ISO/IEC 42001

DEFINITION

ISO/IEC 42001:2023 is the international management-system standard for artificial intelligence. Published in 2023 and adopted at increasing pace through 2025 and 2026, it specifies the management-system requirements an organisation must demonstrate to claim mature AI governance: risk assessment, supplier evaluation, audit trail, continuous improvement, and named accountability. ISO/IEC 42001 does not prescribe technical controls; it prescribes the management system that produces them. Defensibility is the lived application of ISO/IEC 42001 inside a legal function.