EU AI Act and ISO 42001 LinkedIn Live Webinar: Key Takeaways from Our Expert Panel

On 12 August 2025, we dropped a LinkedIn Live webinar exactly when general-purpose AI model obligations under the EU AI Act went live.

Talk about perfect timing.

The panel cut through the noise on scope, timelines, the gaps nobody's talking about, and how ISO/IEC 42001 actually gets your AI governance sorted.

Here's what became crystal clear: ISO/IEC 42001 isn't another dusty standard that should sit on a shelf and not be taken seriously. It's built on solid international frameworks and gives you real, actionable guidance for AI governance that doesn't make you want to scream into the void. Plus, it's certifiable by an accredited body—instant credibility points right there.

The standard keeps you ahead of regulatory chaos and supports compliance across different jurisdictions.

The panel hammered this home: governance frameworks and solid risk management aren't optional anymore. ISO/IEC 42001 supports a risk-based approach to AI management, helping you tackle compliance, ethical deployment, and safe AI practices without the drama.

‍

Introduction to AI Regulation

The AI revolution is here. And it's moving stupidly fast.

Across industries, artificial intelligence has brought incredible opportunities, and some seriously gnarly challenges. As AI systems dig deeper into business operations and decision-making, the need for clear regulatory frameworks has gone from "nice to have" to "absolutely essential."

Enter the EU AI Act—the regulatory heavyweight setting the standard worldwide. It is the world's first comprehensive law regulating artificial intelligence, marking a significant milestone in global AI governance.

This isn't your typical bureaucratic snooze-fest. It's a comprehensive approach to developing, deploying, and overseeing AI within the European Union.

By classifying AI systems according to risk—especially those high risk AI systems that keep lawyers up at night—the AI Act establishes targeted requirements to ensure safety, transparency, and accountability.

The EU AI Act was adopted in June 2024 and will be fully applicable in 24 months with some parts applying sooner.

But here's where it gets interesting.

To help organisations navigate these evolving obligations without pulling their hair out, the ISO/IEC 42001 standard provides a structured framework for implementing an artificial intelligence management system. This international standard helps you proactively manage AI risks, align with responsible AI governance principles, and show the world you're serious about trustworthy AI.

By integrating ISO/IEC 42001 into operations, businesses can nail EU AI Act compliance, manage AI related risks like pros, and foster responsible development and use of AI technologies.

Compliance with ISO 42001 can also help organisations gain a competitive advantage in the AI landscape, showcasing their commitment to trustworthy AI.

‍

Why this matters

Any organisation operating in the EU with AI in use is likely in scope.

That's pretty much everyone at this point.

Strong governance, including rock-solid risk management, reduces risk, speeds adoption, and gets your teams ready for audits without the last-minute panic attacks. When you've got clear roles, processes, and evidence aligned with business objectives, responsible practices and established governance structures become your secret weapon for effective AI oversight.

Companies face legal penalties and reputational damage if they fail to manage AI risks effectively as per ISO/IEC 42001.

And let's not forget—robust data governance is absolutely essential for compliance and audit readiness.

Because nobody wants to be that company scrambling for documents when the auditors show up.

‍

Key regulatory timings

‍

Exposure points inside organisations

• No AI policy. Teams are using ChatGPT and Copilot like it's the Wild West, which means data leakage risks and security threats galore. Time to emphasise data protection and roll out AI literacy across the company—before someone accidentally feeds your trade secrets to a chatbot.
• Weak supplier due diligence. You need to ask the hard questions about training data, known limits, safeguards, retention, and sub-processors. If their answers sound like marketing fluff, it's time to reconsider.
• Unsafe defaults. Disable training on private data wherever you can. Enterprise controls and logging aren't optional—they're survival tactics.
• Rushed chatbot launches. Ship fast, sure, but with guardrails, clear tone of voice, and proper measurement before you scale up. Nobody wants to be the next AI disaster story.

Implementing risk mitigation strategies isn't just smart, it's essential for addressing these exposure points and ensuring compliance with data protection requirements.

‍

How ISO/IEC 42001 helps

ISO/IEC 42001 is the first international AI management system standard for safely managing AI (artificial intelligence), setting a global benchmark for organisations aiming to govern AI responsibly.

The standard defines roles, policy, risk assessment, controls, audits, and continual improvement across the AI lifecycle. It enables organisations to proactively manage AI risks throughout the AI lifecycle instead of playing catch-up.

ISO/IEC 42001 is recognised as the only certifiable standard for managing AI compliance practices.

Plus, it integrates with ISO/IEC 27001, so you're not duplicating effort like some kind of compliance masochist.

Act. ISO/IEC 42001 also allows organisations to independently certify their AI management system, adding an extra layer of credibility.

‍

Core components for AI management

• Clear governance structure with accountable owners who actually know what they're doing.
• Regular risk assessment linked to business impact, including evaluation of both minimal risk and systemic risk associated with AI deployment.
• Continuous monitoring, testing, and incident handling that doesn't rely on crossed fingers and hope.
• Transparency, explainability, accountability, and human oversight throughout model design, deployment, and operation, guided by AI ethics. This includes monitoring AI models and ensuring that AI generated outputs are clearly labeled and compliant with transparency requirements.

