ISO 42001, NIST AI RMF, and the EU AI Act: The Complete Control Crosswalk

Reviewed by Ali Aleali, CISSP, CCSP · Last reviewed July 1, 2026

ISO 42001, the NIST AI RMF, and the EU AI Act overlap on roughly two-thirds of their controls. Design one control set against that shared core and you cover all three at once, the same audit-once-comply-many logic that already governs SOC 2 and ISO 27001. The three look like separate projects only because different bodies wrote them for different purposes: ISO 42001 as the certifiable standard buyers ask for, the NIST AI Risk Management Framework as the voluntary baseline US enterprises reference, and the EU AI Act as binding law with enforcement dates on the calendar. Underneath, they govern the same activities: how you assess AI risk, how you handle data, how a human stays in the loop, and how you prove any of it happened.

This crosswalk maps all three at the control level so you can build once instead of three times, breaks down each framework's structure, names where they genuinely diverge, and lays out the sequence to operate one program against all of them.

How to read this crosswalk

The three frameworks are not the same kind of instrument, and pretending they map one-to-one is a common mistake in AI governance content. Read the differences before the table:

  • ISO/IEC 42001:2023 is a management-system standard. It is certifiable by an accredited body and is built around a governance lifecycle (Clauses 4 to 10) plus a set of controls in Annex A.
  • The NIST AI RMF 1.0 is a voluntary risk framework. There is no certification. It organizes work into four functions (Govern, Map, Measure, Manage) and is prescriptive about practices, not outcomes you must prove to an auditor.
  • The EU AI Act (Regulation 2024/1689) is law. It is risk-tiered, it carries penalties, and its obligations attach to specific roles (provider, deployer) and specific risk classes. The high-risk obligations for Annex III systems, originally set for 2 August 2026, were deferred to 2 December 2027 under the 2026 Digital Omnibus (see the timeline below).

Two consequences follow. First, the mapping is by control theme, not by clause number, because a management-system clause, a voluntary subcategory, and a legal article rarely share a boundary.

Certification is not the same as legal compliance

ISO 42001 certification is strong, auditable evidence that the governance machinery the EU AI Act expects is in place, and the European standards bodies are building harmonized standards on exactly this foundation. It does not, on its own, discharge a legal obligation under the Act. Treat the crosswalk as a way to reuse work, not as a claim that one certificate satisfies the law.

The master crosswalk

Each row is a governance theme that appears in all three frameworks. The references point to where each framework addresses it.

Control theme ISO/IEC 42001:2023 NIST AI RMF 1.0 EU AI Act (Reg. 2024/1689)
Leadership and accountability Clause 5 (Leadership); A.3 (Internal organization) GOVERN 1, GOVERN 2 (roles, accountability structures) Art. 17 (quality management system); Art. 26 (deployer obligations)
AI policy Clause 5.2; A.2 (Policies related to AI) GOVERN 1 (policies, processes) Art. 17 (documented policies within the QMS)
Risk and impact assessment Clause 6.1; A.5 (Assessing impacts of AI systems) MAP (context and risk identification); MEASURE (analysis) Art. 9 (risk management system); Art. 27 (fundamental rights impact assessment)
Data and data governance A.7 (Data for AI systems) MAP 2, MEASURE 2 (data quality, representativeness) Art. 10 (data and data governance)
AI system lifecycle and development Clause 8 (Operation); A.6 (AI system life cycle) MAP, MANAGE (lifecycle controls) Arts. 9 to 15 (requirements applied across the lifecycle)
Transparency and information to stakeholders A.8 (Information for interested parties) GOVERN 4, MAP 5 (transparency, documentation) Art. 13 (transparency to deployers); Art. 50 (transparency for certain systems)
Technical documentation and record-keeping Clause 7.5 (Documented information); A.6 MEASURE, MANAGE (documentation, traceability) Art. 11 (technical documentation); Art. 12 (logging and record-keeping)
Human oversight A.9 (Use of AI systems, responsible use) GOVERN, MANAGE (human-AI configuration) Art. 14 (human oversight)
Accuracy, robustness, and security Clause 8; A.6 controls (verification, validation); integrates ISO/IEC 27001 MEASURE 2, MANAGE 2 (performance, robustness, security) Art. 15 (accuracy, robustness, cybersecurity)
Third-party and supply chain A.10 (Third-party and customer relationships) GOVERN 6, MAP 4 (third-party risk) Art. 25 (responsibilities along the value chain); Arts. 53 to 55 (GPAI providers)
Monitoring, incidents, and post-market Clause 9 (Performance evaluation); A.6.2 (operation and monitoring) MEASURE 4, MANAGE 4 (ongoing monitoring, response) Art. 72 (post-market monitoring); Art. 73 (serious incident reporting)
Resources, competence, and AI literacy Clause 7.1 to 7.3; A.4 (Resources for AI systems) GOVERN 2, GOVERN 3 (workforce, culture) Art. 4 (AI literacy)
Continual improvement Clause 10 (Improvement); Clause 9.3 (management review) GOVERN (continuous improvement of the risk program) Art. 17 (QMS maintenance and update)

The shared core is about two-thirds of the work

Risk assessment, data governance, documentation, monitoring, and accountability are shared across all three frameworks. The remaining third is where each one asks for something the others do not, and that is where scoping effort concentrates.

