Accredited ISO/IEC 42001:2023 certification issued by TNV Global Limited (India) under United Accreditation Foundation (UAF) accreditation, with local representation in Doha by Guardian Middle East LLC.
Demonstrate your organisation’s commitment to responsible AI governance — establishing systematic management of artificial intelligence systems across the AI lifecycle. Aligned with EU AI Act (effective 2025), Qatar Vision 2030 digital transformation priorities, and emerging global AI governance frameworks.
The World’s First AI Management System Standard. ISO/IEC 42001:2023 was published in December 2023 by ISO/IEC JTC 1/SC 42 (Artificial Intelligence) — the first international standard specifically designed for AI management systems (AIMS). As a brand-new standard, ISO/IEC 42001:2023 is in the early adoption phase with no successor in development.
ISO/IEC 42001:2023 is the international standard for Artificial Intelligence Management Systems (AIMS). It specifies requirements for an organisation to establish, implement, maintain, and continually improve an AI management system — a coordinated set of policies, processes, and controls to govern the responsible development, provision, or use of AI systems.
ISO/IEC 42001:2023 was developed by ISO/IEC JTC 1/SC 42 (Artificial Intelligence) and published in December 2023 — the world’s first AI management system standard, built from the ground up to address AI’s unique challenges including algorithmic bias, explainability, continuous learning, and ethical deployment.
ISO/IEC 42000 family overview (developing):
Key concepts of ISO/IEC 42001:2023:
Qatar’s accelerating digital transformation under Vision 2030 — combined with global AI regulatory developments and rising AI deployment across financial services, healthcare, government, and energy sectors — makes systematic AI governance increasingly strategic. ISO/IEC 42001 provides the international framework most relevant to Qatar organisations developing, deploying, or using AI systems.
Qatar Digital Government, Tasmu Smart Qatar, and broader AI adoption initiatives drive substantial AI deployment across public and private sectors. ISO/IEC 42001 provides credible governance evidence for organisations developing or deploying AI in Qatar’s digital transformation.
EU AI Act (in force 2025) creates substantial compliance obligations for AI systems supplied to or used in EU markets. China’s AI regulations, US AI executive orders, and emerging Middle East AI frameworks (UAE National AI Strategy, Saudi AI Strategy) reference international AI standards. ISO/IEC 42001 supports compliance evidence.
Qatar Central Bank (QCB) regulatory expectations for AI deployment in banking, QFC operational frameworks, and broader financial sector AI adoption (algorithmic trading, credit scoring, fraud detection) increasingly reference systematic AI governance.
Hamad Medical Corporation, Sidra Medicine, and emerging digital health providers deploy AI for clinical decision support, medical imaging, and patient pathway optimisation. AI-related patient safety concerns drive demand for systematic AI governance — particularly for AI-enabled medical devices (interfacing with ISO 13485 and IEC 62304 SaMD).
Major customers and investors increasingly expect AI governance evidence. ISO/IEC 42001 certification provides credible evidence of responsible AI commitment, supporting commercial and investment positioning.
ISO/IEC 42001:2023 follows the Harmonised Structure (Clauses 4-10) with AI-specific requirements throughout, supplemented by Annex A controls:
Clause | Title | Key Requirements |
4 | Context of the Organisation | Internal/external issues · Stakeholder needs · AIMS scope · AI roles (developer, provider, user) |
5 | Leadership | Top management commitment · AI policy · Roles, responsibilities, authorities · AI governance committee |
6 | Planning | AI risk assessment · AI risk treatment · AI impact assessment · AIMS objectives · Statement of Applicability |
7 | Support | Resources · Competence (AI-specific) · Awareness · Communication · Documented information |
8 | Operation | Operational planning and control · AI risk treatment implementation · AI system impact assessment · AI lifecycle controls |
9 | Performance Evaluation | Monitoring, measurement, analysis · Internal audit · Management review |
10 | Improvement | Nonconformity and corrective action · Continual improvement |
Distinctive ISO/IEC 42001 requirements: AI impact assessment (Clause 6.1.4 and A.5) is unique — systematic evaluation of AI system societal, ethical, and legal impacts. AI lifecycle controls (A.6) cover the full AI system lifecycle. Data governance (A.7) addresses AI-specific data quality and bias considerations.
ISO/IEC 42001:2023 applies to organisations developing, providing, or using AI systems:
ISO/IEC 42001 increasingly relevant for organisations across all sectors — AI deployment is becoming pervasive.
