New benchmark for bodies certifying AI management systems

The increasing use of artificial intelligence (AI) presents significant challenges for auditing, primarily because of the complexity, opacity and adaptive nature of AI systems. Unlike traditional software, AI models evolve through continuous learning, making fixed-point audits insufficient. This creates a fundamental issue in defining appropriate audit timeframes, as compliance assessments must strike a balance between real-time or near-real-time monitoring and the logistical constraints of periodic certification cycles.

To help mitigate these issues and the inherent risks attributable to the use of AI generally, the demand for qualified AI management system (AIMS) auditors is projected to increase significantly in parallel with the proliferation of AI technologies across industry and society.

Competency frameworks governing AIMS auditing need to evolve at pace, to address these emerging complexities and provide clear guidelines and requirements for accrediting bodies to follow. Such auditing requires a multidisciplinary knowledge base that encompasses aspects such as proficiency in management systems and the relevant standards, AIMS controls, and familiarity with applicable conformity assessment and certification schemes.

These are areas of specialisation that are not yet widely embedded within conventional audit disciplines but are provided in BS ISO/IEC 42006:2025 Information technology - Artificial intelligence - Requirements for bodies providing audit and certification of artificial intelligence management systems.

An article earlier this year by Bernard Marr – Human Plus AI: Redefining Work In The Age Of Collaborative Intelligence – states that some 95% of workers see ‘potential value in working with generative AI and 94% are ready to learn new skills’. As the very real opportunity for commercial applications and traction of AI deployment (not just generative AI) picks up – in addition to the inherent socio-technical implications – there is an opportunity for organisations and leaders to prepare for an imminent world of AI-enabled operations and systems.

"By establishing uniform requirements for auditing and certifying AIMS, BS ISO/IEC 42006 can also play a pivotal role in enhancing trust, transparency and accountability in AI-driven enterprises worldwide."

Gavin Jones, Lead Standards Development Manager (Quantum, AI and Digital Accessibility), BSI

Complying with the guidance and requirements in BS EN ISO/IEC 42001:2023 Information technology – Artificial intelligence – Management system can act as the first step. To differentiate themselves and confidently build trust and credibility with stakeholders in their processes, organisations can undergo independent verification by conformity assessment bodies (CABs) and certification bodies.

The 42006 standard provides a comprehensive framework for accreditation bodies responsible for accrediting certification bodies that wish to certify to AIMS. It is designed to help:

• ensure consistency in AI certification through the use of structured requirements for accreditation bodies;
• facilitate peer assessment and accreditation of CABs and certification bodies auditing AI systems; and
• enable international mutual recognition of AI certifications, simplifying market access for organisations adopting the 42001 standard.

By establishing uniform requirements for auditing and certifying AIMS, BS ISO/IEC 42006 can also play a pivotal role in enhancing trust, transparency and accountability in AI-driven enterprises worldwide. Certification bodies operating within the scope of BS ISO/IEC 42001 must comply with BS ISO/IEC 42006 if they want to be accredited by an accrediting body, and this can help ensure robust, reliable and globally harmonised AI certification practices.

What does the standard cover?

To help resolve the issues for bodies certifying to BS ISO/IEC 42001 – or those wanting to certify – the following is covered within the standard in augmentation to BS EN ISO/IEC 17021-1:2015 Conformity assessment – Requirements for bodies providing audit and certification of management systems:

• foundational principles to ensure legal, contractual and impartiality obligations can be met;
• requirements defining governance, liability and financial responsibilities, personnel competencies, and confidentiality;
• certification processes for pre-certification;
• objectives for criteria selection, remote audit protocols and audit methodology;
• approval and surveillance mechanisms, re-certification criteria, special audits, and handling of certification suspension or withdrawal; • appeals, complaints management and client record-keeping; and
• audit-time calculation methods with examples.

How will these requirements help auditors working in this area?

The requirements outlined above provide a structured and reliable framework for certification bodies auditing AIMS. Some of those advantages and intended benefits are listed below in Table 1.

Table 1: Applicable benefits of adopting 42006

Providing clarity

BS ISO/IEC 42006 will provide much-needed clarity and practical requirements for the certification of AIMS according to BS ISO/IEC 42001. Its use will increase the safety, reliability and trustworthiness of AI systems in the UK and beyond.

About BSI

BSI is a business improvement and standards company that partners with more than 77,500 clients globally across multiple industry sectors. BSI provides organisations with the confidence to grow by working with them to tackle society’s critical issues – from climate change to building trust in AI and everything in between – to accelerate progress towards a fair society and a sustainable world.

Appointed as the UK’s National Standards Body, BSI represents the UK on international standards bodies such as ISO, IEC and CEN and leads in publishing standards on AI, quantum, accessibility, and industrial data. The organisation works with UK experts in committees such as ART/1 to develop AI standards that align with global framework.