Enterprise-Grade Doesn't Mean Compliant — What ISO 42001 Actually Requires
ISO 27001 and SOC 2 verify information security management — they say nothing about AI governance. ISO 42001 Annex A requires documented AI risk assessments (A.7), AI system impact assessments (A.9), training data governance (A.10), and model monitoring (A.12). Even vendors with ISO 42001 certification have scope limitations that buyers must verify. Enterprise-grade security badges are not a substitute for AI-specific compliance evidence.
Every AI vendor's security page tells the same story. "Enterprise-grade." "SOC 2 Type 2." "ISO 27001 certified." Rows of compliance badges that procurement teams treat as a checkbox. But here's what those badges don't tell you: ISO 27001 and SOC 2 were designed for traditional IT systems. They verify that a vendor locks the server room door and logs who has the key. They say nothing about whether the vendor has ever conducted a formal AI risk assessment, documented an AI system impact analysis, or established controls for model behaviour monitoring.
ISO/IEC 42001:2023 changes that. Published in December 2023, it is the first international standard for Artificial Intelligence Management Systems (AIMS). It is not a security certification. It is an AI governance certification. And the gap between what vendors advertise and what ISO 42001 Annex A actually requires is wider than most enterprise buyers realise.
The Landscape: What "Enterprise-Grade" Actually Means
Walk through the trust portals of the major AI vendors and you will find a consistent pattern. SOC 2 Type 2 reports, ISO/IEC 27001:2022 certificates, FedRAMP authorisations, GDPR compliance statements. These are real audits conducted by real firms. They demonstrate that the vendor has controls over physical security, access management, encryption, and incident response.
None of them demonstrate that the vendor operates an AI management system.
This distinction matters because ISO 42001 does not replace ISO 27001. It layers on top of it. An organisation can hold every security certification available and still fail every control in ISO 42001 Annex A, because Annex A is not about securing infrastructure. It is about governing AI.
ISO 42001 Annex A contains 14 control domains, organised under four categories defined by the standard. The ones that catch buyers off guard are not the security controls. They are the AI-specific ones:
- A.7 AI Risk Assessment — the vendor must establish, implement, and maintain a documented process for AI risk assessment. This is not the same as a general enterprise risk register. It must address AI-specific risks: model bias, data drift, adversarial inputs, unintended outputs, and downstream harms.
- A.9 AI System Impact Assessment — before deploying or substantially modifying an AI system, the vendor must assess its potential impact on individuals, groups, and society. The assessment must be documented and reviewed at defined intervals.
- A.10 Data Management for AI — controls over training data provenance, data quality, labelling accuracy, and data lifecycle management. This goes well beyond the data protection measures in ISO 27001 or GDPR compliance.
- A.11 AI System Design and Development — documented processes for model selection, testing, validation, and verification. This includes controls over the responsible design of the AI system itself, not just the infrastructure it runs on.
When a vendor's security page shows ISO 27001 and SOC 2 badges, it demonstrates exactly none of these things. It demonstrates that the vendor has an Information Security Management System. Not an AI Management System. The two are related but not interchangeable. Conflating them is the single most expensive mistake an enterprise procurement team can make in 2026.
Vendor A: OpenAI — Certified, But What Does That Cover?
OpenAI is one of a small number of AI labs that has achieved ISO/IEC 42001:2023 certification. Their trust portal, hosted on SafeBase, displays the certification badge alongside ISO 27001, SOC 2, and FedRAMP. The certificate is real. It was issued by an accredited auditor. That is a meaningful achievement and OpenAI deserves credit for pursuing it.
But ISO 42001 certification does not mean "all OpenAI products are ISO 42001 compliant." It means OpenAI has established an AI Management System that conforms to the standard. The scope of that AIMS matters. A certification might cover ChatGPT Enterprise. It might not cover the API platform in the same way. It almost certainly does not cover every model version, every deployment scenario, or every use case a customer brings to the platform.
Annex A control A.9 requires AI system impact assessments for each system before deployment. If your organisation is building a customer-facing chatbot on OpenAI's API that processes healthcare data, the fact that OpenAI has an ISO 42001 certificate for its own AIMS does not absolve you of your obligation to conduct your own AI system impact assessment. The standard requires it of the organisation deploying the system — which is you, not OpenAI.
This is where the certification badge becomes dangerous. It creates a halo of assumed compliance. Procurement teams see the badge and stop asking questions. They should be asking: "What is the scope of this certification?" and "What controls does it explicitly exclude?" and "Show me the AI system impact assessment for the specific model we plan to use."
Vendor B: Google Cloud — The Most Transparent, and the Lesson Therein
Google Cloud's ISO 42001 compliance page is a model of transparency. It lists exactly which products are in scope: Gemini Enterprise, Document AI, Cloud Translation, Speech-to-Text, Text-to-Speech, and several others. It states plainly that the certificate is available for verification at IAF CertSearch. It names the certifying body.
Google Cloud's page teaches two lessons. First, product-level scope matters. If you are using a Google Cloud AI service that is not listed on that page, the ISO 42001 certification does not apply. Second, even the most transparent vendor cannot certify your deployment. ISO 42001 is a management system standard. It certifies the vendor's processes for governing AI within their organisation. It does not certify that every AI interaction your users have will be safe, fair, or compliant with the EU AI Act.
The IAF CertSearch database confirms Google Cloud's certificate is active and valid. But searching for other major AI vendors on the same database surfaces a pattern: many of them simply are not there. The gap is not between vendors who do AI governance well and vendors who do it poorly. It is between vendors who have formal, auditable AI management systems and vendors who do not.
