ISO 42001 Certification

The international standard for organisations developing, deploying, or using AI systems.

Show customers, investors, and regulators that your AI is managed responsibly and transparently.

Get a Quote

Get a Quote
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Trusted by

What is ISO 42001 Certification?

ISO 42001 certification is the international standard for artificial intelligence management systems, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a structured framework for governing AI, managing risks, and ensuring AI is developed and used responsibly.

Achieving ISO 42001 certification demonstrates that your organisation has clear controls and oversight in place for AI systems.

To become certified, your management system must be audited by a trusted certification body such as Tempo Audits, a specialist partner for technology and AI companies.

Reviews

Trusted by fast-moving tech teams across the world who value a more human audit experience.

Tempo were super easy to work with and really understood our startup context — collaborating directly with us via our AI-ISMS in Notion and Slack, and accommodating our rescheduling request.
Sara, Strategy & Ops @ Bright Network
To my pleasant surprise, the audit turned out to be an enjoyable experience - quite different from what one typically expects. The Tempo team deserves much credit for this.
Maxime, CEO @ Pixel Labs
The Tempo team moved really fast to help us meet our timeframes — it’s rare to have an audit firm move at the speed of a start-up.
Ellie, COO @ Everblue Technology
Tempo lives up to its name. No other company we contacted was faster or more straightforward during the process.
Lukas, CEO @ Noreja Intelligence

Who needs 
ISO 42001?

Companies building AI systems

If your organisation develops AI models, machine learning systems, or AI-powered products, ISO 42001 helps ensure that AI risks are identified, managed, and governed throughout the development lifecycle.

Companies embedding AI in their products

Technology and SaaS companies that use AI tools or models from providers such as OpenAI, Anthropic, or Google need clear oversight and controls to manage how AI is integrated into their products.

Companies using AI in high-risk decisions

Organisations using AI to support decisions in areas such as hiring, lending, healthcare, or insurance face increasing regulatory scrutiny and need robust processes to manage risk and maintain trust.


Companies with enterprise or regulated customers

If you sell to large businesses or regulated industries, you may be asked to show how AI is managed, monitored, and controlled within your organisation.

Companies operating under the EU AI Act

If your organisation develops or sells AI-powered products to customers in the EU, you may be affected by the EU AI Act. ISO 42001 helps establish the governance, controls, and risk management processes needed to manage AI responsibly.

How much does ISO 42001 cost?

The cost of ISO 42001 certification depends on the size and scope of your organisation. This includes whether you develop AI systems, provide AI-powered products or services, use AI internally, or perform a combination of these activities.

The number of employees within the organisation will also influence certification costs. If you already hold certifications such as ISO 27001, parts of the process may be streamlined, helping to reduce duplication.

With Tempo Audits, you can expect:

  • Fixed-fee certification quotes.
  • Complete transparency on audit costs.
  • No hidden fees or unexpected surprises.

ISO 42001 Pricing

Our ISO 42001 audit pricing is based on the number of people involved in your AI lifecycle, alongside your AIMS role, scope, complexity and risk profile.

The table below gives indicative ISO 42001 audit pricing for common AI management system roles, including audit planning, audit delivery and report writing.

People involved
in the AI lifecycle
AI producer AI provider AI user Multiple
AI roles
1–10£5,000£3,500£3,500£6,500
11–15£6,000£4,000£4,000£8,000
16–25£7,000£4,500£4,500£9,500
26–45£8,500£6,000£6,000£11,500
46–65£10,000£7,000£7,000£13,000
66–85£11,000£7,500£7,500£15,000
86–125£12,000£8,000£8,000£16,000
126–175£13,000£9,000£9,000£17,500
176–275£14,000£9,500£9,500£19,000
276–425£15,000£10,000£10,000£20,000

These figures are indicative. Final ISO 42001 certification costs may vary depending on certification scope, AI system complexity, number of sites, risk profile and whether your organisation acts as an AI producer, AI provider, AI user or has multiple AIMS roles.

Why get ISO 42001 certified?

