May 2026. Generative AI and decision support sit in HR, support, engineering and finance. The EU AI Act makes risk classification and governance mandatory for many use cases; ISO 42001 provides an AI management system.
What boards ask now
- Which AI systems do we run (in-house and SaaS)?
- What risk tier applies per system?
- Who approves new use cases before production?
- How do we handle privacy, bias and incidents?
ISO 42001 without a parallel universe
Connect AI governance to your existing ISMS and GDPR alignment where needed. One risk register, one action list, one management review — with AI as an explicit category.
More on the standard: ISO 42001 certification.