There is a new line item appearing in enterprise voice AI questionnaires, and most vendors are not ready for it. Somewhere between the security review and the data processing agreement, a procurement lead now writes: "Are you ISO 42001 certified?" Two years ago that question did not exist, because the standard did not exist. ISO/IEC 42001:2023 — the world's first management system standard for artificial intelligence — was published in December 2023. By 2026 it has begun doing to AI procurement what SOC 2 did to SaaS procurement a decade ago: turning a voluntary good practice into a default filter that quietly removes vendors who cannot answer.
This post is for the enterprise buyer who has seen the acronym in a board paper or a competitor's trust centre and needs to know what it actually means before they put it in an RFP — and for the deployer building or orchestrating voice AI in-house who is wondering whether they should certify. We will be precise about three things the open-web primers consistently get wrong: what ISO 42001 certifies (and what it pointedly does not), how it relates to the EU AI Act and GDPR (the answer is more subtle than "it covers you"), and how to read a vendor's certificate so a meaningless claim cannot pass for a meaningful one.
This guide is shipped by the team behind Dilr Voice — enterprise voice AI live in 40+ countries. For the management-system work behind a certification claim, see DATS, our five-stage AI methodology.
Why a governance standard became a buying signal
The macro picture explains the demand. In 2026, McKinsey's State of AI work puts roughly 88% of enterprises using AI in some form, but only about 6% capturing material EBIT impact — and AI leaders earning around 2.5× the EBIT effect of their peers. The gap between using AI and getting paid for it is not a model-quality gap. It is a governance gap: the leaders have the controls, the documentation, the risk process, and the accountability that let them scale past the pilot. Procurement has noticed. A buyer cannot inspect your training data or your model weights, but they can ask whether you run a credible management system around them — and a third party's certificate is the cheapest available proxy for that answer.
That is the same logic that made SOC 2 unavoidable. No enterprise buyer reads a vendor's access-control configuration; they ask for the report and move on. ISO 42001 is being adopted into the same slot for AI — and voice AI sits at the sharp end of it, because a voice agent makes decisions, processes special-category data, and speaks to a member of the public without a human in the loop. If you are already mapping the regulatory surface for voice, our guide to voice AI architecture for regulated industries is the companion to this one; this post zooms in on the certification layer specifically.
A word of honesty before we go further: there is no credible public statistic for how many enterprises "require" ISO 42001 today, and you should distrust any post that quotes one. The signal is real but early. What we can say with confidence is the direction — vendor security questionnaires are starting to carry the line, the major cloud and AI platforms are pursuing certification, and the standard is referenced in enterprise AI governance policy. Treat it as the SOC 2 of 2014: not yet mandatory, rapidly becoming expected.
What ISO 42001 actually is
ISO/IEC 42001 is a management system standard. That phrase is the whole point, and it is the source of nearly every misunderstanding. A management system standard does not certify a product, a model, or an outcome. It certifies that an organisation runs a structured, documented, continually-improving system for governing the thing in question. ISO 9001 certifies a quality management system, not that every product is perfect. ISO 27001 certifies an information security management system, not that you will never be breached. ISO 42001 certifies an AI management system (AIMS) — not that your voice agent is safe, accurate, or unbiased, but that you have a credible apparatus for making it so and keeping it that way.
Structurally, ISO 42001 follows the same Annex SL "high-level structure" that every modern ISO management standard shares, which is why it slots neatly alongside an existing ISO 27001 programme. The core requirements live in clauses 4 through 10: understanding the organisation and its context, leadership and an AI policy, planning that is driven by AI risk assessment and impact assessment, support and resources, operation, performance evaluation, and improvement. It runs on the familiar Plan-Do-Check-Act cycle. If your security or quality team has been through an ISO audit before, the machinery will feel immediately recognisable.
