DISC InfoSec blogAligning with ISO 42001:2023 and/or the EU Artificial Intelligence (AI) Act

Jun 19 2025

Aligning with ISO 42001:2023 and/or the EU Artificial Intelligence (AI) Act

Category: AI,Information Security — disc7 @ 9:14 am

Mapping against ISO 42001:2023 and/or the EU Artificial Intelligence (AI) Act

The AI Act & ISO 42001 Gap Analysis Tool is a dual-purpose resource that helps organizations assess their current AI practices against both legal obligations under the EU AI Act and international standards like ISO/IEC 42001:2023. It allows users to perform a tailored gap analysis based on their specific needs, whether aligning with ISO 42001, the EU AI Act, or both. The tool facilitates early-stage project planning by identifying compliance gaps and setting actionable priorities.

With the EU AI Act now in force and enforcement of its prohibitions on high-risk AI systems beginning in February 2025, organizations face growing pressure to proactively manage AI risk. Implementing an AI management system (AIMS) aligned with ISO 42001 can reduce compliance risk and meet rising international expectations. As AI becomes more embedded in business operations, conducting a gap analysis has become essential for shaping a sound, legally compliant, and responsible AI strategy.

Feedback:
This tool addresses a timely and critical need in the AI governance landscape. By combining legal and best-practice assessments into one streamlined solution, it helps reduce complexity for compliance teams. Highlighting the upcoming enforcement deadlines and the benefits of ISO 42001 certification reinforces urgency and practicality.

The AI Act & ISO 42001 Gap Analysis Tool is a user-friendly solution that helps organizations quickly and effectively assess their current AI practices against both the EU AI Act and the ISO/IEC 42001:2023 standard. With intuitive features, customizable inputs, and step-by-step guidance, the tool adapts to your organization’s specific needs—whether you’re looking to meet regulatory obligations, align with international best practices, or both. Its streamlined interface allows even non-technical users to conduct a thorough gap analysis with minimal training.

Designed to integrate seamlessly into your project planning process, the tool delivers clear, actionable insights into compliance gaps and priority areas. As enforcement of the EU AI Act begins in early 2025, and with increasing global focus on AI governance, this tool provides not only legal clarity but also practical, accessible support for developing a robust AI management system. By simplifying the complexity of AI compliance, it empowers teams to make informed, strategic decisions faster.

What does the tool provide?

Split into two sections, EU AI Act and ISO 42001, so you can perform analyses for both or an individual analysis.
The EU AI Act section is divided into six sets of questions: general requirements, entity requirements, assessment and registration, general-purpose AI, measures to support innovation and post-market monitoring.
Identify which requirements and sections of the AI Act are applicable by completing the provided screening questions. The tool will automatically remove any non-applicable questions.
The ISO 42001 section is divided into two sets of questions: ISO 42001 six clauses and ISO 42001 controls as outlined in Annex A.
Executive summary pages for both analyses, including by section or clause/control, the number of requirements met and compliance percentage totals.
A clear indication of strong and weak areas through colour-coded analysis graphs and tables to highlight key areas of development and set project priorities.

The tool is designed to work in any Microsoft environment; it does not need to be installed like software, and does not depend on complex databases. It is reliant on human involvement.

Items that can support an ISO 42001 (AIMS) implementation project