Support
EN SV
ISO/IEC 42001 NEW 2023

Your employees are already using AI Do you have governance?

ChatGPT, Copilot, image generation - AI tools spread quickly in organizations. Without governance you risk data leaks, ethical missteps and regulatory violations. ISO 42001 provides the framework. AmpliFlow makes it practical.

Book a demo See how it works

AmpliFlow participated in ISO's working group for ISO/IEC 42001.

Challenges

AI chaos or AI governance?

Without control over AI usage, risks grow quickly.

Shadow AI everywhere

Employees use ChatGPT, Copilot and other AI tools without anyone knowing. Company data is fed into unknown systems.

No AI policy

No guidelines for how AI may be used. Every department does their own thing. Inconsistent and risky.

Unknown risks

Which AI systems are in use? What data is being input? Which decisions are affected? No one has oversight.

EU AI Act is coming

New EU legislation with significant fines is coming into force. Are you prepared? Can you demonstrate compliance?

Ethical questions

AI can amplify bias, make unfair decisions and damage reputation. Who takes responsibility?

The Solution

AI governance with tools you already have

AmpliFlow has no dedicated AI features - but our management system is perfect for AI governance. The same tools used for ISO 27001 and quality management work for ISO 42001.

Risk analysis for AI

Use ORA to identify and assess AI risks. The same proven methodology as for information security.

Legislation monitoring for EU AI Act

Add EU AI Act to the legislation registry. Set target dates for when you need adaptations complete.

Process maps for AI-affected processes

Document which processes use AI and how. Link AI tools to process steps.

AI policies via Pages

Create AI policies in the built-in text editor (wiki). Organize in folders and share with employees.

Stakeholder analysis with ISO 42001 linkage

Map stakeholders affected by your AI usage and their requirements.

Action management for AI initiatives

Track and follow up AI-related improvement actions with owners and deadlines.

See how it works
Book a demo
AI Principles

Responsible AI in practice

ISO 42001 is built on principles for responsible AI. AmpliFlow helps you translate principles into concrete actions.

Transparency

Explain how AI systems work and make decisions

Fairness

Avoid bias and ensure equal treatment

Accountability

Clear ownership and responsibility for AI decisions

Safety

Protect against misuse and unintended harm

EU AI Act

Prepare for the EU AI Regulation

The EU AI Act is the world's first comprehensive AI legislation. ISO 42001 helps you meet the requirements.

Risk classification

Classify your AI systems according to EU risk levels: unacceptable, high, limited or minimal risk.

Documentation requirements

Meet requirements for technical documentation, user instructions and quality management.

Compliance evidence

Show supervisory authorities that you're in control. ISO 42001 certification provides credible evidence.

Timeline

The EU AI Act comes into force gradually from 2024. Prohibition rules first, then requirements for high-risk systems. Start preparations now.

Classify your AI system

Answer three questions about your AI system and see which risk level it falls under according to the EU AI Act.

Question 1 of 3

What is the AI system used for?
AI Risk Management

From AI system to safe use

ISO 42001 requires risk-based thinking for AI. AmpliFlow makes it concrete.

Inventory Which AI systems?
Classify What risk level?
Assess What risks?
Treat What actions?
Monitor Is it working?
Learn more about risk management
Implementation Journey

From start to AI governance

A realistic timeline for ISO 42001 implementation. Duration varies based on organization size and AI maturity.

1

AI inventory

1-2 w

Map all AI systems and use cases in the organization

2

Gap analysis

1-2 w

Compare current governance against ISO 42001 requirements

3

Risk assessment

2-3 w

Assess risks for each AI system according to EU AI Act risk levels

4

Policy & processes

4-8 w

Develop AI policy, guidelines and governance documents

5

Implementation

4-12 w

Deploy controls, train staff and begin applying

6

Internal audit

1-2 w

Review AIMS effectiveness and address findings

Benefits

Why ISO 42001?

Advantage in the AI era.

Win contracts

More and more tenders require demonstrated AI governance. Certification opens doors.

EU AI Act compliance

Prepare for EU AI legislation. ISO 42001 provides the structure.

Responsible AI use

Minimize risks of bias, privacy violations and incorrect decisions.

Competitive advantage

Show customers and partners you take AI ethics seriously.

Reduced risk

Structured AI governance reduces the risk of incidents and regulatory violations.

First-mover advantage

Be early. ISO 42001 is new - get certified before competitors.

Who needs this?

ISO 42001 is not just for AI companies

All organizations that use AI tools need AI governance. It's not about developing AI - it's about using AI responsibly.

Companies where employees use ChatGPT or Copilot
Organizations using AI in customer contact or decision support
Companies buying AI services from vendors
Public sector with requirements for transparency and legal certainty
Companies with customers who demand AI ethics
Organizations wanting to be prepared for the EU AI Act

Developing your own AI? Then ISO 42001 is even more important - but the standard is designed for everyone who uses AI, not just those who build it.

Related Areas

AI governance connects to other areas

ISO 42001 integrates naturally with other parts of the management system. AmpliFlow connects everything.

Risk Management

The foundation of AI governance. Identify and manage AI risks.

Legislation Monitoring

Keep track of EU AI Act and other AI legislation.

Documentation via Pages

AI policies and guidelines collected and accessible.

Competence Management

Ensure AI competence in the organization.

Information Security

Protect data used in AI systems.

Checklists for audits

Review your AI governance regularly with checklists.
FAQ

Questions about ISO 42001

Answers without AI jargon.

What is an AI Management System (AIMS)?

AIMS is a management system specifically for AI use. It defines how the organization governs, monitors and improves its AI use. Just like an ISMS for information security or QMS for quality.

Do we need ISO 42001 if we don't develop our own AI?

Yes, if you use AI tools like ChatGPT, Copilot or AI-based services. ISO 42001 is about responsible use of AI - not just development. All organizations where employees use AI tools benefit from the standard.

How does ISO 42001 relate to the EU AI Act?

The EU AI Act is legislation with requirements and sanctions. ISO 42001 is a voluntary standard that helps you meet legal requirements. Implementing ISO 42001 is one way to demonstrate EU AI Act compliance.

Can we use the same tools as for ISO 27001?

Yes, absolutely. AmpliFlow supports both ISO 27001 and ISO 42001 with the same tools β€” risk analysis, documentation via Pages, action management and checklists. You don't need new systems.

How long does implementation take?

Typically 3-6 months for a medium-sized organization. It depends on how many AI systems you have, how mature your current governance is and whether you already have other ISO certifications.

Do we need to get certified?

No, certification is voluntary. You can implement ISO 42001 without external audit. But certification provides credible evidence for customers, partners and supervisory authorities.

More questions?

We're happy to help you get started with ISO 42001.

Contact us
Contact

Ready for responsible AI?

Book a demo and we'll show you how AmpliFlow can help with AI governance. No sales pitch - just practical answers.