Webinar recap: ISO/IEC 42001:2023 AI management system

ISO/IEC 42001

Recently, we hosted an in-depth webinar on ISO/IEC 42001:2023, a critical standard for AI management systems. Our expert speaker, Antonina Burlachenko, Head of Regulatory and Quality Consulting at Star, provided comprehensive insights into the framework, its application, and implications for organizations utilizing artificial intelligence. This session was particularly valuable for those interested in aligning their AI practices with global standards, ensuring ethical AI development, implementing and maintaining regulatory compliance.

The necessity of AI regulation

AI technology brings numerous opportunities but also introduces unique risks that require robust regulatory frameworks. The automated, complex, and scalable nature of AI systems necessitates a comprehensive approach to regulation. Our webinar emphasized the importance of ISO/IEC 42001:2023 in establishing a clear compliance framework to address these challenges. Key regulatory concerns include:

  • Transparency of automated decision systems
  • Autonomy levels in AI systems
  • Heavy dependence of machine-learning systems on data
  • Risks such as human automation bias, non-compliance with data privacy regulations, and discrimination

Global regulatory landscape

Understanding the global regulatory landscape is crucial for an effective AI management system. Antonina provided an overview of significant international regulations that influence AI development, demonstrating how ISO/IEC 42001:2023 aligns with these frameworks to facilitate global compliance. Key regulations discussed included:

  • EU AI Act: Expected to be enforced by the end of June 2024, focusing on ensuring responsible AI development and usage.
  • Brazil AI law: Emphasizes the principle of good faith in the development, implementation and use of AI systems.
  • Other jurisdictions: Included regulatory measures from the US, China, Canada, and Australia, each contributing to a global perspective on AI regulation.

Structure and objectives of ISO/IEC 42001:2023

ISO/IEC 42001:2023 provides a structured framework for AI management system, integrating seamlessly with other management system standards such as quality, safety, security and privacy. The standard's primary objectives are to establish a clear, repeatable framework for AI management, enhance trust among users and regulators, improve the robustness and reliability of AI products, and facilitate faster time-to-market. The structure includes:

  • Scope and normative references: Establishing the boundaries and key references for the standard.
  • Terms and definitions: Clarifying key concepts and terminology used within the framework.
  • Context of the organization: Understanding the internal and external factors influencing AI management.
  • Leadership and commitment: Ensuring top management involvement and resource allocation.
  • Planning and support: Detailed guidelines on planning, resource management, and support mechanisms.
  • Operational controls: Managing the AI system lifecycle, from development to deployment and post-market activities.
  • Performance evaluation and improvement: Regular performance evaluations and continuous improvement processes.

Implementation of ISO/IEC 42001:2023

Implementing ISO/IEC 42001:2023 within an organization involves establishing an AI Management System (AIMS) that reflects the organization's context and stakeholder needs. This comprehensive approach includes conducting risk and impact assessments, continuous improvement, and aligning AI policies with strategic goals. Key steps include:

  • Establishing context: Defining the system's scope, setting AI policies and objectives, and aligning them with the organization's strategic direction.
  • Conducting risk and impact assessments: Identifying and evaluating risks associated with AI systems and assessing their impacts on individuals, groups, and society.
  • Responsible AI process definition: Defining all practices for data management, ML models development, validation and monitoring. 
  • Continuous improvement: Continuously improving the AIMS to adapt to new challenges and regulatory changes.

ISO/IEC 42001: Risk management

Risk management is a cornerstone of ISO/IEC 42001:2023, providing a structured approach to identifying, assessing, and mitigating risks associated with AI systems. This ensures that AI applications are developed and deployed responsibly, minimizing potential negative impacts. The standard emphasizes:

  • Risk identification and assessment: Identifying sources of risk, potential events, and their impacts on the organization and its stakeholders.
  • Risk treatment: Implementing measures to mitigate identified risks to acceptable levels and verifying the effectiveness of these measures.
  • AI impact assessment: A formal, documented process to evaluate the impacts of AI systems on individuals, groups, and societies.