What makes 42001 specific to AI is Annex A — a set of around three dozen controls grouped under objectives, with implementation guidance in Annex B and AI-specific risk sources in the further annexes. The control objectives cover, among others: policies for AI; internal organisation and accountability; resources for AI systems (data, tooling, compute, human competence); assessing the impacts of AI systems on individuals and groups; the AI system lifecycle (responsible design, development, verification, deployment, operation and monitoring); data for AI systems (provenance, quality, preparation); information for interested parties (what you tell users and affected people); responsible use of AI systems; and third-party and customer relationships. Read that list again with a voice agent in mind and you can already see why this standard fits voice deployments better than almost any other technology — every one of those control areas maps to a real, contestable decision in a voice programme. We will do that mapping in detail below.
The certification itself is issued by an accredited certification body — a third party that audits you against the standard. Accreditation matters: in the UK that flows through UKAS, and internationally through the IAF mutual-recognition arrangement. A certificate from an accredited body carries weight; a "certificate" from an unaccredited consultancy that also sold you the implementation does not. The audit runs in two stages — a stage 1 readiness and documentation review, then a stage 2 certification audit against the controls — and the resulting certificate is typically valid for three years, with annual surveillance audits in between and a full recertification at the end of the cycle. As with ISO 27001, the central artefact is a Statement of Applicability: the document that says which controls apply, which are excluded, and why.
ISO 42001 vs SOC 2 vs the regulations — the distinction buyers get wrong
Because everyone reaches for the SOC 2 analogy, it is worth being precise about where it breaks. SOC 2 is not a certification at all — it is an attestation report produced by a licensed CPA firm under the AICPA's Trust Services Criteria, delivered as a Type I (controls at a point in time) or Type II (controls operating over a period) report that you read. ISO 42001 is a certification against an international standard, issued by an accredited body, expressed as a certificate with a defined scope. The practical difference for a buyer: with SOC 2 you read the report and form your own judgement on the exceptions; with ISO 42001 you are trusting the accredited body's pass/fail judgement, so the scope of the certificate is the thing you must interrogate (more on that shortly).
The more consequential confusion is regulatory, and getting it wrong will cost you credibility in a legal review. ISO/IEC 42001 is not a harmonised standard under the EU AI Act, and certification therefore confers no presumption of conformity with the Act. This is not a technicality. Under the AI Act, presumption of conformity flows only from harmonised standards published in the Official Journal of the EU — and those harmonised standards are being developed separately by CEN-CENELEC's JTC 21 in response to the European Commission's standardisation request. ISO 42001 is an ISO/IEC standard developed through a different route. So a vendor (or an internal team) cannot truthfully say "we are ISO 42001 certified, therefore we satisfy the EU AI Act."
What ISO 42001 does do for AI Act readiness is real and worth stating positively: it operationalises the governance machinery the Act demands of high-risk systems — risk management, technical documentation, record-keeping and logging, transparency, human oversight, and an overarching quality management system. A mature AIMS is strong evidence of due diligence and makes a future conformity assessment far less painful. But a high-risk voice deployment still needs its own conformity assessment, and the disclosure and transparency duties — including the Article 50 obligations that bite from August 2026 — apply regardless of any certificate. The same separation holds for data protection: ISO 42001's data-governance and impact-assessment controls support GDPR compliance, but they do not replace a lawful basis, a Data Protection Impact Assessment, or the specific obligations that attach to voice biometric and special-category data. Certification is a governance proxy, not a regulatory shield.
| Instrument | What it is | Who issues it | What it actually proves |
|---|---|---|---|
| ISO/IEC 42001 | AI management system certification | Accredited certification body (e.g. UKAS-accredited) | You run a credible, audited governance system for AI |
| SOC 2 | Attestation report (Type I / II) | Licensed CPA firm (AICPA criteria) | Security/availability controls were designed (and, for Type II, operated) |
| GDPR | Data protection law | Statute; enforced by the ICO / EU DPAs | Nothing on its own — compliance is your ongoing legal obligation |
| EU AI Act | Product-safety style regulation | Statute; conformity via assessment + harmonised standards | Conformity for high-risk systems — not conferred by ISO 42001 |
Annex A through the voice lifecycle
This is where a voice-specific reading of ISO 42001 earns its keep, because the generic primers stop at "the standard has controls for data and lifecycle." For a voice deployment, each control objective has a concrete, auditable meaning — and each maps to a decision your team is already making (or avoiding). Here is the translation.
