ISO 42006: ELEVATING CONFIDENCE IN AI MANAGEMENT SYSTEM CERTIFICATION
Artificial intelligence (AI) now sits at the heart of many business models, carrying with it complex ethical, legal and operational risks. The recently published ISO/IEC 42006:2025 – Requirements for Bodies Providing Audit and Certification of AI Management Systems (ISO 42006) – responds to that reality by establishing the first dedicated benchmark for bodies that audit and certify AI management systems (AIMS) under ISO 42001. Whereas ISO 42001 sets the substantive requirements an organisation must meet to govern its AI lifecycle, ISO 42006 turns the lens on the certifiers themselves, prescribing how they must operate so that every certificate issued can be relied upon by regulators, investors and consumers alike.
For organisations seeking or relying on AIMS certification, ISO 42006 therefore offers an additional layer of assurance: it standardises the gatekeepers. In an environment where trustworthy AI is fast becoming a licence to operate, boards and compliance teams should understand how this new standard underpins the quality of the certificates they depend upon.
The value of engaging with an ISO 42006 accredited certification body
For organisations, engaging with a certification body accredited to ISO 42006 is not merely a procedural step; it is a strategic decision that underpins the credibility and effectiveness of their AI governance. The standard imposes stringent requirements on certification bodies, ensuring that the audit process is not only rigorous and impartial but also specifically adapted to the unique risks and complexities inherent in AI systems.
Rigour and depth of audit. Certification bodies accredited to ISO 42006 must demonstrate a high level of technical and sectoral competence. Auditors are required to possess advanced knowledge of AI technologies, management systems and the specific regulatory and operational context of the client.
Oct-Dec 2025 Issue
CMS Cameron McKenna Nabarro Olswang LLP