← Home/Governance/ISO 42001 · AI Governance

ISO 42001, the standard for AI governance,
applied to your agents in production.

ISO/IEC 42001 is the first international standard for an artificial intelligence management system (AIMS). It structures governance, risk management, and continuous oversight of your AI systems. At Koneetiv, it is the foundation of the LOOP™ methodology — to deploy Claude agents that are compliant, traceable, and supervised.

Audit my ISO 42001 readinessSee the approach →
2023
publication of the ISO/IEC 42001 standard
AIMS
certifiable AI management system
LOOP™
our methodology aligned with ISO 42001
2023publication of the ISO/IEC 42001 standard
AIMSAI management system
LOOP™methodology aligned with ISO 42001
2023publication of the ISO/IEC 42001 standard
AIMSAI management system
LOOP™methodology aligned with ISO 42001
The standard

ISO 42001,
the first framework for AI management.

Published in late 2023, ISO/IEC 42001 defines how an organization establishes, operates, and improves an AI management system. Risk-based approach, system inventory, documented controls, continuous improvement: it is the framework that makes your AI governance auditable — and provides the operational proof the EU AI Act expects.

Dec. 2023
Publication of ISO/IEC 42001
The first international standard for an AI management system (AIMS), developed by ISO and IEC. The ISO 27001 counterpart for artificial intelligence.
AIMS
A risk-based approach
AI system inventory, risk assessment, controls, roles and responsibilities, continuous improvement — the PDCA cycle applied to AI.
Certifiable
Third-party audit
An organization can be certified ISO 42001 by an accredited body — a trust signal for customers, regulators, and partners.
AI Act
The bridge to the regulation
ISO 42001 provides the operational governance structure the EU AI Act requires without detailing it. Aligning with the standard means anticipating regulatory compliance.
The approach

What an ISO 42001
program covers.

Five concrete, audit-ready pillars. The backbone of an ISO 42001-compliant AI management system — applicable to your Claude agents and your entire AI estate.

1Complete AI inventoryDeliverable 01

Exhaustive mapping of all your AI systems — including undeclared shadow IT. Each use case identified, documented, assigned to an owner.

2AI Act classification by risk levelDeliverable 02

Each AI system classified according to the official European AI Act taxonomy: unacceptable risk, high risk, limited risk, minimal risk.

3Gap analysis ISO 42001 + NIST AI RMFDeliverable 03

Analysis of gaps between your current situation and the requirements of both frameworks. Consolidated view of target governance.

4Prioritized remediation planDeliverable 04

Concrete roadmap to close identified gaps, with milestones and designated owners. Presentable to the Comex or an external audit.

5Compliance registerDeliverable 05

Complete reference document, ready for external audit or regulatory inspection. Maintained over time with LOOP™.

Deliverable 01
Complete AI inventory
Exhaustive mapping of all your AI systems — including shadow IT not declared to IT.
SaaS AI tools · Internal models · Automations · Third-party integrations · Shadow IT identified
Deliverable 02
AI Act classification by risk level
Each AI system classified according to the official European AI Act taxonomy.
Unacceptable risk · High risk · Limited risk · Minimal risk — with documented justification
Deliverable 03
Gap analysis ISO 42001 + NIST AI RMF
Analysis of gaps between your current situation and the requirements of both major frameworks.
Identified gaps · Current maturity level · Missing requirements · Compliance priorities
Deliverable 04
Prioritized remediation plan
Concrete roadmap to close identified gaps, with milestones and designated owners.
Prioritized actions · Dated milestones · Owners · Estimated effort · Dependencies
Deliverable 05
Compliance register
Complete reference document, ready for external audit or regulatory inspection.
Excel + docx format · Audit-ready · Full traceability · Easy updates
Who it's for

Built for AI compliance
decision-makers.

ISO 42001 concerns those who bear responsibility for AI governance and compliance within their organization.

CEO / General Manager
Visibility on AI risks
Get a complete map of your organization's exposure to AI-related regulatory risks, with a clear reading of priorities.
DPO / Compliance
Audit-ready in a few weeks
Have all required documents ready to respond to an external audit or regulatory request — without a last-minute scramble.
CFO / Financial Director
Quantify regulatory exposure
Precisely quantify the financial risk of non-compliance and justify the compliance investment against potential fines.
CTO / CDO
Exhaustive inventory including shadow IT
Identify all AI systems in use in your organization — including those deployed outside IT — and regain control of your AI assets.
Frequently asked questions

ISO 42001: the key questions.

What is the ISO 42001 standard?
ISO/IEC 42001 is the first international standard dedicated to artificial intelligence management. Published in late 2023 by ISO and IEC, it defines the requirements of an AI management system (AIMS): governance, risk management, controls, transparency, and continuous improvement. It is the equivalent of ISO 27001 (information security), applied to AI.
What is the difference between ISO 42001 and the EU AI Act?
The AI Act is a binding European regulation that sets legal obligations by risk level. ISO 42001 is a voluntary standard that provides the method to organize AI governance. They are complementary: getting ISO 42001 certified provides the operational proof of governance an AI Act auditor expects.
ISO 42001 vs ISO 27001: what is the difference?
ISO 27001 governs information security; ISO 42001 specifically governs AI systems — bias, robustness, human oversight, transparency, model lifecycle. Both standards share the same management-system logic (PDCA) and interlock: an organization already certified ISO 27001 has a solid foundation for ISO 42001.
How do you get ISO 42001 certified?
Certification is granted by an accredited third-party body, after setting up a compliant AI management system: AI system inventory, risk analysis, documented controls, roles and responsibilities, internal audit. Koneetiv structures this journey through the LOOP™ methodology and a Claude Ignite scoping audit.
Does ISO 42001 apply to AI agents and Claude?
Yes. ISO 42001 covers any AI system, including autonomous agents based on LLMs such as Claude (Anthropic). For agents in production, the standard requires human oversight, decision traceability, and drift measurement — exactly what Koneetiv's LOOP™ methodology operationalizes (confidence zones, escalations, kill switch).
Where do you start an ISO 42001 program?
With an assessment: inventory of your AI systems (including shadow IT), risk classification, and a gap analysis against ISO 42001 requirements. That is the purpose of a Claude Ignite audit, which produces a prioritized roadmap to compliance — without blocking your ongoing deployments.
Go further

ISO 42001 compliance
is only a starting point.

Frame, deploy, steer, govern: once the standard is in place, here's where to continue.

Frame
Claude Ignite
Audit your AI use cases and prioritize with Claude Ignite.
Deploy
Claude Ops
Industrialize your Claude agents in production with Claude Ops.
Steer
Claude Cockpit
Continuously oversee your AI portfolio with Claude Cockpit.
Govern
LOOP™ — AI Governance
The Koneetiv governance methodology that operationalizes ISO 42001.

Structure your
ISO 42001 governance.

Inventory, risk classification, ISO 42001 gap analysis, remediation plan: the journey starts with a Claude Ignite audit. We assess your maturity and map the path to compliance.

Audit my readiness