EU AI Act High-Risk Deadline Hits in Four Weeks: How ISO/IEC 42001 Can Help

The EU AI Act’s obligations for high-risk AI systems take effect on 2 August 2026. Organisations that develop, deploy, or use AI in safety-critical sectors, from medical devices and recruitment tools to credit scoring and infrastructure monitoring, will need to demonstrate conformity with documentation, risk management, human oversight, and transparency requirements. The question for most is how.

ISO/IEC 42001 is increasingly the answer. Published in December 2023, it is the world’s first certifiable AI management system standard. It follows the same Plan-Do-Check-Act structure as ISO 9001, ISO 14001, and ISO 27001, which means anyone already running an integrated management system will recognise the framework. Implementing ISO/IEC 42001 is estimated to cover around 70 percent of the EU AI Act’s high-risk documentation requirements. DNV, BSI, and Bureau Veritas are now accredited to certify against it, with DNV receiving its RvA accreditation earlier this year. Demand for lead auditor and lead implementer training has grown sharply through 2026 as the August deadline approaches.

For anyone working in risk management, quality, or information security, this is worth watching closely. ISO/IEC 42001 sits at the intersection of AI governance, management systems, and regulatory compliance. It is not a replacement for the EU AI Act, but it is the most structured and auditable path to demonstrating that your organisation governs AI responsibly. If your company uses AI in any decision support, monitoring, or assessment capacity, a gap analysis against 42001 is probably overdue.

SOURCE: ISO, standard page accessed July 2026. https://www.iso.org/standard/42001
DNV, certification page accessed July 2026. https://www.dnv.com/services/iso-iec-42001-artificial-intelligence-ai–250876/
ExamCert, ISO 42001 certification guide, May 2026. https://www.examcert.app/blog/iso-42001-ai-management-certification-2026/