ISO/IEC 42001
Qu'est-ce que ISO/IEC 42001 ?
ISO/IEC 42001The first international management-system standard for AI, published in December 2023, specifying requirements to establish, implement, maintain, and continually improve an AI Management System (AIMS) for organizations that develop or use AI.
ISO/IEC 42001:2023, 'Information technology — Artificial intelligence — Management system,' is the AI counterpart of ISO/IEC 27001. It defines requirements for an AI Management System (AIMS) covering scope, leadership, planning, support, operation, performance evaluation, and improvement, plus Annex A controls organized into governance, AI policies, internal organization, resources, AI-system lifecycle, data for AI, information for interested parties, use of AI, and third-party relationships. Adoption is driven both by regulators (the EU AI Act references ISO management standards as evidence of conformity for some risk-management obligations) and by enterprise customers asking AI vendors for assurance. Independent certification bodies began offering ISO 42001 certification audits in 2024, and several major AI vendors (Anthropic, AWS AI services) achieved certification through 2024–2025. The standard pairs well with ISO 27001 (for the security of the AIMS), ISO 27701 (privacy), and the NIST AI RMF (a non-prescriptive but compatible companion framework).
● Exemples
- 01
An LLM vendor maps its model-evaluation, red-teaming, and incident-response programs to Annex A controls in pursuit of ISO/IEC 42001 certification.
- 02
An enterprise procurement team adds 'ISO/IEC 42001 certification or equivalent attestation' as a contractual requirement for any AI-platform vendor.
● Questions fréquentes
Qu'est-ce que ISO/IEC 42001 ?
The first international management-system standard for AI, published in December 2023, specifying requirements to establish, implement, maintain, and continually improve an AI Management System (AIMS) for organizations that develop or use AI. Cette notion relève de la catégorie Conformité et référentiels en cybersécurité.
Que signifie ISO/IEC 42001 ?
The first international management-system standard for AI, published in December 2023, specifying requirements to establish, implement, maintain, and continually improve an AI Management System (AIMS) for organizations that develop or use AI.
Comment fonctionne ISO/IEC 42001 ?
ISO/IEC 42001:2023, 'Information technology — Artificial intelligence — Management system,' is the AI counterpart of ISO/IEC 27001. It defines requirements for an AI Management System (AIMS) covering scope, leadership, planning, support, operation, performance evaluation, and improvement, plus Annex A controls organized into governance, AI policies, internal organization, resources, AI-system lifecycle, data for AI, information for interested parties, use of AI, and third-party relationships. Adoption is driven both by regulators (the EU AI Act references ISO management standards as evidence of conformity for some risk-management obligations) and by enterprise customers asking AI vendors for assurance. Independent certification bodies began offering ISO 42001 certification audits in 2024, and several major AI vendors (Anthropic, AWS AI services) achieved certification through 2024–2025. The standard pairs well with ISO 27001 (for the security of the AIMS), ISO 27701 (privacy), and the NIST AI RMF (a non-prescriptive but compatible companion framework).
Comment se défendre contre ISO/IEC 42001 ?
Les défenses contre ISO/IEC 42001 combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.
Quels sont les autres noms de ISO/IEC 42001 ?
Noms alternatifs courants : AIMS, AI Management System standard.
● Termes liés
- compliance№ 620
ISO/IEC 27001
Norme internationale qui spécifie les exigences d'un Système de Management de la Sécurité de l'Information (SMSI) et permet une certification formelle des organisations.
- ai-security№ 031
Gouvernance de l'IA
Ensemble de politiques, processus, rôles et contrôles qu'organisations et régulateurs mobilisent pour garantir un développement, un déploiement et une exploitation responsables et conformes des systèmes d'IA.
- compliance№ 817
NIST AI Risk Management Framework (AI RMF)
NIST's voluntary framework for managing AI risks, published January 2023 (AI RMF 1.0) with a Generative AI Profile released in July 2024, organized around four Functions: Govern, Map, Measure, and Manage.
- compliance№ 433
Reglement europeen sur l'IA
Reglement UE 2024/1689 etablissant des regles harmonisees sur l'intelligence artificielle selon une approche fondee sur les risques, avec application echelonnee entre 2025 et 2027.
- ai-security№ 038
Safety de l'IA
Discipline visant à éviter que les systèmes d'IA causent des préjudices non intentionnels aux utilisateurs, opérateurs et à la société, sur les plans technique, opérationnel et sociétal.
- ai-security№ 029
AI Bill of Materials (AIBOM)
Inventaire lisible par la machine de chaque composant entrant dans un système d'IA — datasets, modèles de base, données de fine-tuning, bibliothèques, prompts, artefacts d'évaluation — utilisé pour la sécurité, la conformité et la responsabilité.