1 Artificial intelligence
1.1 History
The evolution of atificial intelligence since the 1990s, ISO standard

1.1 History
Since antiquity, myths and legends have evoked artificial beings endowed with intelligence or consciousness, reflecting an age-old fascination with the creation of intelligent machines.
In the 20th century, philosophers and mathematicians, such as Alan Turing, laid the theoretical foundations. In 1950, Turing proposed the famous "Turing test," a method for evaluating a machine's intelligence by measuring its ability to mimic human conversation. He posed the key question: "Can machines think?"
In 1956, the term "Artificial Intelligence" (AIartificial intelligence) was coined at the Dartmouth conference, organized by John McCarthy, Marvin Minsky, Claude Shannon, and Herbert Simon.
Researchers developed the first AIartificial intelligence programs and artificial neural networks, such as Frank Rosenblatt's Perceptron. Expectations were high, with optimistic predictions about the rapid creation of machines as intelligent as humans.
However, technological limitations and a lack of data led to an initial "AI winter" in the 1970s, marked by a reduction in funding.
AI experienced resurgence with the development of expert systems and machine learning. Algorithms became capable of improving themselves through data, paving the way for more dynamic applications.
Advances in computing power and the emergence of graphics processing units (GPUs) are accelerating research, particularly in deep learning.
Big data and advances in deep learning enabled major breakthroughs:
- image recognition
- natural language processing
- autonomous vehicles, etc.
Some significant dates:
1997: Deep Blue (IBM) defeated Garry Kasparov, the world chess champion.
2006: Geoffrey Hinton revived deep neural networks (deep learning).
2012: AlexNet (Hinton's neural network) on ImageNet achieves a spectacular victory in image recognition.
2016: AlphaGo (Google) defeats Lee Sedol, one of the world's best professional Go players.
2022–2025: ChatGPT, Claude, Gemini, Copilot, Mistral, etc., make generative AI accessible to the general public.
Faced with the rapid growth of AI and the ethical, security and reliability challenges it raises, the International Organization for Standardization (ISOInternational Organization for Standardization ) and the International Electrotechnical Commission (IEC) are working together to develop a specific standards framework.
ISO/IEC 42001 is the first international standard dedicated to the management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) of artificial intelligence (AIartificial intelligence).
The standard is generic because it applies to the management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) of any organizationa structure that satisfies a need (see also ISO 9000, 3.2.1) , without any constraints related to size, activityset of tasks to obtain a deliverable, or type. It is an international voluntary standard that allows certification by an accredited (certification) body.
The ISO/IEC 42001 standard was published in December 2023, marking a major milestone in the global governance of AIartificial intelligence. It became the first certifiable standard for AIartificial intelligence management systemsset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3), offering a structured methodology for risk managementactivities to restrict the possibility that something goes wrong (see also ISO Guide 73, 2.1), ethics, transparency, and continual improvementprocess allowing the improvement of the global performance of the organization (see also ISO 9000, 3.3.2).
ISO 42001 aims to help organizationsa structure that satisfies a need (see also ISO 9000, 3.2.1) control algorithmic bias, protect privacy, ensure data confidentialityproperty of information accessible only to authorized persons (see also ISO 27000, 3.10), and guarantee conformityfulfillment of a specified requirement (see also ISO 9000, 3.6.11) with regulations, such as the AI Act in Europe.
It is based on a common structure (HLS – High Level Structure) to facilitate its integration with other management standards, such as ISO 27001 (information securitycontrols to protect the confidentiality, integrity and availability of information (see also ISO 27000, 3.28)).
1.2 Application areas
Application areas of AI

Artificial intelligence is everyone's business
The ISO/IEC 42001 standard applies to any organizationa structure that satisfies a need (see also ISO 9000, 3.2.1) that designs, develops, deploys, or uses an artificial intelligence systemset of interacting processes (see also ISO 9000, 3.5.1).
Its objective is to ensure that AIartificial intelligence management is safe, transparent, accountable, and compliant.
