AS ISO/IEC 42001:2023 (AU AI Management System) Annex A controls in the AU management-system shell

Why it matters for NETEVO

AS ISO/IEC 42001:2023 is the Australian adoption of ISO/IEC 42001:2023, the international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system. Three features carry its weight.

The AU national-standard designation. The international ISO/IEC 42001:2023 is the global anchor; AS ISO/IEC 42001:2023 is the Australian designation — the form in which listed-company boards reference the standard by AS number in board papers, and the designation AU procurement teams look for. The two texts mirror one another; the AS number is the AU-specific normative reference.

The management-system shell for AI obligations. The standard is built on the same Harmonized Structure (HS, formerly Annex SL 9.1) as ISO 9001, ISO 27001, ISO 31000, and the ISO (2026) IMS Practical Guide. An organisation's existing management system can therefore extend to cover AI without maintaining a parallel stack. The NETEVO Law-to-Code Methodology operationalises this integration property: AI-specific obligations are delivered as controls inside the management-system shell an organisation already runs, not beside it.

Annex A is the operative artefact. The standard contains a normative Annex A reference set of AI-management-system controls covering policies on AI use, internal organisation of AI activity, resources for AI systems, impact assessments, AI system lifecycle management, data management, information for interested parties, AI system use, and third-party relationships. Annex B provides implementation guidance for each Annex A control. The AICD/HTI eight elements of board-level AI governance map onto the Annex A control families almost cleanly, producing a single traceable spine: eight elements → AS ISO/IEC 42001 Annex A controls → engineered controls demonstrating each.