Policies and internal organisation (who owns the agent's behaviour). Annex A expects a documented AI policy and clear accountability. For voice, the auditable question is brutally specific: who signs off on a change to the agent's system prompt, its escalation thresholds, or the model it runs on? In most stalled programmes the answer is "the vendor changed it and nobody approved it." A credible AIMS names an owner for agent behaviour and keeps a change record — which is also the spine of voice AI auditability and explainability.
Assessing the impacts of AI systems. The standard requires an AI system impact assessment — distinct from, but adjacent to, a GDPR DPIA. For voice, the impactful moment is the automated decision: an agent that declines a claim, sets a price, or refuses a request may be making a decision with legal or significant effect on the caller, which pulls in human-intervention rights and demands a documented assessment of who is affected and how. This is the control that forces the conversation most teams skip until legal blocks the deal.
Data for AI systems. Provenance, quality, and preparation of data — for voice this is call recordings, transcripts, and any data used to tune or evaluate the agent. The auditor will want to see where that data lives, how long it is kept, and how it moves. That maps directly onto your voice AI data retention policy and, for multi-region callers, your cross-border data transfer controls. "We record everything and keep it forever" fails this control.
AI system lifecycle. Responsible development, verification, deployment, and ongoing monitoring. For voice, this is prompt and script versioning, pre-release testing, and the monitoring that catches drift after a model swap — the difference between a controlled deployment and a black box. It is also where the build-versus-buy decision shows up in the audit, because your lifecycle controls look very different depending on whether you build, orchestrate, or buy your voice stack.
Third-party and customer relationships. This is the control that catches voice AI vendors off guard, because a voice agent is a supply chain: an ASR (speech-to-text) provider, a TTS (text-to-speech) voice, one or more LLMs, and a telephony carrier — often four vendors behind one "AI agent." Annex A expects you to allocate responsibilities across that chain and assure the suppliers in it. A certificate scope that quietly excludes the model and speech providers is certifying the thin orchestration layer and almost nothing of the risk.
Information for interested parties. What you tell the person on the call and the people affected by the system. For voice this folds in disclosure (the caller's right to know they are speaking to AI) and the documentation a regulator or enterprise customer can demand. It is the governance counterpart to the transparency duties we cover in our EU AI Act voice obligations guide.
The honest framing for an internal team: ISO 42001 does not invent any of these obligations — most of them already follow from GDPR, the AI Act, or plain operational sense. What it does is force them into a single, audited system with an owner and a paper trail. If you have already stood up an enterprise AI voice governance framework, 42001 is largely the work of making that framework auditable rather than aspirational; this post deliberately hands the framework-design detail to that guide and stays on the certification layer.
| Annex A control area | Voice-specific meaning | Evidence an auditor expects |
|---|---|---|
| AI policy & accountability | Named owner for agent behaviour and changes | Policy doc, change-approval record, RACI |
| AI system impact assessment | Automated voice decisions and who they affect | Impact assessment, human-intervention design |
| Data for AI systems | Recordings, transcripts, tuning/eval data | Retention schedule, residency map, minimisation |
| AI system lifecycle | Prompt/script versioning, model-swap monitoring | Version history, test logs, drift monitoring |
| Third-party relationships | ASR / TTS / LLM / telephony supply chain | Supplier assurance, responsibility allocation |
| Information for interested parties | AI disclosure, user & affected-party info | Disclosure script, documentation pack |
What a certificate actually proves — and the scope-statement trap
Here is the single most important thing a buyer can learn about ISO 42001, and it is the thing the badge on a trust page never tells you: a certificate is only as meaningful as its scope statement. Certification is granted against a defined scope — a specific set of AI systems, processes, sites, or business units. A large organisation can be genuinely, accreditedly ISO 42001 certified for, say, its internal HR-screening AI, and display that certificate while its voice product sits entirely outside the certified scope. The badge is real. The relevance to your purchase is zero.