Practical application areas:
- industry, manufacturing:
- automated quality control
- predictive maintenance
- production line optimization
- healthcare, biotechnology:
- automated diagnostics
- medical imaging analysis
- AI-powered patient monitoring
- finance, insurance:
- credit scoring
- fraud detection
- risk analysis
- education, research:
- intelligent tutoring systems
- automated grading
- translation
- educational AI
- transportation, logistics:
- autonomous vehicles
- dynamic route planning
- intelligent warehouse management
- IT, cyber security:
- anomaly detection
- automated defense
- predictive AI for threats
- public sector, local authorities:
- AI for citizen services
- urban security
- public data management
- commerce, marketing:
- product recommendation
- customer personalization
- behavioral analysis
Application levels:
- strategic:
- governance
- AI policy
- regulatory compliance
- operational:
- design process
- validation
- deployment
- AI model maintenance
- technical:
- data management
- algorithm architecture
- security and explainability
- ethical and compliance:
- bias assessment
- traceability
- documentation
- social responsibility
The implementation of an AIartificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) is always:
- the result of a strategic decision by top management
- aligned with:
- objectives of the organization
- corporate culture
- business processes
1.3 Principles and steps
Properties of artificial intelligence, quality management principles, preparation and implementation of an AIMS, Deming cycle
Artificial intelligence is a process
Artificial intelligence (AIartificial intelligence) is a mindset that begins with top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) as a top strategic priority and extends to all staff. Top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) defines the AIartificial intelligence policy, which sets the AIartificial intelligence objectivesmeasurable goal to be achieved applicable to all activitiesset of tasks to obtain a deliverable. The tool used to achieve these objectivesmeasurable goal to be achieved is the artificial intelligence management system (AIMSartificial intelligence management system).
Every AIartificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) comprises three distinct and interdependent approaches:
- the process approach
- the risk approach
- continual improvement
The seven quality managementactivities allowing the control of an organization with regard to quality (see also ISO 9000, 3.3.4) principles (cf. figure 1-1) will help us achieve sustainable performancemeasurable and expected results of the management system (see also ISO 9000, 3.7.8) (cf. ISO 9000:2015, § 2.3).

Figure 1-1. The 7 quality management principles
A well-prepared approach is half successful
The processactivities that transform inputs into outputs (see also ISO 9000, 3.4.1) for implementing an artificial intelligence management system involves several steps. An example of preparation is shown in figure 1-2.

Figure 1-2. AIMS preparation
Step 1 involves identifying the needs and expectations (requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4)) of stakeholdersperson, group or organization that can affect or be affected by a company (see also ISO 26000, 2.20):
- staff
- customers, consumers
- competitors
- shareholders, investors
- external providers (suppliers, subcontractors, partners)
- organizations and branch associations
- statutory and regulatory authorities
The involvement of top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) at its highest level is truly indispensable. The advice of a consultant is often solicited. Determining the current status of the management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) (whole or partial) would be welcome at this stage. An external certificationwritten recognition by an independent organization of the conformity of a product, process or organization with requirements established in a standard (see also ISO/IEC Guide 2: 1996) body is chosen.
One of the key questions that arises quickly (step 2) is the need for this decision. If this is not really necessary or if the estimated costs of the certificationwritten recognition by an independent organization of the conformity of a product, process or organization with requirements established in a standard (see also ISO/IEC Guide 2: 1996) approach exceed the available resources, it is better to reject this idea immediately.
The benefits of implementing an artificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) are often:
- improved organizational image
- ethical and responsible development and use of the AI system
- better defined responsibilities and obligations (up-to-date legal obligations)
- reduced likelihood of AI incidents
- high level of risk management
- business interruptions avoided
- reduced insurance costs
- active employee involvement in the continual improvement of the AIMS
- strong integration of AI into business processes
- a competitive edge
- improved stakeholder confidence
- increased market share
- better financial performance
Benefits of a successful AIMSartificial intelligence management system implementation:
- regulatory conformity (European AI Act, GDPR)
- AI risk management (bias, security, compliance)
- reduction of legal, technical, and reputational risks
- increased reliability, traceability, and performance of AI practices and processes
- enhanced company value (responsible AI label)
- increased customer and partner trust
To prevent resistance to change from disrupting the companya structure that satisfies a need, some of the main challenges associated with adopting ISO 42001 and ways to overcome them are as follows:
- cultural resistance (teams are accustomed to informal processes or even working in silos and may perceive implementing the standard as additional bureaucracy)
- involve leaders from all areas from the start of workshops to raise awareness of the benefits of ISO 42001 certification (such as increased security, enhanced reputation, and improved operational efficiency)
