ISO/IEC 42001 vs ISO/IEC 27001: what is different and what overlaps

ISO/IEC 27001:2022 specifies an Information Security Management System (ISMS). Its scope is the confidentiality, integrity and availability of information assets, regardless of whether those assets are paper records, databases, source code, cloud workloads or trained models. The standard defines a management-system core in clauses 4 to 10 and a control catalogue in Annex A with 93 controls grouped in four themes: organisational (37), people (8), physical (14) and technological (34) [2].

The certification ecosystem is mature. ISO 27001 has been the global enterprise security baseline since the 2005 revision (formerly BS 7799 and ISO/IEC 17799). Every major certification body, including BSI, DNV, TUV, Bureau Veritas, AENOR and SGS, runs an active 27001 scheme with public auditor pools and known fee structures.

27001 is technology-agnostic. It tells an organisation to identify information assets, assess risks, select and implement controls, and run a management cycle that maintains assurance over time. It does not prescribe specific tools or vendors, which is why it composes well with sector-specific overlays such as ISO 27017, ISO 27018, ISO 27701 and now ISO/IEC 42001.

ISO/IEC 42001:2023 specifies an AI Management System (AIMS). Its scope is the lifecycle of artificial intelligence systems within an organisation, including ethical use, transparency, accountability, fairness, data quality and human oversight. The standard mirrors the Annex SL clause structure used by 27001 and 9001, then adds 38 AI-specific Annex A controls, an Annex B implementation guidance section, and an Annex C catalogue of AI-related organisational objectives and risk sources [1].

The certification ecosystem is still maturing. ISO published 42001 in December 2023 and the IAF published its mandatory document on AI management system certification in 2024 [3]. BSI, DNV, TUV Nord, Bureau Veritas and AENOR have all announced 42001 schemes, but the auditor pool is small and global capacity is limited through 2026.

42001 covers what 27001 deliberately does not address: model lifecycle governance, training-data quality, algorithmic bias, AI-specific transparency, and human oversight design. It explicitly references AI risk sources that have no equivalent in security standards, including emergent behaviour, distributional shift and the social impact of automated decisions.

The table below summarises the practical differences buyers face when planning a programme.

Both standards adopt the Annex SL Harmonised Structure, so clauses 4 to 10 (context of the organisation, leadership, planning, support, operation, performance evaluation, improvement) read almost identically. An organisation can run a single integrated management system that covers both, with one risk register, one internal audit programme, one management review and one nonconformity process.

Specific control overlaps are concrete. ISO 27001 control A.5.34 (Privacy and protection of PII) feeds directly into AIMS data governance under 42001. Asset management controls in 27001 underpin model and dataset inventory under 42001. Supplier-relationship controls cover sub-processors in both regimes. Incident management, business continuity and access control all transfer with minimal duplication of evidence.

The practical implication is that an organisation already running a clean 27001 ISMS has done roughly 40 to 60 percent of the documentary work needed for 42001, depending on how mature its AI governance was prior to certification scoping.

ISO 27001 does not address algorithmic bias, model lifecycle, training-data quality or AI-specific transparency. Its controls are silent on whether a model treats protected groups equally, whether training data is representative, whether model performance has drifted, or whether end users are informed they are interacting with an AI system. These are precisely the gaps 42001 fills.

Conversely, ISO 42001 does not deeply cover network security, cryptography, physical access control or vulnerability management. It assumes that the underlying information infrastructure is governed by a separate ISMS or equivalent. Running 42001 alone, without 27001 or comparable security assurance, is technically permitted but produces a weak overall posture and tends to fail enterprise procurement diligence.

This is why most analysts and certification bodies recommend the two as complements, not alternatives.

The answer depends on AI-system maturity. A greenfield AI organisation, or any organisation without an existing ISMS, should certify ISO 27001 first. It is the foundation, the auditor pool is large, and roughly half the management-system documentation will be reused for 42001 later. Trying to run 42001 on an unstable security base creates rework when 27001 is added afterwards.

