Compliance with the European Union's Artificial Intelligence Act. ISO 42001

Compliance with the European Union's Artificial Intelligence Act. ISO 42001

Arturo Belda, Cybersecurity Consultant - Principal

Arturo Belda

Cybersecurity Consultant - Principal

November 7, 2024

Artificial intelligence (AI) is already a commonly used tool across multiple sectors, and it’s transforming industries like healthcare, finance, and retail, all of which will become increasingly reliant on it.

On July 12, the European Union published the EU Artificial Intelligence Act in the Official Journal of the European Union, marking the first AI regulation of its kind globally. The Act provides a two-year period for compliance with most of its provisions.

This act applies to providers, importers, and distributors of AI systems within the EU and also to providers outside the EU if their systems are used within the EU.

It focuses on managing the inherent risks associated with this technology, with possible penalties reaching up to 35 million euros or 7% of global annual revenue. Managing these risks effectively is critical to keep them at acceptable levels. So, how do we approach this?

The most reliable way to ensure that AI systems are ethical and compliant with the EU act is to implement an AI Management System based on ISO 42001: “Artificial intelligence Management Systems — Requirements and Guidance for Use”. This certifiable standard helps organizations manage AI effectively and, like all ISO standards, supports ongoing improvement.

ISO 42001 also emphasizes risk management, ethics, accountability, and transparency, providing a strong foundation for complying with the Act, though some minor adjustments may be required for full compliance.

Additionally, ISO’s harmonized structure (with its first 10 domains similar across standards) allows us to combine it with standards like ISO 27001 in a single, Integrated Management System, ensuring security as well.

By implementing an Integrated Information Security and AI Management System (ISAMS), we can create policies and procedures that address both information security and ethical and responsible AI use. This integrated approach allows for unified risk management, reducing the need for separate resources and enabling leadership to view and address these risks holistically.

Through an ISAMS, we ensure continuous improvement, which is the cornerstone of ISO standards, enhancing stakeholder trust and gaining a competitive advantage.

By opting for an ISAMS, organizations can set consistent policies that cover both security and ethical aspects of AI, optimizing resources and building stronger trust with clients and stakeholders.

Effectively integrating standards like ISO 27001 and ISO 42001 not only protects organizations from emerging threats but also ensures the ethical and responsible development of advanced technologies.

Arturo Belda, Cybersecurity Consultant - Principal

Arturo Belda

Cybersecurity Consultant - Principal

International cybersecurity leader with over 15 years of experience in risk management, security audits, and management system certifications. Expert in defining and implementing consulting and quality areas, including strategies, products, and team training. Currently developing the Cybersecurity consulting division at SNGULAR. My main hobby and passion is teaching.


Our latest news

Interested in learning more about how we are constantly adapting to the new digital frontier?

The digital ecosystem with which Vítaly reinvents healthcare
The digital ecosystem with which Vítaly reinvents healthcare

Insight

November 26, 2024

The digital ecosystem with which Vítaly reinvents healthcare

Artificial Intelligence, from technology to transformation
Artificial Intelligence, from technology to transformation

Insight

November 6, 2024

Artificial Intelligence, from technology to transformation

NotebookLM and Its Implications for Business AI
NotebookLM and Its Implications for Business AI

Insight

October 17, 2024

NotebookLM and Its Implications for Business AI

Updates NIS2 Directive: What Does Your Organization Need to Know?
Updates NIS2 Directive: What Does Your Organization Need to Know?

Tech Insight

October 8, 2024

Updates NIS2 Directive: What Does Your Organization Need to Know?