ISO/IEC 42001:2023 (Artificial Intelligence Management System) provides the most directly relevant framework for the QMS. Published in December 2023, it specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system. Its control set aligns with the AI Act’s requirements, covering risk management, data management, system engineering, verification, validation, deployment, operation, and monitoring.
Certification to ISO 42001 does not constitute EU AI Act conformity assessment; the two are distinct processes with different legal significance. ISO 42001 provides a structured foundation that makes conformity assessment significantly more efficient by establishing the governance processes, documentation practices, and review cycles that the AI Act’s QMS requirements demand.
For organisations already ISO-aligned (for example, through ISO 27001 for information security or ISO 9001 for quality management), extending to ISO 42001 leverages existing management system infrastructure and reduces the incremental effort. The AISDP’s QMS documentation should cross-reference the ISO 42001 controls to the corresponding AI Act requirements.
Key outputs
- ISO 42001:2023 as QMS foundation (not conformity assessment substitute)
- Control set alignment with AI Act Article 17 requirements
- Cross-reference to existing ISO certifications
- QMS documentation