Sector | ISO/IEC 42001 Relevance |
Banking & Financial Services | Critical for QCB-regulated banks deploying AI for fraud detection, credit scoring, algorithmic trading, KYC automation. QFC firms with AI-enabled services. |
Government & Public Services | Important for Qatar Digital Government, Tasmu Smart Qatar, ministry-level AI deployments in citizen services, regulatory operations. |
Healthcare AI & Digital Health | Strong fit for HMC, Sidra, digital health providers deploying clinical decision support, medical imaging AI. Interfaces with ISO 13485 (medical devices). |
Telecommunications | Relevant for Ooredoo, Vodafone Qatar deploying AI for network optimisation, customer experience. |
Energy & Utilities AI | Important for QatarEnergy, Kahramaa AI initiatives — predictive maintenance, demand forecasting. |
Cloud & AI Service Providers | Critical for emerging Qatar AI service providers and regional hyperscaler operations. |
Software Development & SaaS | Relevant for Qatar’s growing software sector developing AI-enabled products. |
Education AI | Relevant for educational institutions deploying AI — adaptive learning, plagiarism detection. |
Retail & E-commerce | Applicable to retailers and e-commerce platforms deploying recommendation engines. |
Transportation & Logistics | Important for Qatar Rail, Mwani Qatar, HIA, logistics operators deploying AI. |
Insurance | Applicable to insurers deploying AI for underwriting, claims processing. |
TNV (with Guardian local support) follows the ISO/IEC 17021-1:2015 certification process, with AI sector-specific competence requirements:
Stage | Activity | Outcome |
1 | Application & Contract | Application form. TNV reviews scope (AI systems, AI roles, target markets), proposes audit plan considering AI lifecycle stages. |
2 | Stage 1 Audit | On-site or remote readiness review. Auditor verifies AIMS documentation, AI policy, AI risk register, AI impact assessments, Statement of Applicability. |
3 | Stage 2 Audit | On-site full audit. Auditor samples evidence across all clauses and Annex A controls, reviews AI system development and deployment evidence, verifies AI lifecycle controls, audits data governance. |
4 | Certification Decision | TNV’s certification committee reviews audit report. Certificate issued by TNV Global Limited (3-year validity). |
5 | Surveillance & Recertification | Annual surveillance audits. Recertification before Year 3. |
Auditor competence: ISO/IEC 42001 audits require auditors with substantive AI technical competence — typically computer science, data science, or AI engineering backgrounds, plus management system audit competence.
Typical end-to-end implementation timeline is 9 to 15 months depending on AI portfolio breadth and existing AI governance maturity:
Phase | Duration | Activities |
AI System Inventory & Gap Analysis | 6-10 weeks | Inventory all AI systems in scope. Identify AI roles per system. Compare existing governance against ISO/IEC 42001 requirements and Annex A controls. |
System Design | 8-12 weeks | Develop AIMS Manual, AI policy, AI governance structure, AI risk methodology, AI impact assessment methodology, controls (Annex A), Statement of Applicability. |
Implementation | 16-24 weeks | Roll out AI governance processes. Conduct AI risk and impact assessments per system. Implement AI lifecycle controls. Train AI development and deployment teams. |
Internal Audit & Review | 4-6 weeks | Internal audit cycle. AI risk and impact review. Management review. Address findings. |
Certification Audit | 4-6 weeks | Stage 1 readiness review. Stage 2 full audit including AI system review. |
Key implementation considerations: AI system inventory is often the rate-limiting initial step. AI impact assessments per system require methodology development. AI lifecycle controls span development teams that may be distributed.
Indicative pricing range: QAR 6,000 – 24,000 depending on organisation size, AI portfolio breadth, and integration with other certifications.
Audit time and corresponding fee is calculated per IAF Mandatory Document 5 (IAF MD 5) with AI sector adjustments which consider:
For an exact quotation, contact Guardian Middle East LLC.
Tier 3 Disclosure — Issued by TNV Global Limited under UAF Accreditation. Certificates for ISO/IEC 42001:2023 are issued by TNV Global Limited (India) under United Accreditation Foundation (UAF) accreditation, recognized under IAF MLA. TNV Global Limited is the parent group of Guardian Assessment Pvt Ltd. Local representation, audit coordination, and customer support in Qatar by Guardian Middle East LLC (QFC 03870). IAF MLA Recognized under transition to GAC MRA. UAF aligning with GAC Inc. operational from 01 January 2026. |
ISO/IEC 42001 is the third standard in Guardian’s portfolio under Tier 3 (TNV/UAF), following ISO/IEC 20000-1:2018 (R11) and ISO 50001:2018 (R12). All Tier 3 certifications are issued by TNV Global Limited under UAF accreditation, with local representation by Guardian Middle East LLC.
Note: ISO/IEC 42001 is a relatively new standard (December 2023) and accreditation availability is expanding globally. TNV Global Limited’s UAF accreditation includes ISO/IEC 42001 within the broader information technology MS scope.
View Guardian’s recognition and accreditation details for more information about applicable recognition marks and registrations
ISO/IEC 42001:2023 is the current first edition, published in December 2023 by ISO/IEC JTC 1/SC 42. As a brand-new standard, ISO/IEC 42001:2023 is in early adoption phase.
No formal revision project for ISO/IEC 42001 is currently active. As a brand-new standard, ISO/IEC 42001:2023 is in early adoption phase and is expected to remain current for the foreseeable future. Standard 5-year systematic review will commence around 2028. Active family standard development supports continued 2023 edition implementation.
