The rapid evolution of Artificial Intelligence has driven the creation of new standards to help organisations manage it securely, reliably and in compliance with European regulations. In this context, different standards are emerging which, although related, perform complementary functions in the AI governance and compliance ecosystem.<\/p>\n\n\n\n
On the one hand, we have ISO\/IEC 42001:2023<\/strong>, the first international standard that defines the requirements for an Artificial Intelligence Management System (AIMS)<\/strong> applicable to any organisation that designs, develops, implements or uses AI systems. With no direct regulatory value, the standard seeks to promote responsible and transparent AI management through verifiable policies, controls and processes throughout its life cycle, with an emphasis on organisational management, data quality, impact assessment, traceability and continuous improvement.<\/p>\n\n\n\n On the other hand, prEN 18286, currently in draft form, is a harmonised European standard from CEN-CENELEC. This document aims to establish the requirements for a Quality Management System (QMS)<\/strong> to comply with the obligations of the European Artificial Intelligence Regulation (AI Act)<\/strong>. Its objective is not ethical management in general, but rather the demonstration of legal compliance<\/strong> with Article 17 of the AI Act, especially for providers of high-risk AI systems<\/strong>.<\/p>\n\n\n\n <\/p>\n\n\n\n Both standards share a common architecture based on the ISO high-level structure<\/strong>, which facilitates their integration. Both ISO 42001 and prEN 18286 require: documented AI policies, full lifecycle management, risk management and document traceability. Both documents promote traceability, transparency and continuous evaluation of AI systems, with clauses on management, lifecycle, data control, roles, impact assessment and third-party relationships being virtually equivalent.<\/p>\n\n\n\n Both standards concur in requiring structured AI management based on policies, risks, traceability, and lifecycle control.<\/p>\n<\/blockquote>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n The differences between ISO\/IEC 42001<\/strong> and prEN 18286<\/strong> reflect different purposes and levels of requirement. While ISO\/IEC 42001 establishes a voluntary framework for ethical and responsible AI management<\/strong>, prEN 18286 translates these good practices into mandatory requirements<\/strong> to demonstrate compliance with the European AI Regulation (AI Act)<\/strong>. This means that prEN 18286 introduces components that are absent or less developed in ISO 42001, such as assessment of the impact on fundamental rights<\/strong>, post-market surveillance<\/strong>, incident reporting<\/strong> and regulatory traceability<\/strong>.<\/p>\n\n\n\n In summary, although both share a common foundation, prEN 18286 has a more strict, legal and verifiable<\/strong> scope, making it an essential tool for the certification and supervision of high-risk AI systems in Europe.<\/p>\n\n\n\n The differences between 42001 and prEN 28286 draw a line between an \"ethical and responsible\" management system (ISO 42001) and a management system with \"legal compliance\" (prEN 18286).<\/p>\n<\/blockquote>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n The conclusion after a thorough analysis of both standards is that they are complementary<\/strong> rather than mutually exclusive. ISO 42001 serves as an organisational management framework, applicable to any entity that develops or uses AI<\/strong>, including users, implementers, or integrators. prEN 18286, on the other hand, is specifically aimed at suppliers and manufacturers<\/strong> of high-risk AI systems, although its principles are also useful for importers or distributors in the value chain. Therefore, in organisations that perform multiple roles (e.g., a company that develops and implements AI internally), it would be most efficient to implement an integrated management system that combines both standards: ISO 42001 as a cross-cutting management structure and prEN 18286 as a regulatory layer that ensures compliance with the AI Act.<\/p>\n\n\n\n Both standards are complementary: ISO 42001 partially covers the AI Act as good practice, while prEN 18286 covers it comprehensively and bindingly.<\/p>\n<\/blockquote>\n\n\n\n <\/p>\n\n\n\n In summary, ISO 42001 establishes \u201chow to manage AI responsibly\u201d<\/strong>, and prEN 18286 defines \u201chow to demonstrate that this management complies with European law\u201d<\/strong>. Adopting them together will enable European organisations not only to act responsibly and ethically, but also to become certified with guarantees of regulatory compliance<\/strong> in the new legal framework for AI.<\/p>","protected":false},"excerpt":{"rendered":" La r\u00e1pida evoluci\u00f3n de la Inteligencia Artificial ha impulsado la creaci\u00f3n de nuevas normas que ayuden a las organizaciones a gestionarla de manera segura, fiable y conforme a la regulaci\u00f3n europea. En este contexto emergen distintos est\u00e1ndares que, aunque relacionados, desempe\u00f1an funciones complementarias en el ecosistema de gobernanza y cumplimiento de la IA. Por un […]<\/p>\n","protected":false},"author":1,"featured_media":802,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-800","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/posts\/800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/comments?post=800"}],"version-history":[{"count":1,"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/posts\/800\/revisions"}],"predecessor-version":[{"id":801,"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/posts\/800\/revisions\/801"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/media\/802"}],"wp:attachment":[{"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/media?parent=800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/categories?post=800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/i2sc.es\/en\/wp-json\/wp\/v2\/tags?post=800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Overlaps and Common Areas<\/strong><\/h3>\n\n\n\n
\n
Differences<\/strong><\/h3>\n\n\n\n
\n
Approach, Roles and Complementarity<\/strong><\/h3>\n\n\n\n
\n