So the certificate is not a yes/no signal; it is a scope signal, and scope is where claims go to hide. A second hiding place is the supply chain we just described: a vendor can scope their AIMS around the orchestration layer they wrote while excluding the ASR, TTS, and LLM providers that carry most of the model risk. A third is the Statement of Applicability — the document that records which Annex A controls were applied and which were excluded with justification. An exclusion is legitimate (not every control applies to every organisation), but a SoA that excludes the data, lifecycle, or third-party controls for a voice product is excluding precisely the parts that matter. Reading the SoA, not the certificate image, is how you tell a substantive certification from a decorative one.
Finally, certification is a point-in-time-plus-surveillance regime, not a permanent state. The certificate carries a date and a cycle; between audits, the organisation is trusted to maintain the system. A certificate from three years ago with no evidence of surveillance audits is a question, not an answer. None of this makes ISO 42001 weak — it makes it informative, which is exactly what you want from a procurement signal. You just have to read it properly.
How to interrogate a vendor's ISO 42001 claim
This is the artefact to take into your next voice AI evaluation. When a vendor says "we're ISO 42001 certified," do not record a tick — run these questions. It is the voice-specific complement to the broader enterprise voice AI vendor checklist, and it filters decorative claims from real ones in about ten minutes.
- Show me the certificate and its scope statement. Does the scope explicitly name the voice product you are buying — or a different system entirely?
- Who is the certification body, and are they accredited? An accredited body (UKAS-accredited in the UK, or an IAF signatory) — not a self-issued or consultancy "certificate".
- Where are you in the surveillance cycle? Date of certification, last surveillance audit, next recertification. A stale certificate with no surveillance is a flag.
- Does the scope include your model and speech supply chain? ASR, TTS, and LLM providers — or only the orchestration layer the vendor built?
- Can I see the relevant parts of the Statement of Applicability? Are the data, lifecycle, and third-party controls applied — or excluded?
- How does the AIMS handle a change to our agent's behaviour? Prompt changes, model swaps, escalation-threshold changes — who approves, and is it logged?
- Does certification cover the deployment region's data residency? Or is the certified scope a different jurisdiction to where our calls will be processed?
A vendor with a substantive certification will answer these comfortably and produce documents. A vendor relying on a decorative badge will deflect to the badge. That asymmetry is the entire value of the question set — and it is exactly the kind of evidence-led filtering that separates a real AI voice platform selection process from a feature-comparison spreadsheet.
Want to pressure-test a vendor's claim against a live system? Try Dilr Voice directly, book an AI placement diagnostic to scope where governance actually gates your deployment, or read how we think about placing AI inside enterprise systems in our approach.
The certification journey — for deployers who build in-house
If you orchestrate or build your own voice AI rather than buying it, ISO 42001 is not just a question you ask vendors — it is a programme you may need to run yourself, especially if you sell to regulated enterprises who will start asking you the questions above. The path is recognisable to anyone who has done ISO 27001, and it is a governance build before it is an audit. The phases below are illustrative of the engagements we run rather than a fixed market timetable, but the sequence is stable.
Step 01 — Gap analysis. Map your current voice governance against the clauses and Annex A controls. Most teams discover they already do half of it informally; the gap is documentation and ownership, not capability.
Step 02 — AIMS design and scope. Decide the scope deliberately — and resist the temptation to scope it down to something easy that does not include the voice product. The scope you certify is the scope buyers will scrutinise. This is an operating-model decision, which is why we treat it inside our AI operating model consulting rather than as a documentation exercise.
Step 03 — Statement of Applicability. Record which controls apply, which are excluded, and the justification. For a voice deployment, expect to apply the data, lifecycle, third-party, and impact-assessment controls in full.
Step 04 — Implement and evidence. Stand up the change-approval process, the impact assessments, the supplier assurance, the monitoring. The artefacts here double as evidence for adjacent obligations — an AI tool inventory satisfying ICO, FCA, and EU AI Act expectations is the same inventory the auditor wants.