Leadership and organizational commitment

Effective AI management under ISO/IEC 42001:2023 requires strong leadership and organizational commitment. The standard mandates top management involvement to ensure AI policies and objectives are aligned with the organization's strategic goals, adequate resource allocation, and promotion of continuous improvement. Essential aspects include:

  • Top management involvement: Ensuring AI policies and objectives are aligned with the organization's strategic goals.
  • Resource allocation: Providing the necessary resources for AI management, including human, data, and technological resources.
  • Promoting continuous improvement: Fostering a culture of continuous improvement and effective AI management within the organization.

Operational planning and support

ISO/IEC 42001:2023 provides detailed guidelines on operational planning and support, crucial for maintaining an effective AI management system. This includes managing the AI system lifecycle, resource management, documentation, and communication. Key components include:

  • Operational controls: Managing the AI system lifecycle, from development to deployment and post-market activities.
  • Resource management: Ensuring the availability of necessary resources, such as data, tools, and human expertise.
  • Documentation and communication: Maintaining comprehensive documentation and facilitating clear communication across the organization.

Performance evaluation and improvement

Regular performance evaluations are essential to ensure the effectiveness of the AI management system under ISO/IEC 42001:2023. This involves monitoring and measuring AI system performance, conducting internal audits, and engaging in management reviews to drive continuous improvement. Key activities include:

  • Monitoring and measurement: Implementing processes to monitor and measure the performance of AI systems.
  • Internal audits: Conducting regular internal audits to identify areas for improvement.
  • Management reviews: Periodic reviews by top management to assess the AIMS's effectiveness and drive continuous improvement.

Certification and compliance

While formal certification under ISO/IEC 42001:2023 will commence once the ISO/IEC DIS 42006 standard for certification bodies is finalized, organizations can still conduct voluntary assessments. Early gap analysis and adherence to the standard's guidelines can significantly expedite the certification process once available. Key points include:

  • Early gap analysis: Conducting early assessments to identify gaps and prepare for formal certification.
  • Certification process: Understanding the anticipated audit process, including internal and external assessments.
  • Continuous compliance: Maintaining ongoing compliance with the standard to ensure AI management systems remain effective and up-to-date.

Access the webinar recording and resources

For those who missed the live session or wish to revisit the detailed insights shared, we invite you to access the on-demand video and presentation slides.

Watch the webinar

Explore our regulatory and compliance services

Star Regulatory Offering

We offer a comprehensive suite of services to support your journey in AI management and regulatory compliance:

In addition to the comprehensive insights shared during our webinar, we invite you to download our 10Forward trend report. This forward-looking report explores potential trajectories for society, economics, and politics, and how emerging technologies like AI will shape these areas. Gain valuable perspectives on the future of healthcare, automotive and finance sectors, and discover how to position your organization for success in an evolving technological landscape.

Thank you for participating in our webinar. We look forward to supporting your AI management and regulatory compliance needs.

Related topics


North America, Big

We are truly global.
Explore our locations around the world.

North America, Big

Star is a global technology consulting firm that seamlessly integrates strategy, design and engineering as an end-to-end partner on its clients’ digital journeys. Star’s unique approach helps rapidly expanding startups and established enterprises reach their endgames while prioritizing empathy for the end-users, society, and the planet.

Insights & inspiration

Receive the latest Star insights on trends, technologies and endgame-driven approaches straight to your inbox.


Or write us at hello@star.global

© Copyright Star 2024. All rights reserved Privacy Policy

plus iconminus iconarrow icon pointing rightarrow icon pointing rightarrow icon pointing downarrow icon pointing leftarrow icon pointing toparrow icon pointing top rightPlay iconarrow pointing right in a circleDownload iconResume iconCross iconActive Badge iconInactive Badge iconFocused Badge iconDropdown Arrow iconQuestion Mark iconFacebook logoLinkedin logoLinkedIn logoFacebook logoTwitter logoInstagram logo