ISO 42001 vs ISO 27001 — what is new for AI

ISO 27001 is an information security management system standard. It governs information assets: how confidentiality, integrity, and availability are protected. ISO 42001 is an AI management system standard. It governs AI systems: how they are assessed, deployed, monitored, and decommissioned in a way that manages AI-specific risk.

The two standards are not mutually exclusive. A single management system can be scoped to cover both, using an integrated policy framework and shared governance processes where appropriate. Many certification bodies audit both in combined programmes. The ISO guidance documents on both standards explicitly contemplate this integration.

ISO 27001 provides the ISMS foundation. For an organisation using AI, the following ISO 27001 controls already address aspects of AI system security — though not AI-specific risk:

• Access control (Annex A.5.15–5.18). User access management, privileged access, and access rights review. In AI contexts, these controls apply to model API access, training data repositories, and inference infrastructure.
• Asset management (A.5.9–5.14). Asset inventory and ownership. AI models, training datasets, and vector stores are information assets within the scope of this control.
• Supplier relationships (A.5.19–5.22). Supplier security requirements and third-party service agreements. Model providers and AI platform vendors fall within this scope.
• Incident management (A.5.24–5.28). Incident response and communication. AI-related incidents — model misbehaviour, prompt injection attacks, data leakage — are incidents within the ISMS.
• Cryptography (A.8.24). Key management. Relevant to the security of model weights, API credentials, and training data encryption.

The coverage is real, but partial. ISO 27001 treats AI systems as information assets — it protects them from security threats. It does not assess the risks that the AI system itself creates through its outputs, its autonomy, or its societal impact.

ISO 42001 adds a governance layer specifically for AI system risk. The most significant additions are:

• AI-specific risk categories. ISO 42001 requires risk assessment to cover categories that have no parallel in ISO 27001: bias and fairness, transparency and explainability, safety (including physical safety for autonomous systems), societal impact, and human oversight adequacy.
• AI system lifecycle management. Clause 8 of ISO 42001 covers the complete AI lifecycle: requirements and design, data governance, training, validation, deployment, operation, and decommissioning. ISO 27001 has no equivalent lifecycle management requirement.
• Impact assessment.ISO 42001 Annex A.6 requires an AI impact assessment — similar to a DPIA but broader — covering the AI system's potential effects on individuals and society.
• Human oversight. Annex A.9 requires the organisation to define and maintain mechanisms for human oversight of AI systems, including the ability to intervene, override, or decommission a system.
• Transparency to AI subjects. Annex A.7 requires proactive communication to the people affected by AI decisions — not just internal disclosure within the ISMS.

Three ISO 42001 requirements have no meaningful parallel in ISO 27001 and require net-new work regardless of how mature the ISMS is.

The first is the AI impact assessment (Annex A.6.2). This is a structured analysis of the potential harm an AI system could cause to individuals, groups, or society — including indirect or aggregate effects. ISO 27001 risk assessment focuses on harm to the organisation's information assets; ISO 42001's impact assessment focuses on harm caused by the organisation's AI.

The second is the human oversight requirement (Annex A.9). This requires the organisation to define — for each AI system in scope — the conditions under which a human must be in the decision loop, what powers the human has over the system, and what triggers an override or shutdown. This is an operational design requirement, not a paperwork exercise.

Organisations that have strong ISO 27001 programmes often assume that ISO 42001 is primarily an administrative extension. The human oversight and impact assessment requirements are where that assumption breaks down — they require decisions about how the AI system operates, not just how it is documented.

The third is the responsible disclosure requirement (Annex A.10). ISO 42001 requires the organisation to have a process for disclosing AI-related incidents and risks to relevant stakeholders — including AI subjects — in a way that ISO 27001's incident communication procedures do not currently cover. The notification triggers, the audience, and the content of disclosure are all AI-specific.

Several ISO 27001 controls map to ISO 42001 Annex A controls and can be extended rather than rebuilt. The most useful extensions are in risk management, supplier management, and incident response.

Risk management: the ISO 27001 risk assessment process can be extended to include AI-specific risk categories. The methodology — asset identification, threat enumeration, likelihood and impact rating — is compatible. The ISO 42001 risk register adds AI-specific fields (bias rating, explainability assessment, oversight mechanism) to the existing risk register structure.

Supplier management: the ISO 27001 supplier security requirements can be extended to cover AI-specific provisions: model update notification obligations, training data provenance documentation, and incident notification timelines for AI-related events.

Incident response: the ISO 27001 incident management procedure can be extended to add an AI incident classification (model misbehaviour, adversarial attack, data poisoning, output harm) and AI-specific response steps (model rollback, inference suspension, notification to AI subjects).

The most efficient integration approach for an organisation with an existing ISO 27001 programme is to extend the ISMS scope and governance documents rather than build a separate AIMS from scratch. This means:

• Extending the ISMS scope statement to include AI management and referencing the ISO 42001 standard alongside ISO 27001.
• Adding an AI annex to the existing information security policy that covers the ISO 42001-specific requirements: AI lifecycle management, human oversight, and impact assessment.
• Extending the risk assessment process to include AI-specific categories, without replacing the existing methodology.
• Adding ISO 42001 Annex A controls to the Statement of Applicability alongside the ISO 27001 Annex A controls.
• Extending the internal audit programme to include ISO 42001 clauses and the evidence types that AI management requires.

For organisations that already hold ISO 27001 certification, the path to ISO 42001 is typically a 12–18 month programme. The first six months are used to inventory AI systems, conduct AI-specific risk assessments, and produce the net-new documents (impact assessments, human oversight definitions, AI policy annex). The second six months are used to operate the extended management system, collect evidence of operation, and conduct an internal audit of the AI management clauses before engaging the certification body.

The ISO 42001 AI governance toolkit provides the templates, readiness tracker, and evidence map that support this extension programme.