min

Regulations

ISO 42001, a key standard in artificial intelligence: definition

Introduction

Artificial intelligence (AI) has evolved rapidly in recent years. In a world where it represents a genuine technological breakthrough, the challenges associated with its safety, ethics and regulation are becoming increasingly complex.

ISO 42001, an international standard covering AI management systems, was published in December 2023, helping to limit various potential abuses such as algorithmic discrimination, invasion of privacy through excessive data collection, or the negative impact on transparency and accountability of automated decisions.

‍

What is ISO 42001?

How does it work?

As with any management system standard, ISO/IEC 42001 requires the implementation of an organization, documentation, internal audits and management reviews. However, it focuses specifically on the IA system, integrating impact assessment & additional risk analysis.

This risk analysis can be implemented by following the method used in the NIST guideline, which provides a structured set of guidelines designed to manage the potential risks associated with the use and deployment of artificial intelligence.

‍

The architecture of the standard

ISO 42001 is the first AI management system standard. It has emerged as a key standard, providing a structured framework for the management and assessment of AI systems. It is divided into 10 chapters, including :

The first 3 chapters are for information only:

1 - Scope

2 - Normative references

3 - Terms and definitions

7 chapters that can be placed in a PDCA model :

Through its various chapters, ISO 42001 establishes requirements for implementing, maintaining and improving an AI management system within an organization. This will enable them to demonstrate a level of confidence in their organization and in their management of the risks associated with their AI system, based on the requirements of this standard.

‍

The place of ISO 42001 in artificial intelligence standards & guides

To better understand the integration of different ISO standards in the context of artificial intelligence management, the diagram below illustrates the structure and interconnections between ISO 42001 and other relevant standards.

Source : Cyberzone FEELAGILE 49 : Deciphering ISO 42001 with LNE

ISO 42001 forms the basis of this scheme, providing the fundamental requirements and guidelines for AI management systems. By defining organizational policies relating to AI, ISO 42001 serves as the foundation on which operational management systems and processes are implemented.

These elements then enable the certification and compliance crucial to establishing trust, accountability and transparency with customers. Other standards, such as ISO 38507, 23894 and 42005, complement ISO 42001. They provide specific guidelines for risk assessment and system impact. In addition, they aim to ensure comprehensive, harmonized AI management within organizations.

‍

What types of organization are concerned by ISO 42001?

Let's take a look at who may be affected by ISO 42001:

Source : Cyberzone FEELAGILE 49 : Deciphering ISO 42001 with LNE

AI providers: Organizations that supply AI platforms, products or services.
AI producers: Artificial intelligence developers, designers, testers, installers and evaluators
AI service providers: Linked to AI producers, who will provide, for example, the datasets contributing to the implementation of an AI platform, products or services.
Competent authorities: They will act as regulators with regard to updating or issuing certification.
AI topics: AI Users (companies) who are going to deploy or use artificial intelligence may also be concerned by ISO 42001.

‍

What can this certification achieve?

An organization can obtain 42001 certification to comply with part of the requirements of the IA Act. AFNOR offers 42001 certification for those wishing to anticipate the implementation of the IA Act.

42001 certification enables :

Setting up AI governance by following ethical rules. This also builds stakeholder trust through responsible use of AI.
The traceability of decisions made by AI systems.
Anticipating and proactively managing AI-related risks.
A commitment to the thoughtful, ethical and efficient use of AI.

Source : AFNOR

‍

Finally, a certification to prepare for the IA act?

Source : Cyberzone FEELAGILE 49 : Deciphering ISO 42001 with LNE

The importance of the IA Act for players in the world of artificial intelligence

The ISO 42001 standard enables a company to comply with part of the IA Act. This regulation aims to regulate and promote the development and marketing of AI systems in the European Union.

These regulations will be mandatory for all organizations working with AI. So it's time to get ready!

If you too would like to prepare for ISO 42001 certification, our specialized teams will be able to support you, train you and also help you pass this certification. Contact our team!

‍

Join our newsletter

Cybersecurity tips, analyses and news delivered to your inbox every month!

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Our latest Blog posts

See all articles

Guide complet des certifications individuelles en cybersécurité

Découvrez les principales certifications individuelles en cybersécurité, leurs avantages, les modalités de préparation, les coûts, et comment choisir celle adaptée à votre carrière.

Read the article

Pentest and ISO 27001: the key to securing your information system

Find out why pentesting is essential for ISO 27001 certification. Methodology, benefits, choice of service provider: follow our advice to strengthen the security of your information system.

Read the article

Maintaining WSIS

How and why should you maintain your management system?

Read the article