Compliance with the European Union's Artificial Intelligence Act. ISO 42001

Artificial intelligence (AI) is already a commonly used tool across multiple sectors, and it’s transforming industries like healthcare, finance, and retail, all of which will become increasingly reliant on it.

On July 12, the European Union published the EU Artificial Intelligence Act in the Official Journal of the European Union, marking the first AI regulation of its kind globally. The Act provides a two-year period for compliance with most of its provisions.

This act applies to providers, importers, and distributors of AI systems within the EU and also to providers outside the EU if their systems are used within the EU.

It focuses on managing the inherent risks associated with this technology, with possible penalties reaching up to 35 million euros or 7% of global annual revenue. Managing these risks effectively is critical to keep them at acceptable levels. So, how do we approach this?

The most reliable way to ensure that AI systems are ethical and compliant with the EU act is to implement an AI Management System based on ISO 42001: “Artificial intelligence Management Systems — Requirements and Guidance for Use”. This certifiable standard helps organizations manage AI effectively and, like all ISO standards, supports ongoing improvement.

ISO 42001 also emphasizes risk management, ethics, accountability, and transparency, providing a strong foundation for complying with the Act, though some minor adjustments may be required for full compliance.

Additionally, ISO’s harmonized structure (with its first 10 domains similar across standards) allows us to combine it with standards like ISO 27001 in a single, Integrated Management System, ensuring security as well.

By implementing an Integrated Information Security and AI Management System (ISAMS), we can create policies and procedures that address both information security and ethical and responsible AI use. This integrated approach allows for unified risk management, reducing the need for separate resources and enabling leadership to view and address these risks holistically.

Through an ISAMS, we ensure continuous improvement, which is the cornerstone of ISO standards, enhancing stakeholder trust and gaining a competitive advantage.

By opting for an ISAMS, organizations can set consistent policies that cover both security and ethical aspects of AI, optimizing resources and building stronger trust with clients and stakeholders.

Effectively integrating standards like ISO 27001 and ISO 42001 not only protects organizations from emerging threats but also ensures the ethical and responsible development of advanced technologies.