ISO/IEC 22989:2022 (AI Concepts and Terminology) what makes an AI-system claim survive audit

Why it matters for NETEVO

ISO/IEC 22989:2022 is the terminology bedrock underpinning the entire ISO/IEC AI management-system family. It defines 117 numbered terms across seven groups — AI generally, data, machine learning, neural networks, trustworthiness, natural-language processing, and computer vision — and supplies the canonical AI lifecycle phases in Annex A, mapped to the OECD definition. Without 22989 the conformity argument for ISO/IEC 42001 hangs on an undefined term.

Audit defensibility. ISO/IEC 42001 Clause 2 normatively imports the definition of "AI system" from 22989. Any document that asserts conformity with 42001 therefore inherits the 22989 definition wherever the phrase appears, and the definition is traceable to a specific clause rather than to vernacular usage. That clause-level anchoring is what allows an AI-system claim to survive an audit-grade challenge rather than rest on the loose everyday sense of the term.

A single vocabulary spine. The same terminology bedrock runs beneath the wider family — ISO/IEC 42001 (the management system), ISO/IEC 42005 (impact assessment) and ISO/IEC 23894 (risk management) — giving the AI governance stack a single vocabulary spine, a structural prerequisite for the integration thesis NETEVO's Law-to-Code Methodology operationalises.

OECD lifecycle mapping. Annex A supplies the canonical AI lifecycle phases. The seven phases align cleanly with the impact-assessment workflow in ISO/IEC 42005 and the risk-management process in ISO/IEC 23894, producing a single lifecycle frame across impact assessment, risk treatment, and management-system conformity.