Step 05 — Internal audit and management review. Test your own system before the certification body does. This is also where an incident-response runbook for voice AI gets exercised — the auditor wants to see that you have rehearsed failure, not just documented it.
Step 06 — Stage 1 and Stage 2 certification. The readiness review, then the certification audit. After that, surveillance becomes part of your operating cadence, not a project — which is the point of a management system in the first place.
For a regulated buyer or seller, the discipline 42001 imposes also makes the commercial paperwork easier: the same governance evidence supports the contract clauses enterprise legal demands and the service levels that actually bind a vendor to its promises. Governance maturity is not a cost centre; it is what lets you sign bigger deals faster, and it is the through-line in the CFO's procurement questions for any 2026 voice purchase. It also sits inside the wider UK regulatory frame, where the FCA's AI governance expectations increasingly reward demonstrable management systems over ad-hoc assurances.
Should you require ISO 42001 from your voice vendors today?
The pragmatic answer for 2026: prefer it, do not yet mandate it — but mandate the substance. A hard requirement today would eliminate strong vendors who are mid-certification, including specialist voice platforms whose governance is excellent but who have not yet completed a stage 2 audit. A wiser RFP posture is to score certification as a meaningful positive, require a credible roadmap to it where it is absent, and — critically — ask the substance questions from the checklist above regardless of whether the badge is present. A vendor who can answer the scope, supply-chain, change-control, and data-residency questions well is a safer bet than one who waves a narrowly-scoped certificate and cannot.
That posture also future-proofs you. The trajectory is clear: as harmonised standards land for the EU AI Act and as enterprise buyers standardise their AI questionnaires, certification will move from differentiator to default — the SOC 2 path again. Buyers who learn to read the certificate properly now will not be fooled by decorative badges later, and sellers who build the management system now will clear procurement while their competitors are still arguing about whether they need to.
Frequently asked questions
Is ISO 42001 mandatory for voice AI?
No. ISO/IEC 42001 is a voluntary international standard, not a law. No regulation currently requires it. However, it is increasingly requested in enterprise procurement and vendor security questionnaires — the same trajectory SOC 2 followed in SaaS. Treat it as rapidly-becoming-expected rather than legally required.
Does ISO 42001 certification mean we comply with the EU AI Act?
No, and claiming so is a credibility risk. ISO 42001 is not a harmonised standard under the EU AI Act, so it confers no presumption of conformity. The harmonised standards are being developed separately by CEN-CENELEC JTC 21. Certification operationalises governance that supports AI Act readiness and demonstrates due diligence, but high-risk systems still require their own conformity assessment, and obligations like Article 50 disclosure apply regardless.
How is ISO 42001 different from SOC 2?
SOC 2 is an attestation report produced by a CPA firm under AICPA criteria — you read the report and judge the exceptions yourself. ISO 42001 is a certification against an international standard, issued by an accredited certification body, expressed as a certificate with a defined scope. With ISO 42001 the scope statement is the thing to scrutinise; with SOC 2 it is the report's exceptions.
What does an ISO 42001 certificate actually cover?
Only what its scope statement says it covers. An organisation can be certified for one AI system and not another, so a vendor can hold a genuine certificate that excludes the voice product you are buying. Always read the scope statement and the Statement of Applicability — particularly whether the data, lifecycle, and third-party (ASR/TTS/LLM) controls are in scope — rather than trusting the badge alone.
How long does ISO 42001 certification take?
It varies by organisation maturity, but the path is gap analysis, AIMS design and scope, Statement of Applicability, control implementation, internal audit, then stage 1 and stage 2 audits. Teams with an existing ISO 27001 programme move faster because the management-system machinery is reusable. The certificate then runs on a roughly three-year cycle with annual surveillance audits. The figures here are illustrative of engagements, not a fixed market standard.
Build the management system, not just the agent.
30-min scoping call · No deck · Confidential. We'll tell you whether you need certification, what scope to certify, and where the governance actually gates your voice deployment.
Written by the Dilr.ai engineering team — practitioners who ship enterprise AI in production. Follow us on LinkedIn for shipping notes, or subscribe via the RSS feed.