BS ISO IEC 42006-2025 PDF

Full title and description

STB BS ISO IEC 42006-2025 — Information technology — Artificial intelligence — Requirements for bodies providing audit and certification of artificial intelligence management systems. This document specifies AI‑specific additional requirements and guidance for certification bodies that audit and certify Artificial Intelligence Management Systems (AIMS) in accordance with ISO/IEC 42001, building on the general conformity assessment principles of ISO/IEC 17021‑1.

Abstract

ISO/IEC 42006:2025 defines the competencies, processes and governance measures that certification bodies must have in place to credibly audit and certify organisations' AI management systems. The standard supplements ISO/IEC 17021‑1 with requirements tailored to the unique technical, ethical and data‑related risks of AI, promoting consistent and trustworthy AIMS certification across sectors and jurisdictions.

General information

• Status: Published
• Publication date: July 2025 (ISO edition 1 published July 2025; BSI adoption announced 21 July 2025)
• Publisher: Original international publication by ISO/IEC (ISO/IEC JTC 1/SC 42). Adopted/published as a British Standard by BSI; product title uses the local STB designation as provided.
• ICS / categories: 35.020 (Information technology), 03.120.20 (Management systems)
• Edition / version: Edition 1 (2025)
• Number of pages: 31

Scope

This standard specifies additional requirements for bodies that perform audits and certification of Artificial Intelligence Management Systems (AIMS) against ISO/IEC 42001. It is intended to be used in conjunction with ISO/IEC 17021‑1 (general requirements for bodies providing audit and certification of management systems) and covers competence, impartiality, audit methods, surveillance, records and reporting specific to AI‑related risks and controls. The scope covers certification activities for organizations that develop, deploy, operate or offer AI systems, across industries and organizational sizes.

Key topics and requirements

• AI‑specific competence and training requirements for auditors (ethics, data quality, model validation, algorithmic risk, safety and security).
• Independence, impartiality and conflict‑of‑interest management tailored to AI assurance engagements.
• Audit methodologies and techniques appropriate for AI systems, including lifecycle review, data provenance checks and model performance/evaluation evidence.
• Risk‑based determination of audit scope and effort, including treatment of high‑risk AI applications.
• Requirements for surveillance, recertification, handling of nonconformities and appeals in the context of AIMS.
• Confidentiality, data protection and secure handling of sensitive model/data artifacts during assessments.
• Criteria for accreditation and for integration of AIMS certification into wider product/service conformity assessment schemes.
• Documentation, reporting and transparency expectations for certification decisions relating to AI systems.

Typical use and users

Primary users are certification bodies and accreditation bodies that assess and accredit organisations auditing AIMS. Secondary users include conformity assessment scheme owners, large organisations seeking ISO/IEC 42001 certification, regulators, auditors and professional services firms offering AI assurance. The standard also supports procurement teams and stakeholders who need to evaluate the credibility of AIMS certification providers.

Related standards

Closely linked documents and series include ISO/IEC 42001 (AI management systems), ISO/IEC 17021‑1 (requirements for bodies providing audit and certification of management systems), ISO/IEC 42005 (related AI guidance standards), ISO/IEC 22989 (AI terminology and concepts), ISO/IEC 23894 (AI risk management guidance), and ISO/IEC 17065 (product certification schemes) — these standards are commonly used together when implementing or assessing AI governance and certification programmes.

Keywords

AI management system, AIMS, audit, certification body, accreditation, AI audit, auditor competence, algorithmic risk, data quality, impartiality, ISO/IEC 42001, ISO/IEC 17021‑1, governance, surveillance, recertification

FAQ

Q: What is this standard?

A: ISO/IEC 42006:2025 provides additional requirements for bodies that audit and certify Artificial Intelligence Management Systems (AIMS). It is an AI‑specific overlay to the general management‑system certification rules in ISO/IEC 17021‑1, designed to ensure credible, consistent AIMS certification.

Q: What does it cover?

A: It covers competence and training for AI auditors, independence and conflict‑of‑interest controls, AI‑specific audit methods and evidence, risk‑based audit scoping, surveillance and recertification, confidentiality and handling of sensitive AI artifacts, and accreditation-related requirements for certification bodies assessing AIMS.

Q: Who typically uses it?

A: Certification bodies and accreditation bodies are the primary users. Other stakeholders include organisations seeking ISO/IEC 42001 certification, conformity assessment scheme owners, auditors, consultancies offering AI assurance, regulators and procurement teams evaluating certification providers.

Q: Is it current or superseded?

A: It is current — this is the first edition published in July 2025 (ISO/IEC 42006:2025). There are no earlier editions of ISO/IEC 42006 to be superseded.

Q: Is it part of a series?

A: Yes. ISO/IEC 42006 is part of the growing family of ISO AI standards developed under ISO/IEC JTC 1/SC 42 and is intended to be used with ISO/IEC 42001 (AI management systems) and other AI guidance standards such as ISO/IEC 42005, ISO/IEC 22989 and ISO/IEC 23894.

Q: What are the key keywords?

A: Key keywords include AI management system, AIMS, certification body, audit, auditor competence, algorithmic risk, data quality, impartiality, surveillance, accreditation, ISO/IEC 42001 and ISO/IEC 17021‑1.