- communicate the tangible gains that does the standard offer, such as reducing bias incidents in models or improving data quality
- appoint AI “ambassadors” in each department to work on naturally and progressively disseminating best practices internally
- technical complexity (as a new technology, it can be difficult to interpret the data governance, algorithmic risk assessment, and human oversight requirements of ISO 42001, which may require specific advanced expertise)
- partner with consulting firms specializing in AI governance and/or hire dedicated experts
- adopt an incremental approach, starting with pilot processes on low-risk projects before scaling up across the organization
- use open-source frameworks and tools that facilitate the implementation of explainability and oversight measures
- lack of internal skills (teams may not be familiar with risk management concepts, AI ethics, or conformity in the context of AI use)
- plan a continuing education program, combining face-to-face training, e-learning, and mentoring
- encourage certifications in responsible AI and other ISO standards that complement ISO 42001
- integrate ISO 42001 into career plans, recognizing and rewarding skills in this area and ensuring employees have a detailed understanding of the standard's requirements
- initial implementation cost (investments in consulting, technology, and training can be considered a budgetary barrier, especially in small businesses)
- develop a case study that quantifies the risks avoided (fines, rework, market share loss) relative to the investment, thus demonstrating the benefits of adopting ISO 42001 certification
- break down the expenditure into phases:
- diagnostic
- deployment
- pilot
- certification
- take advantage of grants, sectorial incentives or lines of credit for innovation and digitalization
- integration with existing processes (for companies using multiple applications, adapting existing systems and workflows to meet ISO documentation, audit, and continuous improvement requirements can be challenging)
- map current processes and identify points of convergence with the standard
- use data governance applications and platforms that connect to business intelligence systems and machine learning pipelines. To facilitate this, the ideal approach is to have a governance, risk, and compliance system
- document changes in an agile manner, using templates and checklists to simplify document management
- maintain conformity over time (after initial certification, it can be challenging to maintain ongoing follow-up audits and updates)
- establish regular internal audit cycles, with clear accountability within an AI governance committee
- integrate key performance indicators (KPIs) into company dashboards to actively monitor metrics such as bias rate, response time, and incidents
- foster a culture of feedback and continual improvement, where lessons learned generate periodic reviews of policies and procedures
More than one and a half million businesses worldwide cannot be wrong!
Naaia is a French company specializing in AI conformity and AI risk management. It aimed to lead the way in France, demonstrating that a comprehensive, operational, and certified approach is possible through an internationally recognized standard, thereby reassuring clients and partners.
Naaia obtained ISO 42001 certification on September 10, 2024, becoming the first French company certified to this standard and one of the first in Europe and the world. This certification attests to its commitment to ethical, responsible, and effective management of its artificial intelligence systems and also strengthens its position in the AI conformity market.
The third step shall determine whether this approach receives the approval of the staff. A communication campaign is launched in-house on the objectivesmeasurable goal to be achieved of an artificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) (AIMSartificial intelligence management system). The staff is aware and understands that, without their participation, the projecttemporary effort initiated with the goal of solving a problem cannot succeed.
Have confidence: success will come with the involvement and effort of all!
The vision (what we want to be), the mission (why we exist) and the business plan of the companya structure that satisfies a need are determined. The following step (4) includes the establishment of an outline of the AIartificial intelligence policy and objectivesmeasurable goal to be achieved. If you do not have a copy of the ISO 42001 standard, now is the time to get it (cf. sub-clause 2.1 of the present course).
Planning is the last step (5) of the projecttemporary effort initiated with the goal of solving a problem preparation for obtaining ISO 42001 certificationwritten recognition by an independent organization of the conformity of a product, process or organization with requirements established in a standard (see also ISO/IEC Guide 2: 1996) . A reasonable period is between 12 to 24 months (each companya structure that satisfies a need is unique and specific). The financial resources and staff are confirmed by top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1). A top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) representative is appointed as projecttemporary effort initiated with the goal of solving a problem leader. Top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) commitment is formalized in a documentany support allowing the treatment of information (see also ISO 9000, 3.8.5) communicated to all staff. A person is appointed as projecttemporary effort initiated with the goal of solving a problem leader for obtaining ISO 42001 certificationwritten recognition by an independent organization of the conformity of a product, process or organization with requirements established in a standard (see also ISO/IEC Guide 2: 1996) .
The establishment and implementation of an ISO 42001 artificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) are shown in figure 1-3.

