1. Home
  2. News Releases
  3. Back Issues
  4. January FY2024
  5. New International Standard for AI Management Systems Published

New International Standard for AI Management Systems Published

For developing and enabling safe and secure AI systems (ISO/IEC 42001)

January 15, 2024

In the rapid dissemination of products and services utilizing artificial intelligence (AI), as AI systems, it is necessary for organizations to appropriately develop, provide, or use AI systems through a risk-based approach and other methods for their safe and secure utilization.

Referencing the newly published international standard for AI management systems will allow organizations to establish highly reliable management systems, including requirements for avoiding AI-related risks and responses to the risks that are raised, and is expected to contribute to the dissemination and expansion of safer and more secure AI systems.

1. Background

In recent years, a rapidly increasing number of organizations has actively been developing AI, and this technology has rapidly been becoming very popular as AI systems are used in a variety of scenes in people’s everyday lives. However, in promoting the dissemination of AI systems, it is necessary for organizations to appropriately develop, provide, or use AI systems as a safe and secure system, and, accordingly, a growing number of organizations has been needing management systems that serve as a foundation of safe and secure AI systems.

The SC42, which is a subcommittee for AI under the Joint Technical Committee (JTC 1), a joint committee of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), discussed this issue and started to develop an international standard for AI management systems. As a result, on December 18, 2023, it published a new international standard that specifies the requirements for “AI management system (ISO/IEC 42001).” Many experts from Japan participated and contributed to it as they made important proposals and lead the discussion.

2. Outline of the international standard

The standard targets organizations that develop, provide, or use AI systems and stipulates requirements based on a risk-based approach that such organizations should observe in establishing a risk management system that is necessary for the organizations to appropriately utilize (develop, provide, or use) AI systems. Also, the standard requires organizations to identify and reduce such risks to help them to utilize AI systems with the properties of authenticity, accountability, and reliability and to consider fairness and individual privacy involving AI. Moreover, the standard is significant in taking into account learning data and machine learning, which are unique to AI systems.

As for the establishment of management systems, the standard adopts the same approach as used for the existing management systems such as ISO 9001 for quality management systems (QMS) and ISO/IEC 27001 for information security management systems (ISMS). The AI management systems is designed by specifying requirements using the same structure as these management systems have taking into account the user friendliness.

Figure: Structure of an AI management system

3. Expected effects

This standard is expected to help organizations that develop, provide, or use AI systems to establish an AI management system based on international standards and to develop, provide, or use AI systems that are safe and secure more than ever before. It is also expected to encourage common understanding among stakeholders of AI systems, thereby facilitating international transactions of AI systems.


ISO/IEC 42001 Information technology — Artificial intelligence — Management system

ISO/IEC JTC1/SC42, established in 2017, is developing many standards for AI including the newly-published standard ISO/IEC 42001. A list of the standards published and under development is available on this website.

  1. On December 20, 2023, “ISO/IEC 5338 Information technology — Artificial intelligence — AI system life cycle processes” was published. This standard stipulates the AI system life cycle processes that are defined by inductive learning using teaching data and are based on the characteristics in which the entire data change over time. Japan also contributed to the development of this standard.
  2. ISO/IEC 42006 Information technology — Artificial intelligence — Requirements for bodies providing audit and certification of artificial intelligence management systems” is now under development for the certification of AI management systems.

A Japanese Industrial Standard titled “JIS X22989” has also been established based on ISO/IEC 22989, for the concept of and terminology for AI.

Division in Charge

International Electrotechnology Standardization Division, Industrial Science, Technology and Environment Policy Bureau