Artificial Intelligence: it’s time for the ISO standard

Standard ISO/IEC 42001:2003 (Information technology – Artificial intelligence – Management system) has been approved in December 2023. It provides the organizational measures an enterprise developing artificial intelligence systems must adopt to put itself correctly on the market.

The introduction of the new ISO explains that the use of artificial intelligence is spreading in every field, that it will be one of the economic development engines for the next years, and that – in order to be able to face the challenges waiting for us on the economic and social level – it is necessary to outline the guidelines that allow companies to develop new products with more awareness and respect the fundamental values.

The critical issues found are mainly related to the use of AI to make automatized decisions – often in a non-transparent and incomprehensible way – data analysis, machine learning functioning and those related to the constant training to which AI systems are subjected that change their behavior during the use. There is, thus, the need for specific procedures to guarantee that AI maintains a responsible behavior also after the changes occurring over time.

Companies will have to focus on the application of rules to the functions that are typical of artificial intelligence. Some features of the AI, such as the ability to learn and improve constantly or the lack of transparency or understanding of the processes, can justify many measures of protection, if they create further concerns compared to how a work would have been carried out traditionally.

The adoption of an AI management system should represent a strategic choice for any organization, that should consider its own company structure and the specific applications in which artificial intelligence is used, and find a balance between new governance mechanisms and innovation, that should not stop.

It is also provided a sort of implementation of the “by design” and “by default” procedures. Their implementation right from the design of the AI systems should consider the goals setting, risks and opportunity management, safety, equality, transparency management throughout the entire life circle, as well as the proper management of partners who provide or develop AI systems on behalf of the company.

For what concerns the standards to take into considerations, the document mentions the data security standards (ISO 27001), the privacy regulation (GDPR), the ISO/IEC 22929:2022 standard which clarifies the principles and terms connected to Information Technology and Artificial Intelligence.

The ISO standards applies to any organization providing or using products or services that use AI systems, no matter the dimensions and nature.

It is not a mandatory regulation, in the sense that organizations can choose to adopt it or not, but it represents an essential benchmark for possible checks or responsibility actions, also with respect to the requirements established by the AI ACT.

It goes without saying that those who will get the ISO/IEC 42001:2003 can easily prove to have adopted all necessary measures to protect citizens and guarantee the respect of the European regulation. Those who will not get it will have to prove to have adopted suitable measures in some other way, but undoubtedly also in relation to the indications provided by ISO.

It is not hard to foresee that, soon enough, the adoption of ISO/IEC 42001:2003 could be necessary for the distribution of an AI system, not as a law requirement but as specific request of the market from partners who will not want to risk engaging in business relations on the basis of uncertified products.

The standard is very complex and it is not freely available for consultation but, as all ISO procedures that are property technical standards, must be purchased on this page.

Companies that use or develop artificial intelligence systems, even if they do not intend to apply for certification, certainly will have to take it into account.

Founder Turini Group | Studio Legale Turini
Attorney at Law | Patent and Trademark Attorney 

We are equipped with a specialized software for the management of patents, design, trademark, copyright's portfolios" Battista Software Project" - Studio Brevetti Turini s.r.l. Project co-financed under Tuscany POR FESR 2014-2020

PORCreO Regione Toscana