AI in companies improves responsiveness, speeds up processes, and reduces costs. At the same time, however, it affects decisions related to customers, employees, and business partners. That’s why the use of AI raises not only technical questions but also ethical, legal, and organizational dilemmas.

Do you remember the early days of GDPR? It seemed as though all documentation would need to be rewritten overnight and that consent would be required for every click. Over time, however, it became clear that the regulation brought more trust, clearer responsibilities, and better control over personal data into the workplace. It became a welcome foundation for digital hygiene in companies.

Now, it’s AI’s turn.

What is ISO 42001 and why should it matter to anyone using AI?

ISO 42001 is the first international standard that helps companies manage artificial intelligence responsibly. It’s not about limiting the use of AI but about creating a framework that organizes processes, roles, and responsibilities in AI usage.

Among other things, it raises questions such as:

• How to identify the risks that AI brings?
• Who is responsible for the decisions made by an AI system?
• How to ensure that AI works transparently and provides traceable results?
• When should a human still make the final decision?

The standard is designed for companies that want to clearly understand what they have implemented, why, and how they are managing it. Even if certification is (still) not mandatory, the principles of ISO 42001 form the foundation of best practices in the use of artificial intelligence.

It also complements existing standards such as ISO 27001 (information security), ISO 9001 (quality management), and legislation like GDPR (especially when AI processes personal data) and the AI Act (Artificial Intelligence Act, more about it here). Together, they form a comprehensive system that helps companies build trust, transparency, and resilience, even in times of rapid technological development

Does it apply to you?

ISO 42001 is not tied to company size but to the level of responsibility AI takes on in your processes. Even if your company uses AI only for customer support, HR processes, or analyzing simple data, the answer is yes.

It also doesn’t matter whether you developed your own AI model or use solutions from others. The key question is whether AI contributes to your decision-making—and the awareness that you are the one ultimately responsible.

The standard applies to:

• companies developing their own AI models,
• teams using external AI tools such as ChatGPT, Gemini, etc. (for AI support, text generation, automatic data classification),
• organizations just considering implementing AI,
• industries with higher safety, ethical, and compliance requirements (e.g., healthcare, finance, public sector).

What can you gain from compliance (besides peace of mind)?

Compliance is not just a bureaucratic checkbox—it’s a tool for structured business growth both externally and internally. It helps you build trust with customers, partners, and regulators, and it reduces risks in AI usage—especially in terms of biased results.

You may also gain a significant advantage in EU public tenders, where compliance with standards is becoming an important evaluation criterion. Finally, you can save yourself considerable time and headaches by preparing now for legislation that will likely tighten AI regulations further.

Clearly defined AI processes also foster internal alignment—responsibilities are clearer, decisions are traceable, and team members can make more informed choices.

Kalmia makes the transition to AI-driven business easier

At Kalmia, we have been advising companies for many years on digital transformation, automation, and AI implementation—which means we understand exactly what compliance means in practice.

We help you lay solid foundations and focus on:

• assessing your current approach to AI and identifying potential risks in your business,
• aligning AI solutions with ISO 42001 principles,
• preparing documentation, policies, and procedures,
• and getting your team ready for possible internal or external audits.

If AI is becoming part of your business, then ISO 42001 is becoming part of your responsibility.

Together, we can identify where AI can bring you even more benefits—while staying within the boundaries of compliance with the legal frameworks currently regulating artificial intelligence.

Sign up for a free consultation or contact us at info@kalmia.si.