Figure 1-3. AIMS implementation
Step 1 aims to identify and determine the processesactivities that transform inputs into outputs (see also ISO 9000, 3.4.1), interactions, owners, responsibilitiescapacity to make a decision alone and drafts of certain documentsany support allowing the treatment of information (see also ISO 9000, 3.8.5). The first versions of processactivities that transform inputs into outputs (see also ISO 9000, 3.4.1) sheets, job descriptions and work instructions are written with the participation of the maximum number of available persons.
The necessary resources to achieve the AIartificial intelligence objectivesmeasurable goal to be achieved are determined in step 2. Planning tasks, responsibilitiescapacity to make a decision alone and time frames are established. Training of internal auditorseveryone who is trained to carry out audits (see also ISO 19011, 3.8) is taken into account.
Step 3 allows you to set and implement methods for measuring the effectivenesscapacity to perform planned activities with minimum effort (see also ISO 9000, 3.7.11) and efficiencyfinancial relationship between achieved results and resources used (see also ISO 9000, 3.7.10) of each processactivities that transform inputs into outputs (see also ISO 9000, 3.4.1). Internal auditssystematic and independent survey to determine whether activities and results comply with pre-established measures and are capable of achieving the objectives (see also ISO 19011, 3.1) help to evaluate the degree of implementation of the systemset of interacting processes (see also ISO 9000, 3.5.1).
Nonconformitiesnon-fulfillment of a specified requirement (see also ISO 9000, 3.6.9) of all kinds are listed in step 4. A first draft for dealing with wasteanything that adds cost but no value is established. Corrective actionsaction to eliminate the causes of nonconformity or any other undesirable event and to prevent their recurrence (see also ISO 9000, 3.12.2) are implemented and documented.
A first encounter with the tools and application areas of continual improvementprocess allowing the improvement of the global performance of the organization (see also ISO 9000, 3.3.2) occurs in step 5. Riskslikelihood of occurrence of a threat or an opportunity (see also ISO Guide 73, 1.1) are determined, actions are planned and opportunitiesuncertain event that may have a favorable impact for improvement are seized. An approach to preventing nonconformitiesnon-fulfillment of a specified requirement (see also ISO 9000, 3.6.9) and eliminating causes is established. Internal and external communicationexchange of information is established and formalized.
To conduct the pre-audit of the AIMSartificial intelligence management system (step 6), documentation is checked and approved by the appropriate people. A management reviewperiodic survey carried out by top management of the management system for its continual improvement allows the evaluation of conformityfulfillment of a specified requirement (see also ISO 9000, 3.6.11) with applicable requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4). The AIartificial intelligence policy and objectivesmeasurable goal to be achieved are finalized. An AIartificial intelligence manager from another companya structure that satisfies a need or a consultant can provide valuable feedback, suggestions and recommendations.
When the systemset of interacting processes (see also ISO 9000, 3.5.1) is accurately implemented and followed, the certificationwritten recognition by an independent organization of the conformity of a product, process or organization with requirements established in a standard (see also ISO/IEC Guide 2: 1996) of the AIMSartificial intelligence management system by an external body is a breeze and just a formality (step 7).
An example of a certificationwritten recognition by an independent organization of the conformity of a product, process or organization with requirements established in a standard (see also ISO/IEC Guide 2: 1996) projecttemporary effort initiated with the goal of solving a problem plan with 26 steps is shown in annex 01.
An appropriate method for evaluating the performancemeasurable and expected results of the management system (see also ISO 9000, 3.7.8) of your artificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) is the RADAR logic model of excellence EFQM (European Foundation for Quality Management) with its nine criteria and overall score of 1000 points.
The Deming cycle (figure 1-4) is applied to control any processactivities that transform inputs into outputs (see also ISO 9000, 3.4.1). The PDCA cycles (Plan, Do, Check, Act) are a universal base for continual improvementprocess allowing the improvement of the global performance of the organization (see also ISO 9000, 3.3.2).
- Plan – define context, issues and processes, demonstrate leadership, establish policy and objectives (clauses 4, 5 and 6)
- Do – realize the product, treat risks, develop, implement and control processes, demonstrate leadership and bring support (clauses 5, 7 and 8)
- Check – compare, verify, evaluate risks, performance, inspect, analyze data, conduct audits and management reviews and demonstrate leadership (clauses 5, 9 and Annex A)
- Act – adapt, demonstrate leadership, treat nonconformities, react with corrective actions and find new improvements (new PDCA cycle), (clauses 5 and 10)
For more information on the Deming cycle and its 14 points of management theory, you can consult the classic book "Out of the crisis", W. Edwards Deming, MIT press, 1982.
