ISO 42001 Consulting — AI Management System under AI Act
ISO 42001 is the world's first standard for AI management systems (AIMS). Sternberg Consulting helps you build AI governance, manage risks and systematically meet the EU AI Act requirements — before regulation catches up with you.
Trusted by leading organisations
What is ISO 42001?
ISO/IEC 42001:2023 is the first international standard for AI management systems (AIMS). The standard defines how organisations develop, deploy and oversee AI systems responsibly.
It addresses risks such as bias, lack of transparency, security gaps and uncontrolled data flow. At the same time it provides the framework for traceable, ethical and business-viable AI use.
ISO 42001 is closely linked to the EU AI Act. Organisations with a certified AIMS automatically meet a significant portion of AI Act requirements — especially for high-risk AI systems.
Request a Free Consultation
I'll get back to you within 24 hours — no obligation, personal response.
Thank you!
I'll get back to you personally within 24 hours.
- ✓No obligation
- ✓BAFA funding may apply
- ✓Response within 24 hours
Personal delivery — from kickoff to audit.
I am Jonathan Sternberg, a certified ISO consultant and auditor. Every engagement is personally delivered by me — no junior team, no subcontractors.
My approach is remote-first and nationwide. You get clear communication, firm deadlines and a management system your team actually uses.
My verifiable lead auditor credentials: CQI IRCA PR328 (ISO 9001), ULN 606399, Course ID 1792 and CQI IRCA PR357 (ISO 45001), ULN 606399, Course ID 1885.
For certification projects, I coordinate with certification bodies operating under DAkkS, UKAS and ANAB accredited providers.
- ✓IRCA-recognised lead auditor courses: PR328 (ISO 9001) and PR357 (ISO 45001)
- ✓Works with accredited certification bodies, including DAkkS-, UKAS- and ANAB-accredited providers
- ✓100 % first-audit success rate
- ✓Based in Saxony, available nationwide
Who should tackle ISO 42001?
AI product providers
Companies that ship AI features in their products — from chatbots to recommenders to image analysis.
SaaS with AI features
Most modern SaaS products integrate AI. Customers increasingly ask for governance evidence.
High-risk AI use cases
HR systems, credit scoring, medical diagnosis, law enforcement — the EU AI Act requires explicit conformity.
Consultancies and public sector
Organisations using AI internally (recruiting, customer service) need internal governance.
How we build your AIMS
From your first question to the certificate on the wall — and beyond.
Build an AI inventory
We capture every AI system in use — including third-party services like OpenAI, Anthropic or AWS Bedrock.
Risk classification
Each system is classified under AI Act and ISO 42001. High-risk systems receive the most attention.
Governance framework
Responsibilities, decision processes, review cycles, incident response — documented and lived.
Implement controls
Data quality, bias monitoring, transparency requirements, human oversight — the standard requires concrete measures.
Awareness & training
Employees are trained on AI risks, prompt hygiene and output validation.
Audit & certification
Internal audit, close gaps, accompany certification audit.
Why ISO 42001 now?
AI Act-ready
The EU AI Act enters into force in stages from 2025. A certified AIMS puts you well ahead.
Customer trust
B2B buyers increasingly ask about AI governance. A certificate is a strong sales argument.
Competitive edge
Few organisations currently hold ISO 42001. Early certification = market differentiation.
Risk reduction
Bias, data leaks, wrong decisions — structured management prevents costly incidents.
ISO 27001 integration
Many controls overlap with ISO 27001. Combined certification saves 40% effort.
Pragmatic approach
No academic compliance overhead. We build governance your product team does not resent.
Up to 80 % of consulting costs reimbursed.
BAFA subsidises SME consulting via the "Förderung unternehmerischen Know-hows" programme. I handle the entire application.
"Energy and results convinced us. From first contact to Stage 2 audit in six weeks — only possible because Jonathan began the work even before the contract was signed."
Also relevant for you
Common questions.
What is the difference between ISO 42001 and the EU AI Act?
The EU AI Act is law — it defines what is prohibited, allowed or regulated. ISO 42001 is a management-system standard: it describes how you implement AI Act requirements organisationally. Both complement each other: the AI Act says what, ISO 42001 says how.
Do I need ISO 42001 if I only use ChatGPT?
For pure consumption of existing AI tools (ChatGPT, Claude, Gemini), ISO 42001 is not strictly necessary, but it is useful. It creates clear rules for data sharing, output validation and GDPR compliance. Many companies need this anyway.
How long does an AIMS take to build?
Depending on scope, 8 to 16 weeks. The biggest effort sits in AI inventory and risk assessment. Small teams with few AI systems go significantly faster.
What controls does ISO 42001 require concretely?
Annex A lists 38 controls in nine areas: policies, internal organisation, resources, impact, lifecycle, data, information, stakeholders, third parties. We only implement controls relevant to your context.
Is ISO 42001 compatible with ISO 27001?
Yes, very well. Both standards follow the High Level Structure. We frequently build them together — saving documentation, audits and management review.
Who certifies to ISO 42001?
Few accredited bodies currently offer it, but the major providers (BSI, DQS, TÜV, DEKRA) are building capacity. I coordinate selection and timing.
How much does ISO 42001 consulting cost?
Between €10,000 and €30,000 depending on AI complexity. Significantly cheaper for pure consumption scenarios (no proprietary AI product). BAFA funding is checked in the first call.
Let's talk.
Tell me where you stand and what you need. Within 24 hours you receive a first assessment and a concrete meeting proposal — free and without commitment.
- ✓Reply within 24 hours
- ✓Free first consultation, no strings attached
- ✓BAFA funding eligibility checked for you
Thank you!
Your enquiry has been received. You'll hear back from me personally within 24 hours.