Win enterprise contracts

Large organisations are increasingly asking suppliers how AI is managed before they sign contracts. ISO 42001 helps you answer those questions with confidence and can make procurement conversations much easier.

Demonstrate responsible AI use

Customers, investors, and regulators want to know that AI is being used responsibly. ISO 42001 provides an independent way to show that you have the right governance and controls in place.

Get ahead of incoming UK and EU regulation

AI regulation is developing quickly across the UK and Europe. By implementing ISO 42001 now, you can build the foundations needed to adapt as new requirements emerge.


Protect against AI-related liability

When AI systems produce unexpected results, organisations need clear processes for managing risks and responding effectively. ISO 42001 helps put those safeguards in place before issues arise.

Integrate with your existing ISO 27001 ISMS

If you already have ISO 27001, much of the governance structure is likely to be familiar. ISO 42001 can build on that foundation, helping you extend existing processes to cover AI.

ISO 42001 vs ISO 27001

Many technology companies already hold ISO 27001 certification and want to know whether they also need ISO 42001. The simple answer is that the two standards cover different areas.

ISO 27001 helps you protect information and data, while ISO 42001 helps you manage the risks and responsibilities that come with using artificial intelligence.

If your organisation is developing, selling, or using AI, ISO 42001 builds on the foundations already established through ISO 27001.

AreaISO 42001ISO 27001
FocusGovernance and management of AI systemsSecurity of information and data
PurposeHelps organisations manage AI risks, oversight, accountability, and responsible useHelps organisations protect information through security controls and risk management
Best forBusinesses that develop, provide, or use AIAny organisation that handles sensitive information
Risk coverageAddresses the unique challenges and risks associated with AICovers information security threats such as data breaches and cyber attacks

Why Tempo Audits?

Auditors Who Understand Technology and AI

Our auditors have experience working with technology businesses and understand the realities of modern software development, cloud environments, and AI systems.


Fast Starts and Efficient Audits

We do not make clients wait months for an audit. We can typically start within days and deliver a streamlined certification process that fits around the way technology companies operate.


No Compliance Theatre

Our audits are practical, proportionate, and focused on helping you meet the requirements of the standard without wasting time on paperwork for its own sake.


Plain-English Communication

We communicate clearly throughout the audit and provide straightforward guidance that is easy for technical and non-technical teams to understand.

Resources

01

Build Your AI Management System

The first step is to build an AI Management System (AIMS) that meets the requirements of ISO 42001.

For impartiality reasons, Tempo Audits cannot support implementation, but we're happy to recommend trusted consultants and platforms. Book a call with us and we'll point you in the right direction.

02

Application and Planning

Once you're ready, share some details about your organisation and AI activities. We'll define the scope of certification, provide a fixed-fee proposal, and agree an audit plan.

Unlike many certification bodies, we can often start the process within days rather than months.

03

Stage 1 Audit

The Stage 1 audit focuses on your documentation and readiness for certification. Your auditor will review your AI Management System and identify any gaps that need to be addressed before Stage 2.

We provide clear feedback quickly, helping you keep the certification process moving.

04

Stage 2 Audit

During Stage 2, we assess how your AI Management System operates in practice. We'll review evidence, speak with relevant teams, and verify that your organisation meets the requirements of ISO 42001.

If any issues are identified, we'll explain them clearly and work with you to close them efficiently.

05

Certification

Once any findings have been addressed, we'll complete our review and issue your ISO 42001 certificate. In most cases, certification can be issued shortly after the Stage 2 audit is complete, allowing you to share your achievement with customers, prospects, and stakeholders.

06

Annual Audits and Recertification

ISO 42001 certification is maintained through annual surveillance audits and a recertification audit every three years. These reviews help ensure your AI Management System continues to operate effectively as your organisation grows, your technology evolves, and regulatory expectations change.

Our ISO 42001 Certification Process

Book a call

No lengthy forms or sales pitches. Just a conversation about your organisation, your AI activities, and what it would take to achieve ISO 42001 certification.