ISO/IEC 42001:2023 reference: Annex A control areas

ISO 42001 pairs a management-system spine (Clauses 4 to 10, the same shape as ISO 27001) with Annex A, which groups its controls under nine areas. Teams searching for the full Annex A controls list are usually trying to map these to existing ISO 27001 work:

  • A.2 Policies related to AI: establishing and reviewing AI-specific policy.
  • A.3 Internal organization: roles, responsibilities, and reporting for AI.
  • A.4 Resources for AI systems: data, tooling, computing, and human resources.
  • A.5 Assessing impacts of AI systems: the AI system impact assessment, including impacts on individuals and society.
  • A.6 AI system life cycle: responsible design, development, verification, deployment, and operation.
  • A.7 Data for AI systems: data acquisition, quality, provenance, and preparation.
  • A.8 Information for interested parties of AI systems: transparency and documentation for users and affected parties.
  • A.9 Use of AI systems: responsible use, including human oversight of operation.
  • A.10 Third-party and customer relationships: allocating responsibility across providers, customers, and suppliers.

Why ISO 42001 cannot just bolt onto your ISMS

The defining feature is A.5. Where ISO 27001 assesses risk to the confidentiality, integrity, and availability of information, ISO 42001 assesses the impact of the AI system itself, including harms to individuals and groups that have nothing to do with a data breach. That is new work an existing ISMS does not cover.

NIST AI RMF reference: the four functions

The NIST AI Risk Management Framework 1.0 organizes AI risk work into four functions, each broken into categories and subcategories in the companion Playbook:

  • GOVERN: the cross-cutting function covering culture, policies, accountability, and workforce. NIST positions this as the foundation the other three functions rest on.
  • MAP: establish context and identify risks across the AI lifecycle and value chain.
  • MEASURE: analyze, assess, benchmark, and track identified risks using quantitative and qualitative methods.
  • MANAGE: prioritize and act on risks, allocate resources, and respond to and recover from incidents.

NIST also publishes the Generative AI Profile (NIST AI 600-1, 2024), which applies these functions to generative and foundation models. Because the RMF is voluntary and outcome-flexible, it is the natural design layer underneath ISO 42001: use it to architect the controls, then certify the management system that operates them.

EU AI Act reference: risk tiers, key articles, and timeline

The EU AI Act regulates AI by risk class rather than by sector, and our deeper look at how ISO 42001 maps to the EU AI Act covers the relationship in full. The tiers:

  • Prohibited practices (Art. 5): uses banned outright, such as social scoring and certain biometric categorization.
  • High-risk systems (Art. 6 and Annex III): permitted but subject to the core obligations in Articles 8 to 15: risk management, data governance, technical documentation, logging, transparency, human oversight, and accuracy and security.
  • Limited-risk systems (Art. 50): transparency obligations, for example disclosing that content is AI-generated or that a user is interacting with a chatbot.
  • Minimal-risk systems: no mandatory obligations.
  • General-purpose AI models (Arts. 53 to 55): a separate obligation set for foundation-model providers, with heightened duties for models posing systemic risk.

The enforcement calendar, as amended by the 2026 Digital Omnibus, is the part to plan around:

Date What applies
1 August 2024 Regulation enters into force
2 February 2025 Prohibited practices (Art. 5) and AI literacy (Art. 4)
2 August 2025 General-purpose AI model obligations (Arts. 53 to 55)
2 December 2027 High-risk obligations for stand-alone Annex III systems (deferred from 2 August 2026)
2 August 2028 High-risk obligations for AI embedded in regulated products under Annex I (deferred from 2 August 2027)

The Annex III high-risk deadline moved

The Digital Omnibus on AI, the first amendment to the AI Act since its 2024 adoption, deferred the stand-alone Annex III high-risk obligations from 2 August 2026 to 2 December 2027, and the Annex I embedded-product obligations to 2 August 2028. As of June 2026 this is a provisional political agreement reached on 7 May 2026, awaiting formal adoption and publication in the Official Journal, so confirm against the European Commission's authoritative implementation timeline before you plan around it. The deferral changes the timing, not the substance: the governance machinery the Act expects from high-risk providers and deployers, a risk management system, data governance, documentation, human oversight, and post-market monitoring, is the same machinery ISO 42001 certifies, which is why building the program now still pays off ahead of the deadline.