Common Patterns: What Every Vendor Analysis Reveals
After analysing the public documentation of multiple AI vendors against ISO 42001 Annex A, three patterns emerge consistently:
1. The security-to-AI conflation. Vendors list ISO 27001 and SOC 2 prominently and implicitly position them as evidence of AI governance maturity. These certifications are valuable, but they address information security management — not AI risk assessment, not AI system impact analysis, and not model behaviour monitoring. A.7, A.9, A.10, and A.11 of Annex A are not covered by ISO 27001.
2. The transparency gap. Vendor trust portals vary dramatically in what they disclose. Google Cloud lists product-level scope and provides a direct link to the IAF certificate database. Other vendors bury certification details in JavaScript-heavy single-page applications where the scope, if it exists, requires an NDA to access. An enterprise buyer cannot evaluate what they cannot see.
3. The deployment handoff. Every ISO 42001 certificate covers the vendor's AIMS. None of them cover the buyer's deployment. Under the EU AI Act (Regulation 2024/1689), the deployer of a high-risk AI system carries independent obligations — including conducting a fundamental rights impact assessment and maintaining human oversight. A vendor's certification does not satisfy these obligations, even if the vendor is fully ISO 42001 compliant.
4. The NIST blind spot. ISO 42001 and the NIST AI Risk Management Framework (AI RMF 1.0) are complementary but not equivalent. ISO 42001 is a certifiable management system standard with mandatory controls. NIST AI RMF is a voluntary framework for managing AI risk. A vendor that aligns with NIST AI RMF has not necessarily established the documented, auditable management system that ISO 42001 Annex A requires, particularly in controls A.7 (documented risk assessment process) and A.9 (documented impact assessment).
What Enterprise Buyers Should Verify
Before signing a contract with any AI vendor, regardless of the compliance badges on their website, procurement teams should verify five things:
- Scope of certification. If the vendor claims ISO 42001 certification, ask for the scope statement and the certificate number. Verify it at IAF CertSearch. If the vendor does not claim ISO 42001, ask whether they plan to pursue it and on what timeline.
- AI system impact assessment. Ask for the AI system impact assessment for the specific product and version you plan to deploy. If one does not exist, your own obligations under the EU AI Act have not gone away. You will need to conduct one yourself.
- Training data governance. Annex A control A.10 requires documented controls over training data provenance and quality. Ask: "What is the provenance of the training data for this model? How is data quality measured and maintained across versions?"
- Model monitoring and drift detection. Annex A control A.12 requires ongoing monitoring of AI system behaviour. Ask: "What monitoring systems are in place for this model? How do you detect and respond to model drift or unexpected outputs?"
- Third-party AI risk. If the vendor itself uses third-party models, datasets, or AI infrastructure (as many do), Annex A control A.13 requires documented controls over AI supply chain risk. Ask: "What models and datasets do you depend on from third parties? How do you assess their AI governance maturity?"
None of these questions are answered by an ISO 27001 certificate. None of them are an unreasonable ask. They are the minimum a competent enterprise procurement team should require in 2026, and they align directly with the controls in ISO 42001 Annex A.
The enterprise AI market has matured past the point where a security badge is sufficient due diligence. The standards exist. The certification bodies are accredited. The gap is not in the regulatory framework. It is in the procurement process. Enterprise-grade does not mean compliant. Only documented evidence, verified against the standard, means compliant.
If your AI vendor cannot produce it, you have your answer.
Written by David Swan, reviewed and fact-checked against primary regulatory sources. AI-assisted but human-directed.
Frequently asked questions
What is ISO 42001 and why does it matter for AI procurement?
ISO/IEC 42001:2023 is the first international standard for Artificial Intelligence Management Systems (AIMS). It specifies requirements for establishing, implementing, and maintaining AI governance processes — including AI risk assessments, system impact assessments, and data management controls. For procurement teams, it is the difference between trusting a vendor's marketing and verifying they have auditable AI governance.
Does ISO 27001 certification mean an AI vendor is compliant?
No. ISO 27001 certifies an Information Security Management System — it covers access controls, encryption, and security incident response. It does not cover AI-specific controls like documented AI risk assessments (Annex A.7), AI system impact analyses (A.9), training data governance (A.10), or model behaviour monitoring (A.12). A vendor can be ISO 27001 certified and fail every AI governance control in ISO 42001.
If a vendor has ISO 42001 certification, is my deployment covered?
No. ISO 42001 certifies the vendor's own AI Management System, not your deployment. Under the EU AI Act, deployers of high-risk AI systems carry independent obligations including fundamental rights impact assessments and human oversight requirements. You must verify the scope of the vendor's certification and conduct your own assessments for your specific use case.
What are the most important ISO 42001 Annex A controls for buyers to check?
The four controls most commonly missed by vendors are: A.7 (documented AI risk assessment process), A.9 (AI system impact assessment before deployment), A.10 (training data provenance and quality controls), and A.12 (ongoing model monitoring and drift detection). These are AI-specific and are not covered by ISO 27001 or SOC 2.
How can I verify a vendor's ISO 42001 certification is real?
Request the certificate number and scope statement from the vendor and verify both at the IAF CertSearch database (iafcertsearch.org). The scope statement tells you which products and processes are covered. Certification for one product does not extend to the vendor's entire portfolio.
What if my AI vendor has no ISO 42001 certification at all?
Ask whether they plan to pursue certification and on what timeline. In the meantime, request documented evidence for each ISO 42001 Annex A control that applies to your use case: the AI risk assessment, the system impact assessment, the training data governance documentation, and the model monitoring plan. If they cannot produce these, you have a compliance gap you need to address yourself.