An organisation already 27001-certified that is now deploying AI should go directly to 42001. The Annex SL structure means the existing ISMS clauses 4 to 10 transfer with minor scope changes, and the work concentrates on the 38 AI-specific Annex A controls plus the data governance, model lifecycle and human oversight sections.

A regulated organisation operating under sector frameworks (DORA in financial services, NIS2 in critical infrastructure, MDR in medical devices) should sequence around the regulatory deadline that bites first, with 27001 typically as the prerequisite and 42001 as the AI overlay.

ISO 42001 Annex A controls map to several core EU AI Act articles for high-risk systems: Article 9 (risk management), Article 10 (data and data governance), Article 11 (technical documentation), Article 12 (record-keeping), Article 13 (transparency and provision of information to deployers), Article 14 (human oversight), Article 15 (accuracy, robustness and cybersecurity) and Article 17 (quality management system) [4].

The mapping is useful evidence but it is not automatic conformity. The Act distinguishes harmonised standards (which give a presumption of conformity once cited in the Official Journal) from non-harmonised standards such as 42001 today. An ISO 42001 certificate is a strong evidence pack for conformity assessment under the Act, but it does not replace the conformity assessment procedure itself.

The European Commission's AI Office and CEN-CENELEC JTC 21 are working on harmonised standards that will eventually reference 42001. Until then, treat the certificate as a credibility multiplier in procurement and audit, not as a regulatory shortcut.

ISO 42001 and the NIST AI Risk Management Framework (AI RMF 1.0, with the Generative AI Profile NIST.AI.600-1 published in 2024) are deeply aligned, particularly between 42001 Annex A and the NIST GOVERN function [5]. Organisations that have implemented the NIST GOVERN, MAP, MEASURE and MANAGE functions will find the documentary uplift to 42001 manageable.

The two are complementary rather than redundant. NIST AI RMF is voluntary and best used as an internal management tool. ISO 42001 is a certifiable management system. A common pattern in 2026 is to use NIST AI RMF as the internal operating model and 42001 as the external assurance wrapper.

For ISO 27001, a typical mid-market certification runs 9 to 15 months from Stage 0 readiness assessment to certificate issuance. Indicative consultancy cost is EUR 15 to 50 thousand, with auditor fees of EUR 8 to 25 thousand for the initial cycle, depending on scope, headcount and number of physical sites.

For ISO 42001, an organisation already 27001-certified can typically reach 42001 certification in 6 to 12 months, with consultancy cost in the range of EUR 20 to 60 thousand. The wider range reflects scarcity of qualified consultants in 2026 and the need to mature AI governance practices that may not have existed before.

Running both certifications in an integrated programme (rather than sequentially) is more cost-efficient when starting from zero, but it requires a competent integrated lead and a single document architecture. Most organisations find sequential easier to manage and only marginally more expensive.

Below is an illustrative excerpt of how an organisation with a clean ISO 27001 ISMS maps existing controls to the new 42001 requirements without duplicating evidence.

• 27001 A.5.9 (Inventory of information and other associated assets) covers 42001 model and dataset inventory. Single asset register; add fields for model type, training data lineage and intended purpose.
• 27001 A.5.34 (Privacy and protection of PII) covers 42001 data governance. Reuse the PII control with an AI-specific addendum on representativeness and consent for training use.
• 27001 A.5.19 to A.5.23 (Supplier relationships) cover 42001 sub-processor and foundation-model provider clauses. Reuse contracts with an AI-specific schedule on training data, fine-tuning rights and incident notification.
• 27001 A.8.16 (Monitoring activities) covers part of 42001 post-deployment monitoring, but extend it with model performance metrics, drift detection and fairness indicators.
• 27001 A.5.25 to A.5.27 (Incident management) covers 42001 AI incident reporting. Reuse the process; add categories for harmful output, bias incident and explainability complaint.

The remaining 42001 controls without 27001 equivalents (impact assessment for AI systems, human oversight design, transparency obligations, AI-specific resources and competence) require new documentation but typically reuse existing management-system processes.