ISO/IEC 42001 · checked July 2026

The AI governance standard, before it is urgent.

The first international AI management system standard; Singapore accreditation is in an SAC pilot. Early adoption phase in Singapore as at Jul 2026. This page is short because the honest content is short: there is not much settled yet, and we would rather say that plainly than pad it out.

Who should care already.

Most businesses in Singapore do not need to think about this yet. These three groups should start now.

Vendors selling AI features to enterprises

Vendor-risk questionnaires are growing an AI section. That section is usually 42001-shaped, whether or not the buyer says so.

Organisations already holding ISO 27001

42001 reuses the same management-system spine: policies, risk treatment, internal audit, management review. Less new to build than it looks.

Anyone whose customers are regulated

Finance and healthcare buyers are starting to ask their suppliers AI-governance questions ahead of asking for the standard by name.

One thing we will not do: conflate the EU AI Act with Singapore requirements. The EU AI Act's deadlines are a European driver. There is no equivalent Singapore mandate today. If a vendor tells you otherwise to sell you something faster, that is worth questioning. (say real: no SG law yet, don't let anyone rush you.)

Where this sits in our plan.

ISO 42001 is in our long-term wave, alongside DPTM and ISO 27001. We are not taking engagements yet.

  • Engagements from 2027. We are building the method now, the same way we built Cyber Essentials: a syllabus, a schedule, real evidence.
  • Pricing published at launch. Same one-sentence rule as everything else on this site. No quote forms, ever.
  • Join the list via a 30-minute chat. Tell us what you are seeing in procurement now, and we will let you know when something real changes.
Join the list

Plain answers

What is ISO 42001 in one sentence?

The first international AI management system standard; Singapore accreditation is in an SAC pilot.

Do we need it now?

Most SMEs do not, yet. If you are not selling AI features and your customers are not asking, this can wait. If you are an AI-heavy vendor and starting to see AI questions in procurement, start watching. We will tell you honestly when the answer is "not yet", free, and we mean it.

Does our ISO 27001 certification help?

Yes. ISO 42001 shares the same management-system spine as ISO 27001: risk assessment, documented controls, internal audit, management review. Holding 27001 already means less new process to build.

Watching this space too?

Join the list and we send one short note when something real changes. Not a newsletter.