If you'd prefer to get started straight away, request a quote and we'll put together a fixed-fee proposal tailored to your requirements.

Auditors Who Actually Understand AI Systems

When you're being audited against an AI standard, you should expect auditors who understand AI. Our team combines certification expertise with real-world experience in technology, software, information security, and AI governance.

That technical background allows us to deliver audits that are relevant, practical, and focused on how AI operates within your organisation, rather than treating it as a theoretical compliance exercise.

Resources

No items found.

Resources

FAQs

ISO 42001 can feel complicated at first. Here are the answers to the questions we hear most from growing teams.

The best ISO 42001 auditors combine certification expertise with a strong understanding of technology and AI. Tempo Audits specialises in working with software, SaaS, and AI companies, with auditors who understand modern technology environments and AI governance.

As a UKAS-accredited certification body for ISO 27001 and currently progressing through UKAS accreditation for ISO 42001, Tempo Audits delivers practical, remote-first audits designed for fast-moving technology businesses.

The preparation stage can take a few months for most organisations. Once the audit process begins, clients typically receive their ISO 42001 certificate within one month of starting the Stage 1 audit. This usually includes a 2 to 3 week gap before Stage 2, followed by a further 3 to 7 days for the certificate and audit report to be issued, assuming everything is in order.

The cost of ISO 42001 certification depends on the size and scope of your organisation. Factors such as the number of employees, the complexity of your AI activities, and whether you already have management systems such as ISO 27001 in place can all affect the audit time and cost required.

At Tempo Audits, we provide fixed-fee quotations with clear pricing and no hidden costs.

ISO 42001 is still a relatively new standard, having been published in 2023. As a result, many organisations are only beginning to explore AI governance, and the number of certification bodies offering ISO 42001 certification remains limited.

That is changing quickly. As AI becomes more widely adopted and customers, investors, and regulators ask more questions about how it is managed, ISO 42001 is becoming an increasingly valuable way to build trust and stand out from competitors.

If you develop, provide, or rely on AI systems, ISO 42001 addresses risks and responsibilities that are not covered by ISO 27001 alone. The good news is that organisations with an established ISO 27001 management system can often build on existing processes, making the path to ISO 42001 certification more straightforward.

To achieve ISO 42001 certification, organisations need to establish an AI Management System that governs how artificial intelligence is developed, deployed, or used. This typically includes an AI policy, risk assessments, defined roles and responsibilities, impact assessments, and controls for managing AI-related risks.

The exact requirements will depend on how your organisation uses AI and the scope of certification.

Yes. At Tempo Audits, ISO 42001 audits are delivered remotely using secure video calls and document-sharing tools. Before the audit, we'll agree on a schedule and explain what information needs to be prepared. Throughout the process, you'll meet with your auditor, review evidence, and discuss findings just as you would during an on-site audit.

Remote delivery does not reduce audit quality, but it does make the process faster, more flexible, and easier for modern technology businesses.

As organisations become more reliant on artificial intelligence, expectations around AI governance are increasing. Regulations such as the EU AI Act, along with growing scrutiny from customers and investors, are placing greater emphasis on how AI is managed and controlled. ISO 42001 provides a recognised framework for addressing these challenges.

Yes. Internal audits are a requirement of ISO 42001 and help organisations assess whether their AI Management System is operating effectively. In practice, this involves reviewing processes, controls, and evidence to identify any gaps before an external certification audit.

If you're implementing ISO 42001 yourself, Tempo Audits can introduce you to trusted internal auditors, although we cannot perform internal audits ourselves.

ISO 42001 is specifically designed for organisations that develop, provide, or use artificial intelligence. It helps ensure AI is managed responsibly, with clear processes for oversight, accountability, and risk management. ISO 9001, on the other hand, focuses on improving the overall quality of products, services, and business processes.

Preparation typically starts with understanding how AI is used within your organisation and defining the scope of your AI Management System. From there, you'll need to identify risks, assign responsibilities, document processes, and carry out internal reviews before certification.