Where the three diverge

The three frameworks diverge in four ways that change what you have to build, and a crosswalk earns trust by naming them rather than only the overlaps.

The EU AI Act has obligations the other two do not contain. Prohibited-practice rules (Art. 5), conformity assessment and CE marking for high-risk systems, registration in the EU database, and the fundamental rights impact assessment (Art. 27) are legal requirements with no direct equivalent in ISO 42001 or the NIST RMF. Certifying ISO 42001 does not exempt a high-risk provider from these.

ISO 42001 demands auditable proof the others do not. Because it is certifiable, it requires documented management review, internal audit, and evidence that the AIMS operates continuously. The NIST RMF asks for none of this, and the EU AI Act asks for it only in the specific forms its articles prescribe.

The NIST RMF goes deeper on measurement technique. Its MEASURE function and the Generative AI Profile offer more granular guidance on evaluating model behavior, bias, and robustness than either of the other two, which is why it works best as the engineering-level design reference.

Scope boundaries differ. ISO 42001 governs the organization's entire AI management system. The EU AI Act attaches obligations to specific systems by risk class and to specific roles. A single high-risk system can sit inside a certified AIMS and still carry legal obligations the certificate does not address.

Building one program that covers all three

The practical sequence that avoids three parallel projects:

  1. Use the NIST AI RMF as the design foundation. Architect your risk assessment, data governance, and measurement practices against the four functions. It is free, detailed, and widely recognized in US procurement.
  2. Operationalize and certify with ISO 42001. Wrap those controls in the management-system structure, run the AI system impact assessments under A.5, and pursue accredited certification. This is the artifact buyers ask for in vendor questionnaires. If you are still deciding which framework leads, our guide on which AI framework actually fits walks through the call.
  3. Layer EU AI Act specifics on top for systems in scope. Classify each system by risk tier, then add the Act-specific obligations the crosswalk leaves unshaded: conformity assessment, the fundamental rights impact assessment, registration, and transparency disclosures.

Done in that order, the shared two-thirds is built once. Only the genuinely framework-specific third gets bespoke effort, and you enter procurement conversations with a certificate that maps cleanly to the law your customers are also racing to meet.

Mapping AI governance across all three?

We build the effective security program once and map it to ISO 42001, the NIST AI RMF, and the EU AI Act together.

 

Frequently Asked Questions

Does ISO 42001 certification mean I comply with the EU AI Act?

No. ISO 42001 certification is strong, auditable evidence that the governance controls the Act expects are in place, and harmonized European standards are being built on it, but it does not discharge legal obligations such as conformity assessment, registration, or the fundamental rights impact assessment for high-risk systems.

Is the NIST AI RMF mandatory?

No. The NIST AI Risk Management Framework is voluntary. It carries no certification and no legal force, which is why it works best as the design layer beneath a certifiable standard like ISO 42001.

Which AI framework do enterprise procurement teams ask about most?

In our experience, buyers increasingly request ISO 42001 and reference the NIST AI RMF in third-party risk questionnaires. ISO 42001 is the one with a certificate to hand over, which is why it tends to lead in procurement.

How much of the work overlaps across the three frameworks?

Roughly two-thirds. Risk assessment, data governance, documentation, monitoring, and accountability are shared. The remaining third is framework-specific, which is where scoping effort concentrates.

Can I map my existing ISO 27001 controls to ISO 42001?

Partly. The management-system structure (Clauses 4 to 10) and the security controls carry over, but ISO 42001's A.5 impact assessment evaluates harm caused by the AI system itself, not just risk to information, so it requires new work an ISMS does not cover.

Sources

  • ISO/IEC 42001:2023, Information technology, Artificial intelligence, Management system. International Organization for Standardization.
  • NIST, Artificial Intelligence Risk Management Framework (AI RMF 1.0), NIST AI 100-1, January 2023; and Generative AI Profile, NIST AI 600-1, 2024.
  • Regulation (EU) 2024/1689 of the European Parliament and of the Council (the Artificial Intelligence Act), Official Journal of the European Union, 2024.
  • European Commission, implementation timeline of the EU AI Act, AI Act Service Desk.
  • Council of the EU, Digital Omnibus on AI provisional agreement, 7 May 2026 (deferral of high-risk Annex III obligations to 2 December 2027; pending formal adoption).

Ready to Start Your Compliance Journey?

Get a clear, actionable roadmap with our readiness assessment.

Share this article:

About the Author

Former security architect for Bank of Canada and Payments Canada. 20+ years building compliance programs for critical infrastructure.

Ready for ISO 42001?

Score your AI governance readiness across 8 domains. Free.

Take the Scorecard
Framework Explorer BETA Browse SOC 2 controls, guidance, and evidence — free.