2.3 — Annex A Controls
Annex A of ISO 42001 contains 38 normative controls organized across multiple domains. These controls are not optional in the traditional sense — organizations must consider each control and either implement it or provide documented justification for its exclusion in a Statement of Applicability (SoA). This mirrors the approach used in ISO 27001's Annex A.
| Domain | Focus Area | Example Controls |
|---|---|---|
| A.2 — AI Policies | Organizational AI policy framework | AI policy aligned with organizational objectives; communication of policies to stakeholders |
| A.3 — Internal Organization | Roles, responsibilities, and reporting | Assignment of AI responsibilities; separation of duties in AI development/deployment |
| A.4 — Resources for AI Systems | Data, tools, infrastructure, and compute | Data management processes; infrastructure provisioning; toolchain management |
| A.5 — Assessing Impacts of AI Systems | AI impact assessment processes | Pre-deployment impact assessment; ongoing monitoring of AI system impacts on individuals and society |
| A.6 — AI System Lifecycle | Design, development, testing, deployment, operation, retirement | Requirements specification; design documentation; verification and validation; change management |
| A.7 — Data for AI Systems | Data quality, provenance, and governance | Data acquisition; data quality management; data labeling; bias in data; privacy protections |
| A.8 — Information for Interested Parties | Transparency and communication | Disclosure of AI system use; explanation of decisions; communication with affected parties |
| A.9 — Use of AI Systems | Responsible use policies and practices | Responsible use policies; human oversight requirements; monitoring of use |
| A.10 — Third-party / Supply Chain | External AI components and providers | Due diligence on third-party AI; contractual requirements; supply chain risk management |
AI Impact Assessment controls (A.5) are particularly important. Organizations must assess the potential impact of AI systems on individuals, groups, and societies before deployment. This assessment must consider impacts on human rights, fairness, transparency, accountability, safety, and the environment. Impact assessments must be reviewed and updated throughout the AI system lifecycle.
Data Management controls (A.7) address data quality, data provenance, data labeling, data preprocessing, bias in data, and privacy-preserving techniques. Organizations must ensure training data is representative, appropriate for the intended use, and free from harmful biases. Data lineage must be documented.
AI System Lifecycle controls (A.6) cover every phase from design through retirement. Each phase has specific requirements including documentation, review, and approval processes. Testing must include functional testing, performance testing, fairness testing, and security testing.
Third-party and Supply Chain controls (A.10) require due diligence on AI components sourced from external providers, including open-source models, APIs, and datasets. Organizations remain responsible for AI risks even when using third-party components — outsourcing does not transfer risk accountability.
Every Annex A control must be addressed in the Statement of Applicability (SoA). For each of the 38 controls, the organization must either implement the control with evidence of implementation, or provide a documented, risk-based justification for its exclusion. Simply ignoring a control is a nonconformity that auditors will flag. This is one of the most common audit findings.