security management), ISO 31000 (risk management), and ISO 37001 (anti-bribery management).