Blog

The widespread use of AI is in full force, reshaping industries, economies, societies, and business practices. From healthcare diagnostics and financial forecasting to enhanced education and public services, AI systems are being deployed at unprecedented speed and scale. With its rapid adoption comes both immense benefits and equal amounts of concern over transparency, accountability, fairness, and privacy.

As artificial intelligence (AI) technologies become more deeply embedded in business operations, the need for responsible, transparent, and auditable AI management practices has never been more critical. ISO 42001 provides a structured framework to help organizations govern their AI systems responsibly and ethically.

This article was featured in the World Economic Forum, written by Schellman’s Jerrad Bartczak, Senior Associate AI, and Stu Block, Sustainability Practice Director.

As artificial intelligence continues to become increasingly integrated into regular business operations, the need for its responsible development and use also continues to grow. From bias and fairness to data privacy and security concerns, the risks associated with AI are driving governments around the world to introduce new and evolving legislation aimed at ensuring its ethical and safe deployment.

As AI continues to transform industries worldwide and organizations continue to innovate their use of AI in regular practice, they are also faced with growing pressure to demonstrate that their AI systems are secure, trustworthy, and responsible. With regulatory scrutiny and public concern over widespread use of AI on the rise, aligning with established frameworks and standards has become essential for maintaining credibility and mitigating risk.

As the adoption of artificial intelligence (AI) continues to grow and evolve across industries, so do concerns about security, trust, and responsible use and management. In response, as a joint effort between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the ISO/IEC 42001:2023 framework was officially published in December 2023.

ISO/IEC 42001:2023 is rapidly becoming the global standard for Artificial Intelligence (AI ) governance. While it is a close cousin of ISO/IEC 27001:2022, ISO 42001—rather than focusing primarily on cyber and information security—takes a more holistic approach to risk management for AI systems.

Within a few months of their latest update to their Data Protection Requirements (DPR) to address a coding incident (version 9.1), Microsoft released a draft or “pre-read” for their version 10 requirements that will be utilized for its Supplier Security and Privacy Assurance (SSPA) process as of the 2025 fiscal year. Arguably the largest update to the DPR since September 2018, v10’s new mandates address artificial intelligence (AI) and include important references to ISO 42001 that suppliers may want to take advantage of during their next compliance cycle.