I implemented an ISO 42001-certified AI Governance program in 6 months
10 comments
·November 15, 2025Alex2037
>Or can we follow the decades of experiences built when developing new technologies like planes, trains, and automobiles? Indeed, we can.
do we regulate any software the way we regulate planes? operating systems? compilers? web browsers?
OtherShrezzing
Well for starters, the software that runs on planes.
reed1234
I feel like for software it depends on the use case, not the technology. There a plenty of laws about software use cases such as data storage and privacy compliance etc.
markerz
Health care software with HIPPA compliance? Or SOC2? It’s not the same but it’s a high degree of regulation.
aleks5678
Who audits compliance?
simonjgreen
An internal audit is how you go from gap assessment to ready for external audit.
External auditors should be selected by looking for ones who themselves are audited by your regional government auditing body. Eg if you wanted to be audited and certified for ISO27001, and you happened to be in UK, you may choose BSI as your external auditor, who themselves are audited by UKAS.
It’s a web of trust model.
The purpose of these certificates are to shortcut compliance checks by your customers (or in some cases suppliers).
null
null
null
Thanks a ton for posting this ! I have been looking for just such material on implementing AI Governance (at a non profit, if that matters). The whole literature and research listed there is super helpful to me.
Thanks Beatrice