ISO 42001 Clauses

Overview of ISO 42001 Requirements

Creation of an AIMS (AI Management System) What falls within scope? The Statement of Applicability (AI Controls Catalogue) ISO 42001 clauses ISO 42001 Annexes (Annex A–D) ISO 42001 Annex A Required documentation Maintaining an AIMS

ISO/IEC 42001 is structured using Annex SL, the standardized framework used across all modern ISO management system standards. This structure ensures consistency with standards such as ISO 27001 and ISO 9001, making it easier for organizations to integrate AI governance into existing compliance and management systems.
The standard is divided into 10 clauses, each addressing a specific aspect of how an organization governs artificial intelligence. Together, these clauses define the requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS). Not all clauses are assessed during certification.

Clauses 1 to 3 provide background, definitions, and references that help interpret the standard.
Clauses 4 to 10 contain the mandatory requirements that organizations must meet to achieve and maintain ISO 42001 certification.

Clauses 1–3 (informative) These clauses include the scope, normative references (notably ISO 22989 for AI terminology), and terms/definitions; they provide helpful context but are not directly audited. Clauses 4–10 (requirements for certification)

Clause 4 – Context of the organization: Understand internal/external issues, stakeholders, and define AIMS scope (which AI systems, processes, and locations are covered).
Clause 5 – Leadership: Requires top management commitment, AI policy, roles and responsibilities, and integration of AI governance into business processes.
Clause 6 – Planning: Addresses AI risks and opportunities, AI‑specific risk assessment and treatment, AI impact assessments, and setting AI objectives.
Clause 7 – Support: Resources, competence, awareness, communication, and documented information needed for the AIMS.
Clause 8 – Operation: Operational planning and control across the AI lifecycle (design, development, deployment, monitoring, and change management).
Clause 9 – Performance evaluation: Monitoring, metrics, internal audit, and management review to check AIMS effectiveness.
Clause 10 – Improvement: Handling nonconformities, incidents, and continual improvement of AI governance.

ISO 42001 Annexes (Annex A–D)

Download the SOC 2 prepkit for free.

We’ve consolidated all the basics. Check where you stand, and access ready-made templates to kickstart your SOC 2 journey.

The Sprinto advantage

The SOC 2 certification process can feel overwhelming. Sprinto simplifies this journey by automating up to 80% of the work, making it up to 5X faster and saving up to 60% of costs. Beyond just passing the audit, it maintains continuous compliance through real-time monitoring of security controls with 200+ integrations.

With Sprinto doing the heavy lifting, you can focus on growing your business with the confidence that your security and compliance are always one step ahead.

Schedule Demo Start Now

SOC Frameworks Overview

SOC 2 Basics

SOC 2 Compliance Process

Sprinto: Your ally for all things compliance, risk, governance

Schedule Demo