ISO-42001
ISO/IEC 42001:2023 — AI Management Systems
International
Version 1.0
503 obligations
Requirement
239
Risk Management
78
Documentation
71
Transparency
39
Monitoring
31
Data Governance
24
Human Oversight
12
Conformity
8
Reporting
1
Reset
- I. ISO/IEC 42001:2023 AI Management System Requirements
- Ch. I — Context, Leadership, and Planning (Clauses 4-6)
- Art. 4.1. Understanding the organization and its context (8)
- Art. 4.2. Understanding the needs and expectations of interested parties (4)
- Art. 4.3. Determining the scope of the AI management system (9)
- Art. 4.4. AI management system (12)
- Art. 5.1. Leadership and commitment (10)
- Art. 5.2. AI policy (8)
- Art. 5.3. Roles, responsibilities and authorities (10)
- Art. 6.1.1. General (actions to address risks and opportunities) (7)
- Art. 6.1.2. AI risk assessment (13)
- Art. 6.1.3. AI risk treatment (6)
- Art. 6.1.4. AI system impact assessment (5)
- Art. 6.2. AI objectives and planning to achieve them (12)
- Art. 6.3. Planning of changes (7)
- Ch. II — Support and Operation (Clauses 7-8)
- Art. 7.1. Resources (9)
- Art. 7.2. Competence (5)
- Art. 7.3. Awareness (6)
- Art. 7.4. Communication (3)
- Art. 7.5. Documented information (9)
- Art. 8.1. Operational planning and control (10)
- Art. 8.2. AI risk assessment (operational) (6)
- Art. 8.3. AI risk treatment (operational) (6)
- Art. 8.4. AI system impact assessment (operational) (13)
- Ch. III — Performance Evaluation and Improvement (Clauses 9-10)
- Art. 9.1. Monitoring, measurement, analysis and evaluation (4)
- Art. 9.2. Internal audit (10)
- Art. 9.3. Management review (10)
- Art. 10.1. Continual improvement (9)
- Art. 10.2. Nonconformity and corrective action (10)
- Ch. IV — Annex A Controls — Policies and Organization (A.2-A.3)
- Art. A.2.2. AI Policy (9)
- Art. A.2.3. Responsible AI Topics in AI Policy (4)
- Art. A.3.2. Roles and Responsibilities for AI (6)
- Art. A.3.3. Reporting of AI Concerns (9)
- Art. A.3.4. Impact of Organizational Changes (6)
- Ch. V — Annex A Controls — Resources and Impact Assessment (A.4-A.5)
- Art. A.4.2. Resources Related to AI Systems (5)
- Art. A.4.3. Competencies Related to AI Systems (4)
- Art. A.4.4. Awareness of Responsible Use of AI Systems (4)
- Art. A.4.5. Consultation (6)
- Art. A.4.6. Communication About the AI System (6)
- Art. A.5.2. AI System Risk Assessment (5)
- Art. A.5.3. AI System Impact Assessment (8)
- Art. A.5.4. Impact of AI System Documentation (4)
- Ch. VI — Annex A Controls — AI System Life Cycle (A.6)
- Art. A.6.2.2. Design and Development of AI System (5)
- Art. A.6.2.3. Training and Testing AI Model (14)
- Art. A.6.2.4. Verification and Validation of AI System (7)
- Art. A.6.2.5. Deployment of AI System (10)
- Art. A.6.2.6. Operation and Monitoring of AI System (10)
- Art. A.6.2.7. Retirement of AI System (10)
- Art. A.6.2.8. Responsible AI System Integration (9)
- Art. A.6.2.9. AI System Documentation (7)
- Art. A.6.2.10. Defined Use and Misuse of AI System (5)
- Art. A.6.2.11. Management of Third-Party AI System Components (6)
- Ch. VII — Annex A Controls — Data, Information, and Relationships (A.7-A.10)
- Art. A.7.2. Data for Development and Enhancement of AI System (11)
- Art. A.7.3. Data Quality for ML and Data for AI System (11)
- Art. A.7.4. Data Preparation (11)
- Art. A.7.5. Data Acquisition and Collection (6)
- Art. A.7.6. Data Provenance (7)
- Art. A.8.2. Informing Interested Parties About AI System Interaction (6)
- Art. A.8.3. Informing Interested Parties About AI Outcomes (4)
- Art. A.8.4. Access to Information About AI System Interaction (5)
- Art. A.8.5. Enabling Appropriate Human Actions in Response to AI Outputs (7)
- Art. A.9.2. Objectives for Responsible Use of AI System (6)
- Art. A.9.3. Intended Use of AI System (4)
- Art. A.9.4. Processes for Responsible Use of AI System (7)
- Art. A.9.5. Human Oversight Aspects (11)
- Art. A.10.2. Suppliers of AI System Components (8)
- Art. A.10.3. Shared ML Models (14)
- Art. A.10.4. Provision of AI System to Third Parties (5)
Human Oversight Obligations
12Title I — ISO/IEC 42001:2023 AI Management System Requirements
Chapter I — Context, Leadership, and Planning (Clauses 4-6)
Chapter II — Support and Operation (Clauses 7-8)
Chapter III — Performance Evaluation and Improvement (Clauses 9-10)
Chapter IV — Annex A Controls — Policies and Organization (A.2-A.3)
Chapter V — Annex A Controls — Resources and Impact Assessment (A.4-A.5)
Chapter VI — Annex A Controls — AI System Life Cycle (A.6)
Article A.6.2.8. Responsible AI System Integration
1 obligation
Chapter VII — Annex A Controls — Data, Information, and Relationships (A.7-A.10)
Article A.8.5. Enabling Appropriate Human Actions in Response to AI Outputs
1 obligation
Article A.9.5. Human Oversight Aspects
10 obligations
ISO42001-A.9.5-01
Human Oversight
Determine and implement human oversight measures
The organization must identify and put in place appropriate human oversight measures for its AI systems that are proport
ISO42001-A.9.5-02
Human Oversight
Enable qualified individuals to understand AI system capabilities and limitations
Human oversight measures must enable qualified individuals to understand the AI system's capabilities and limitations.
ISO42001-A.9.5-04
Human Oversight
Enable interpretation of AI system outputs
Human oversight measures must enable qualified individuals to interpret the AI system's outputs.
ISO42001-A.9.5-05
Human Oversight
Enable intervention when necessary
Human oversight measures must enable qualified individuals to intervene when necessary in AI system operations.
ISO42001-A.9.5-06
Human Oversight
Enable override or halt of AI system to prevent harm
Human oversight measures must enable qualified individuals to override or halt the AI system in situations where continu
ISO42001-A.9.5-07
Human Oversight
Ensure oversight personnel have appropriate authority
The organization must ensure that individuals performing oversight roles have the authority needed to exercise effective
ISO42001-A.9.5-08
Human Oversight
Ensure oversight personnel have appropriate competence
The organization must ensure that individuals performing oversight roles have the competence needed to exercise effectiv
ISO42001-A.9.5-09
Human Oversight
Ensure oversight personnel have access to information
The organization must ensure that individuals performing oversight roles have access to information needed to exercise e
ISO42001-A.9.5-10
Human Oversight
Ensure oversight personnel have appropriate tools
The organization must ensure that individuals performing oversight roles have the tools needed to exercise effective ove
ISO42001-A.9.5-11
Human Oversight
Ensure organizational structure supports independent oversight functions
The organization must ensure that the organizational structure supports independent oversight functions.