Advancing Responsible AI for Enterprise Customers (Oracle ISO/IEC 42001 Certification)

Oracle has achieved ISO/IEC 42001:2023 certification for its AI services portfolio. As the industry's first AI certification standard, ISO/IEC 42001 helps organizations establish, deploy, and monitor comprehensive AI management systems (AIMS). Oracle's ISO/IEC 42001 adoption demonstrates that its AI-enabled products and services operate under clearly defined policies, objectives, and controls aligned with core responsible AI principles. This standard is widely expected to become the baseline for AI management systems. Oracle is among the first group of cloud providers to pursue it, strengthening its readiness for emerging regulations such as the EU AI Act.

What are the objectives of ISO/IEC 42001 compliance?

We know that AI systems, either using agentic components or generative models, may operate with inherent unpredictability. Their outputs can't always be guaranteed in advance. That's precisely why an AI management system is essential to prevent AI systems from negatively impacting internal and external stakeholders. Recent studies, such as McKinsey's “The state of AI in 2025: Agents, innovation, and transformation”, have highlighted that AI adoption isn’t blocked by lack of capabilities but by lack of trust in its usage. McKinsey (coming from a survey with 1,993 specialists in various industries) reports that 51% of organizations are facing new AI-related risks in adopting AI, the three risks being inaccuracy (30%), noncompliance with laws (19%), and lack of transparency (14%).

ISO/IEC 42001 promotes a structured framework for responsible AI governance, based on the following core principles:

1. Effectiveness: AI systems reliably achieve their intended purpose.
2. Fairness: Decisions remain unbiased and don't amplify societal risks.
3. Transparency: Know where and how AI is used and give stakeholders visibility and oversight.
4. Explainability: Outputs can be explained and justified to users.
5. Accountability: Clear ownership and auditability from end to end.
6. Reliability: Consistent performance, monitoring, and controlled changes.
7. Environmental impact: Efficient compute use, and a reduced energy footprint.
8. Safety: Guardrails and testing to prevent harmful and abusive outcomes.
9. Privacy: Data minimization and strong protection of personal data.

There's a saying: “Good compliance is good business.” Adopting ISO/IEC 42001 provides a responsible approach to AI provision and usage which in-turn leads to measurable business advantages such as improvements in brand reputation, customer loyalty, operational efficiency, revenue growth and employee engagement.

How does ISO/IEC 42001 relate to other ISO/IEC standards?

ISO/IEC 42001 doesn't replace Oracle's existing security and compliance certifications; rather it complements them. A robust AIMS needs to rely on robust security and privacy principles to protect customer data and cloud infrastructure. This is the reason why ISO/IEC 42001 controls are linked to other industry-recognised standards including ISO/IEC 27001, SOC-2 audit reports (for security), and ISO/IEC 27701 (for privacy). With this integrated approach, ISO/IEC 27001 builds governance in terms of information security management systems, and ISO/IEC 42001 adds the AI intelligence layer on top, i.e., the AI management systems.

The ISO/IEC 42001 structure is largely based on ISO/IEC 27001:2022. The ISO website offers access to a preview version of the ISO/IEC 42001:2023 standard. The complete document can also be purchased. Both standards share the same management DNA, risk frameworks, plan-do-check-act (PDCA) cycles, leadership governance, and continuous monitoring. Organizations can leverage information used in prior ISO/IEC certifications on existing policies, governance structures, audit programs, and documentation templates when applying for ISO/IEC 42001 certification.

Customer benefits arising from Oracle's ISO/IEC 42001 certification and responsible AI strategy.

If you're working toward your own AI governance requirements, Oracle's certified framework provides a credible foundation you can build on. Organizations receive ISO/IEC 42001 certification through accredited bodies that have earned recognition from international accreditation organizations. Such credentials signal reliability and legitimacy, as they result from impartial assessment processes. For Oracle, the issuing organization was Schellman Compliance, LLC, which holds accreditation from the ANSI National Accreditation Board to certify against ISO standards.

Customers using Oracle's certified AI services, inherit key elements of the management system contained in Oracle's IaaS/PaaS and SaaS products, such as risk assessment methodologies, monitoring mechanisms, and governance procedures that all meet internationally recognised standards. These controls work behind the scenes to support you in achieving your own AI governance objectives

• Giulio Faini, Master Principal Technologist, EMEA SaaS Security and Privacy, Orcle

  Giulio specializes in AI compliance and security within the EMEA pre‑sales organization. He works closely with customers to align governance requirements with Oracle’s approach to safe, transparent, and responsible AI. He also supports broader compliance initiatives across Oracle Cloud, helping bridge innovation, regulatory expectations, and customer trust. Giulio has 20+ years of experience in technology and consulting roles across multiple industries, leading complex, high‑impact initiatives.

• John Menhinick, Senior Director, AI Value Team, Oracle

  John is a member of the AI value team at Oracle. After a career in data consultancy, analytics and product management, John joined the Fusion AI team in Oracle’s product development function working closely with AI engineers and product managers who imbued the Fusion application suite with classic, generative and agentic AI capabilities. John combines this knowledge with his broader data experience to help customers understand, adopt and scale use of AI to automate workflows and improve business performance. John supports customers across the EMEA region as they look to leverage value from AI in a way that complements their broader business strategies and to assess its value contribution.