The Schellman Blog

The information in this article was originally presented on January 15, 2026, at a Public Hearing to the New York State Senate Standing Committee on Internet and Technology to discuss risks, solutions, and best practices with respect to the use of artificial intelligence in consequential or high-risk contexts, and related issues.

As interest in ISO 42001 certification has surged over the past year, we've heard a steady stream of questions from organizations seeking to build their AI governance strategy and operationalize their Artificial Intelligence Management Systems (AIMS) responsibly. From understanding practical preparation steps to what to expect during the audit, many teams are looking for clearer guidance as they navigate this newer management system standard.

As artificial intelligence becomes increasingly embedded in core business operations and customer-facing product offerings, organizations are under growing pressure to ensure their AI systems are safe, ethical, transparent, and well-governed. ISO 42001, the world’s first international standard for AI management systems, provides the structure needed to build trustworthy AI and demonstrate responsible governance to customers, regulators, and partners.

ISO 27701 is a globally recognized standard for establishing a privacy information management system (PIMS), outlining the requirements and supporting controls that should be fulfilled and implemented. Compliance with ISO 27701 indicates that an organization has implemented a system to manage risks related to data privacy and the processing of personally identifiable information (PII).

As artificial intelligence (AI) technologies become more deeply embedded in business operations, the need for responsible, transparent, and auditable AI management practices has never been more critical. ISO 42001 provides a structured framework to help organizations govern their AI systems responsibly and ethically.

This article was featured in the World Economic Forum, written by Schellman’s Jerrad Bartczak, Senior Associate AI, and Stu Block, Sustainability Practice Director.

In a world where data privacy laws and regulations are rapidly changing, the new ISO 27701:2025 standard has finally arrived and is bringing fresh challenges – and opportunities – for businesses trying to navigate privacy compliance. ISO 27701 is one of several internationally recognized standards in the ISO 27000 family that contain requirements and guidance for information security and privacy management.

Organizations complete mergers and acquisitions (M&A) all the time, be it for growth and expansion, to further synergize or diversify, or for other incentives. And as varied as your reason(s) may be for your latest realignment, there is one consistent impact M&A has no matter the driver—the effect on your ongoing compliance cycles. As such, you need to have a plan to properly adjust, especially since there are different paths you can take when accommodating such an organizational shift.