Reality: ISO/IEC 42001 certifies the management system, not individual AI products. Certification means the organisation has implemented systematic AI governance — it does not certify that any specific AI system is safe, ethical, or accurate.
Reality: ISO/IEC 42001 supports EU AI Act compliance but does not equal it. EU AI Act includes specific requirements (high-risk AI obligations, prohibited AI practices, transparency obligations, conformity assessment for high-risk AI) that go beyond ISO/IEC 42001.
Reality: ISO/IEC 42001 applies to AI users as well as developers and providers. Organisations deploying AI in their operations face governance obligations — particularly for high-impact AI use.
Reality: AI risks include but go beyond cybersecurity. Algorithmic bias, model drift, explainability failures, adversarial inputs, unintended behaviour, societal impact — these are AI-specific risks not adequately addressed by general cybersecurity frameworks. ISO/IEC 42001 and ISO/IEC 27001 are complementary, not duplicative.
Reality: Different scope. EU AI Act is regulatory law for EU market access. ISO/IEC 42001 is voluntary international standard providing AI governance framework. Many organizations will pursue both.
Integration | Why & When |
42001 + 27001 | AIMS + InfoSec — Most natural pairing. AI systems handle data; ISMS provides foundational data security. Almost universally combined. |
42001 + 27701 | AIMS + Privacy — Critical for AI systems processing personal data. |
42001 + 9001 | AIMS + Quality — Common foundation pairing for AI-enabled product/service organizations. |
42001 + 13485 | AIMS + Medical Devices — Critical for AI-enabled medical devices (SaMD). FDA QMSR + AI governance combined. |
42001 + 22301 | AIMS + Business Continuity — Important for AI-dependent operations and AI service providers. |
42001 + 20000-1 | AIMS + IT Service Management — Strong pairing for AI-enabled service providers. Both Tier 3. |
42001 + ISO 31000 | AIMS + Risk Management — ISO 31000 risk management framework supports AIMS risk approach. |
42001 + ISO/IEC 23894 | AIMS + AI Risk Management Guidance — Direct family standard supporting AIMS implementation. |
Integrated audit benefits: ISO/IEC 42001 + ISO/IEC 27001 + ISO/IEC 27701 triple integration delivers substantial savings (often 30-40% audit time reduction) and is the most common combination for AI-enabled organizations handling significant data. Explore the full ISO standards library to compare related certification options for quality, environment, safety, energy, and sustainability.
Verify CB accreditation directly on UAF (or applicable AB) register for ISO/IEC 42001:2023. Note: As ISO/IEC 42001 is a new standard, accreditation availability is expanding globally.
ISO/IEC 42001 audits require auditors with substantive AI technical competence — typically computer science, data science, or AI engineering backgrounds.
Most ISO/IEC 42001 certifications are integrated with ISO/IEC 27001 and/or ISO/IEC 27701. Choose CB with integrated audit capability.
AI governance differs significantly across sectors. Confirm CB has auditors with experience in your specific sector.
CB must not have provided AI governance consultancy services to the client within 2 years prior.
Compare on full 3-year total cost. Integration discounts often substantially reduce multi-standard total cost.
Audit | Timing & Scope |
Surveillance 1 | Within 12 months of Stage 2. Mandatory: management review, internal audit, AI risk and impact reviews, AI system changes, corrective actions. |
Surveillance 2 | Within 24 months of Stage 2. Same scope, different AI system sample. |
Recertification | Before 3-year anniversary. ~70% of Stage 2 duration. Re-evaluation of full AIMS. |
Special audits triggered by: significant AI portfolio change, major new AI system deployment, certificate transfer, AI-related material incident.
Certified organisations may use TNV mark and UAF accreditation mark on documents, marketing, websites, tender submissions — subject to TNV’s Use of Marks Policy.
Permitted: Letterhead, marketing materials, websites, tender submissions, AI governance reports.
Prohibited: CRITICAL — Use that implies certification of specific AI products is PROHIBITED (ISO/IEC 42001 certifies management system, not individual AI products) · Continued use after suspension/withdrawal · Use to imply EU AI Act compliance (separate compliance required).
Full policy: → Use of Marks
TNV operates an independent complaints and appeals process compliant with ISO/IEC 17021-1:2015. Local intake and coordination via Guardian Middle East LLC.
Full process: → complaints & appeals
Ready to begin your ISO/IEC 42001 AI management certification journey? Contact Guardian Middle East LLC for a no-obligation initial consultation. We coordinate with TNV Global Limited’s certification operations to provide accurate quotations.
Guardian Middle East LLC | Serving the Middle East
QFC Licence 03870 · Doha, Qatar
Location: Abo Hamour Area, Doha, Qatar
P.O. Box: 23277, Doha, Qatar
Mobile: +974 7770 2602 | +974 7213 7770
Email: info@guardian.qa
Website: www.guardian.qa
Or submit an enquiry: → Contact
