ISO/IEC 42001:2023, published in December 2023, is the first international management-system standard for artificial intelligence, defining requirements for establishing, implementing, and continually improving an AI management system (AIMS). Modelled on the familiar Annex SL structure of ISO 27001, it asks organisations to govern AI risk, transparency, data quality, and human oversight as a system rather than per project. By 2026 the certification market is in its first growth wave, with BSI the first body accredited by UKAS to certify the standard, and certification increasingly used as a procurement signal for AI vendors. This directory separates the consultancies that prepare an organisation for certification from the accredited bodies that audit it. No firm pays for placement.
ISO 42001 work divides cleanly into two roles that must remain independent: implementation and certification. An implementation partner helps an organisation build the AI management system — AI policy, risk assessment and impact-assessment processes, data-governance controls, human-oversight mechanisms, and the Statement of Applicability against Annex A controls. A certification body, accredited by a national accreditation authority such as UKAS, ANAB, or RvA, then audits that system in a Stage 1 and Stage 2 assessment and issues the certificate. The same firm cannot both consult on and certify the same management system without compromising impartiality, so buyers should plan for two engagements.
The standard is increasingly read alongside regulation rather than in isolation. The EU AI Act, whose obligations for general-purpose and high-risk systems phase in through 2025 and 2026, does not require ISO 42001, but a certified AIMS provides defensible evidence of the risk-management and governance practices regulators expect. Mature partners therefore map AIMS controls to AI Act articles, to the NIST AI Risk Management Framework, and to existing ISO 27001 and 27701 estates, so an organisation builds one integrated system rather than parallel compliance silos.
A realistic limitation buyers should weigh: because the standard is young, the population of auditors with deep AI-specific experience is still thin, and audit availability can constrain timelines. For broader governance and audit support see IT governance and compliance services and data privacy and GDPR services. To choose the underlying AI tooling that the management system governs, see the AI and machine learning category and the comparison of the best AI/ML platforms for enterprise.
Tell us what you're evaluating and we'll send a tailored shortlist of vendors that actually fit — no vendor funding, no pay-to-play.
6,000+ vendors · 893 comparisons · 48 country guides · Independent & vendor-neutral