Everything an Australian organisation needs to know about getting ISO/IEC 42001:2023 certified — the first international management system standard for Artificial Intelligence. Covers the typical timeline, real costs in AUD, how it interacts with ISO 27001 and the EU AI Act, and how to pick a Lead Implementer course.
ISO/IEC 42001 is the first international management system standard for Artificial Intelligence Management Systems (AIMS). Published in December 2023 by ISO and IEC. The standard tells an organisation how to govern AI: how to plan AI use cases, identify and treat AI-specific risks (bias, drift, opacity, privacy, safety, intellectual property), embed human oversight, manage data quality, audit performance, and continually improve. Structurally, ISO 42001 mirrors ISO 27001 — the same Annex SL High-Level Structure runs through both.
The Australian Government published the Voluntary AI Safety Standard in 2024 and is consulting on mandatory guardrails for high-risk AI use cases. ISO 42001 is the international certifiable companion. Most likely candidates: SaaS companies that have shipped AI features, companies selling into the EU (EU AI Act alignment), Australian government suppliers using AI, and healthcare/finance/legal AI applications where regulators ask how models are governed.
For an Australian SMB that already has ISO 27001 in place, 10–14 weeks of readiness followed by a Stage 1 / Stage 2 audit. Greenfield (no ISMS) takes 16–22 weeks. Audit booking is the bottleneck — most JAS-ANZ recognised certification bodies are still building ISO 42001 audit capability.
PECB training through Aegentra Academy: ISO 42001 Foundation $399 AUD, ISO 42001 Lead Implementer $849 AUD, ISO 42001 Lead Auditor $849 AUD. Organisational certification: readiness $22k–$45k (with existing ISMS), Stage 1+2 audit $10k–$22k, annual surveillance $5k–$10k, re-certification $9k–$17k.
ISO 42001 is not a replacement for ISO 27001 — the two are complementary. Most Australian AI-led SaaS companies do ISO 27001 first (because the wider buyer base understands it) and then add ISO 42001 within 6–12 months. ISO 42001 is widely expected to be one of the harmonised standards European regulators reference for the EU AI Act.