### Introduction
The world of artificial intelligence (AI) is undergoing a crucial moment with the adoption of the new European regulation, known as the “AI Act.” This legislative measure, approved by the European Parliament in March 2024, represents a milestone in the effort to regulate a rapidly expanding and challenging sector. The AI Act establishes a legal framework for managing artificial intelligence systems, taking into account not only the classification of systems based on their risk but also the role of the organizations involved, which can be providers, users, or distributors of such systems.
### The ISO/IEC 42001:2023 Standard
In this context, one of the most important developments is the introduction of the ISO/IEC 42001:2023 standard. This standard, the first of its kind, provides guidelines for the creation, implementation, and maintenance of an artificial intelligence management system (AIMS) within organizations. It is designed to be applicable to entities of any size and sector that use or provide AI-based products and services.
The primary purpose of ISO/IEC 42001:2023 is to assist organizations in developing and managing artificial intelligence systems responsibly, while meeting legal obligations and stakeholder expectations. It addresses various fundamental issues, including ethics, transparency, and the need for continuous learning.
### Annexes of the Standard
One of the most significant aspects of ISO/IEC 42001:2023 is the presence of several annexes that provide valuable guidance. Annex A, for instance, outlines specific control objectives and the corresponding measures to achieve them. These controls offer organizations a framework for managing and monitoring artificial intelligence systems, emphasizing that not all controls must be implemented mandatorily. Each entity can develop and implement its own approaches based on its circumstances.
### Areas of Interest in the Standard
A key pillar of the ISO standard is the clear definition of responsibilities within the organization. Top management must commit to ensuring the compliance of the management system with regulatory requirements. This also means effectively communicating these responsibilities at all levels of the organization. Therefore, it is essential that each team member understands their role and the impact they may have on the efficiency of the system.
Areas that may require specific management include risk management, impact assessment of artificial intelligence systems, privacy, data management, and system development. These aspects require special attention to ensure that AI operates according to established ethical and legal principles.
### Management Responsibilities
Management plays a crucial role in the implementation of the standard. Among its responsibilities, top management must draft and implement an artificial intelligence policy that guides the development and use of such systems. This policy must be consistent with the organization’s objectives and values and must commit to ensuring continuous improvement.
Additionally, employees assigned specific responsibilities must be adequately trained and must have a clear understanding of their functions and the benefits that come from the efficient use of artificial intelligence. Documenting these policies is crucial as it can significantly influence the overall effectiveness of the management system.
### ISO 42001:2023 and Risk
One of the focal points of the ISO/IEC 42001:2023 standard is risk management. Organizations must differentiate between acceptable and unacceptable risks, conducting analyses that consider the potential consequences for the company, its employees, and society as a whole.
To address risks, companies must… (the text appears to be truncated and is not complete).