‍

AI projects and development

Build ethical and responsible AI development practices into design, training, evaluation, and release, ensuring your AI developers are actively engaged throughout the process instead of throwing code over the wall.

Use documented tests, risk registers, and review gates that actually work.

Keep outputs explainable to stakeholders—no black box mysteries allowed.

Ensure that AI applications are designed and deployed in line with ISO/IEC 42001 and the EU AI Act. Align your work with EU AI Act duties and ISO/IEC 42001 clauses, and use AI responsibly throughout the project lifecycle.

‍

Operational guidance from the panel

• Publish an AI policy now. Cover acceptable use, human oversight, data handling, tool approval, record keeping, incident response, and ethics. Note that exceptions for law enforcement purposes may be permitted in line with regulatory requirements, such as for real-time remote biometric identification or post-identification in serious cases with court approval. Train everyone and log those attestations—because "we told them verbally" doesn't hold up in audits.
• Run an AI and data inventory. List use cases, models, prompts, data sources, and vendors. Classify by impact and context, and identify scenarios that may present unacceptable risk under EU AI regulations. Assign owners and review cycles, because orphaned AI systems are compliance nightmares waiting to happen.
• Strengthen supplier checks. Standard questionnaire on training data, evaluation methods, bias controls, red teaming, safety features, retention, sub-processors, and data flows. Escalate high-risk use for legal review and report serious incidents or escalation to national authorities as required.
• Embed human oversight. Define review or override points for high-impact decisions. Document thresholds and accountability—because "the AI did it" isn't a defence strategy.
• Configure privacy settings. Turn off training on company data where possible. Limit sharing. Use enterprise plans with isolation and logging, not the free version that treats your data like an all-you-can-eat buffet.
• Pilot safely. Test in controlled environments. Limit data exposure. Measure benefits, risks, and policy breaches before scale-up—because moving fast and breaking things works great until you break something important.
• Stand up ISO/IEC 42001 basics. Scope, policy, roles, risk method, supplier assurance, change control, model monitoring, incident handling, and continual improvement. Map each element to EU AI Act obligations so you're not playing compliance bingo.

‍

Selected quotes

"Any organisations operating in the EU are very likely to fall within scope if you are using AI technologies in some shape or form." Katie Simmons, Legal Director at Womble Bond Dickinson (UK) LLP

"You have got to have a managing ai policy focused on ensuring AI systems are compliant ." Lucy Bartley, Owner at Traction Industries

"ISO/IEC 42001 helps you in managing generative AI systems and maps to the EU AI Act." Matthew Biltaji, Head of Product at Hicomply

‍

Actions for this quarter

• Pick two or three AI use cases with clear value and risk. Assign accountable owners who won't disappear when things get complicated.
• Close the policy gap. Publish the policy, train staff, enable central logging and guardrails. No more "we'll figure it out as we go."
• Launch supplier assurance. Review all active AI vendors, then deep-dive the top five by risk. Time to separate the wheat from the chaff.
• Prepare for 2026. Align 42001 controls with high-risk obligations and rehearse audits. Practice makes perfect, and perfect means passing.

‍

Compliance notes

• Registration. High-risk AI systems require entry in the EU database before placement on the market. Sensitive areas use a non-public section—because some things need to stay under wraps.
• Serious incidents. Providers report to national market surveillance authorities, which notify the European Commission. The EU AI office plays a key role in overseeing compliance and supporting the implementation of the AI Act. The implementation of the EU AI Act includes establishing a working group to oversee its enforcement. Set internal procedures and SLAs now, before you need them.

‍

Get support

Support's available for scoping ISO/IEC 42001, mapping to ISO/IEC 27001, and proactively manage risks associated with AI while standing up core processes for EU AI Act readiness.

Because why suffer through compliance alone when you don't have to?

‍

Conclusion

1. Proactive action for the win: As AI technologies continue to evolve and regulatory scrutiny cranks up the heat, organisations need to take a proactive approach to managing AI systems and ensuring compliance with global standards.
2. Responsible AI use is now possible: The EU AI Act and ISO/IEC 42001 together provide a rock-solid foundation for responsible AI governance, risk management, and continuous improvement.
3. Commit to trustworthy AI: By adopting a structured framework for artificial intelligence management, organisations can confidently address high risk and unacceptable risks, support responsible development, and demonstrate their commitment to trustworthy AI.
4. Embed AI governance and create an ethical use culture: Staying ahead means embedding AI governance into business objectives, regularly assessing and mitigating AI related risks, and fostering a culture of ethical and responsible use.
5. Unlock AI potential: With the right management systems in place, organisations can not only ensure compliance but also unlock the full potential of AI—safely, ethically, and sustainably.
6. Grow and capitalise on AI by being compliant: Because the future belongs to those who get AI governance right, not those who wing it and hope for the best.

‍