ISO 42001 Certification

What is ISO 42001?

ISO/IEC 42001 specifies requirements for an AI Management System (AIMS) — governance, risk, transparency and lifecycle oversight of AI. Certification bodies are themselves assessed against ISO/IEC 42006.

As your certification body, Anavah assesses independently; we do not provide the implementation consultancy for systems we certify.

Who needs it?

  • You build, provide or use AI in meaningful decisions
  • You face AI due diligence from customers or regulators
  • You are preparing for EU AI Act obligations
  • You want first-mover trust in AI governance

Business benefits

Auditable AI governance

A governed system, not ad-hoc controls.

Map toward EU AI Act expectations

Aligns with the Act (does not equal legal compliance).

Win AI procurement & tenders

Answer AI questionnaires with a certificate.

Manage bias, drift & oversight

Lifecycle risk management for AI.

Faster if already 27001-certified

Shared management-system structure.

First-mover trust

Early credible certification is a differentiator.

Is this you?

  • You build, provide or use AI in decisions that matter
  • You face AI governance questions from customers or regulators
  • You want to prepare for AI regulation

Indicative timeline

1

Scoping

1–2 weeks, depending on scope.

2

Stage 1

Readiness & documentation review.

3

Stage 2

Certification audit.

4

Decision & certificate

Independent decision; certificate issued.

5

Surveillance

Annual, across a 3-year cycle.

Duration depends on scope and readiness — indicative only, never guaranteed.

Certification process

1

Application & Scoping

Define scope, confirm eligibility.

2

Stage 1

Documentation & readiness review.

3

Stage 2

Evidence-based certification audit.

4

Certification Decision

Independent reviewer decides.

5

Surveillance & Recertification

3-year cycle with annual surveillance.

Frequently asked questions

Is ISO 42001 the same as EU AI Act compliance?
No. ISO 42001 provides an auditable AI management system that maps onto many of the Act’s expectations, but it is not itself a legal compliance determination.
Are your auditors AI-competent?
AIMS assessments are conducted by auditors with AI competence, consistent with the requirements for bodies certifying AI management systems (ISO/IEC 42006).
We already have ISO 27001 — is 42001 faster?
Organisations with an existing ISMS often move faster because the two standards share a common management-system structure.

Request a proposal

Tell us about your scope. We reply within one business day.

We reply within one business day. By submitting you agree to our Privacy Policy.

Related

ISO 27001 Certification

Information security base standard.

Explore →

ISO 27701 Certification

Privacy management system.

Explore →

Accreditation status

Where our accreditation stands.

Explore →