Recently, we touched upon the European AI Act in our blog [https://heyiris.ai/about-iris/exciting-news-for-the-tech-world-unveiling-the-eu-artificial-intelligence-act]. Now, let's turn our attention to something that's creating quite a stir: ISO 42001. You might be wondering, "What's this new framework and how does it affect me?"
Imagine AI as a vast ocean of possibilities. ISO 42001 is like a lighthouse, guiding ships (in this case, companies) through the murky waters of ethics and compliance.
ISO 42001 is about setting up a cycle – it's all about creating, using, checking, and improving AI systems continuously. This cyclical approach means that there will continuously be improvements on AI use, making sure it's safe, fair, and doing what it's supposed to do. It's like having a routine check-up for AI systems to ensure they are in top shape and align with our ethical values.
This standard is being crafted to steer organizations toward the responsible and ethical implementation of AI technologies. Adopting a risk-based approach, akin to the EU AI Act, ISO 42001, while still needing to go through review and withdrawal, has been officially published.
ISO 42001 is a set of rules for how companies should use AI responsibly and ethically. It helps businesses make sure their AI is safe and follows important guidelines. Additionally, companies can get a special certification if they follow these rules well, showcasing their commitment to responsibility and ethical AI in business practice. Its unique edge lies in its compatibility with established Management System Standards (MSS) already being used in the field such as:
- ISO 27001, focused on information security management,
- ISO 27701, centered on privacy protection,
- ISO 9001, the foundational standard for quality management.
The current draft of ISO 42001 looks into a few key areas in this field such as
- Resources for AI systems
- The AI system lifecycle
- Data management for AI
- Policy considerations
- Internal organization structures (such as reporting mechanisms), and more!
For our business, adopting ISO 42001 requires significant investment in time, money, and effort, and could also lead to temporary disruptions in our operations and strategies. Like many businesses, we’ll weigh the literal costs against what could be a major competitive advantage heading into 2024.
Our partners are already seeing questions in their questionnaires relating to the usage of AI, and I have to imagine that with this new framework, these questions will become increasingly complex and nuanced across partners.
Embracing ISO 42001 is more than just compliance; it's part of a larger narrative shaping the future of AI and we do believe that not so far in the future, much like SOC 2 has become the standard, as will ISO 42001.
Manimbo, D. (2023a, December 13). How ISO 42001 “aims” to promote trustworthy AI. Schellman Compliance. https://www.schellman.com/blog/iso-certifications/how-iso-42001-aims-to-promote-trustworthy-ai
ISO/IEC 42001:2023. ISO. (2023, December 18). https://www.iso.org/standard/81230.html