§9 · Lane 4 — ISO/IEC AI Management System Family
ISO/IEC 42001:2023 (AI Management System)
ISO/IEC (2023) · ISO/IEC 42001
Bibliographic data
- Title
- ISO/IEC 42001:2023 — Information technology — Artificial intelligence — Management system (ISO/IEC international, English edition)
- Authors / Issuing body
- ISO/IEC (International Organization for Standardization and International Electrotechnical Commission)
- Venue / Publisher
- ISO/IEC (International Organization for Standardization and International Electrotechnical Commission)
- Year
- 2023
- Designation
- Standard
- Licence
- Stable URL — refer to publisher for full licence terms.
- Canonical link
- https://www.iso.org/standard/81230.html
How to cite
ISO/IEC (2023). ISO/IEC 42001:2023 — Information technology — Artificial intelligence — Management system (ISO/IEC international, English edition). ISO/IEC (International Organization for Standardization and International Electrotechnical Commission). https://www.iso.org/standard/81230.html.
The international ISO/IEC normative standard for AI Management Systems. Specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system, with normative Annex A control reference and informative Annexes B–D. The substantive source for the catalogue's AI management-system content; the AU adoption in §7 is the citation reference for AU-context use.
Why it matters for NETEVO
This entry is the international edition of the normative standard NETEVO's Law-to-Code Methodology delivers AI-specific obligations against. It carries the same load-bearing role as the AU adoption catalogued separately, with the citation pairing chosen to match the audience: cite the AS designation for AU-context board and procurement work, and cite ISO/IEC 42001:2023 for international audiences and cross-jurisdiction comparison. The two are the same substantive content; the choice signals reader, not substance.
Stable clause and control anchoring. Annex A controls and management-system clauses are referenced by ID — for example, 6.1.3 for the Statement of Applicability and A.5.2 for the AI system impact assessment — and those IDs are stable across editions. Drafters cite Annex A controls by control ID, not by paragraph or page, and engineered evidence threads back to the same anchors. The substrate preserves that reference discipline so audit work has a single stable address space.
Reusable management-system infrastructure. Clause 6.1.3's Statement of Applicability is identical in shape to the equivalent clause in ISO/IEC 27001:2022. Build the SoA infrastructure — schema, review workflow, evidence linkage — once, and reuse across both AI and information-security management systems. The Harmonized Structure shared by Clauses 4 to 10 across every ISO management-system standard means the ISO/IEC 42001 / ISO/IEC 27001 / ISO 9001 integration is a delta exercise rather than a parallel-stack one.
One impact assessment, five regulatory hooks. Clause 6.1.4 and Annex A.5 deliver an AI system impact assessment that simultaneously satisfies 42001 conformity, EU AI Act Article 27 FRIA for high-risk systems, Privacy Act 1988 PIA where personal information is involved, the OAIC AI ethics guidance, and the NSW AI Assessment Framework. One template, five hooks — load-bearing for the forthcoming AI-Washing Audit whitepaper and the next revision of AI Governance in ANZ (working title).
Where NETEVO applies this
- AI Governance in ANZ Whitepaper — central international standard citation