Skip to main contentChat with us

Learn · ISO 42001 Concepts

Not All ISO 42001 Certificates
Are Worth the Same

ISO 42001 is new enough that some certificates in the market were issued before any accreditation for the standard existed. ISO/IEC 42006:2025 changed that — it defines what a certification body must be to audit an AIMS. Here is the accredited-vs-unaccredited difference, and how to verify any certificate in about 30 minutes.

The uncomfortable timeline: ISO 42001 published December 2023; ISO/IEC 42006 (the certification-body requirements) published July 2025; accreditations rolled out through 2025–2026. Certificates issued in the gap deserve a second look — including some very public “first certified” claims.

Jul 2025ISO/IEC 42006 published
5checks to verify any certificate
30 minto run the verification

Plain-English explainer · Verification via IAF CertSearch · Last reviewed July 2026

An accredited ISO 42001 certificate is issued by a certification body that a national accreditation body (ANAB, UKAS, RvA, NABCB, and peers) has assessed against ISO/IEC 42006:2025 — the standard, published in July 2025, that defines the AI-auditing competence, audit-time calculation, and methods a body must have before certifying AI management systems. An unaccredited certificate is one issued without that oversight. Both documents look similar. Only one survives scrutiny: enterprise procurement teams, regulators, and the international recognition arrangements (the IAF multilateral agreements) stand behind accredited certificates. The wrinkle unique to ISO 42001 is timing — the standard is young, accreditation arrived well after the first certificates did, and the market's early “first certified” announcements were, by definition, issued before ISO/IEC 42006 existed. None of this makes early adopters bad actors; it makes verification a routine diligence step that almost nobody explains. This page is the missing manual — for buyers evaluating a vendor's certificate, and for organizations choosing a certification body whose certificate will still mean something in three years.

The Difference

Accredited vs Unaccredited

Accredited certificateUnaccredited certificate
Who checked the checkerA national accreditation body assessed the certification body against ISO/IEC 42006 + 17021-1, and re-assesses it periodically.Nobody — the body certifies on its own authority.
Auditor competenceAI-specific auditor competence is a defined, assessed requirement.Whatever the body says it is.
International recognitionBacked by the IAF multilateral recognition arrangements; visible on IAF CertSearch.No recognition framework; typically absent from CertSearch.
Procurement outcomeAccepted by enterprise buyers and questionnaire frameworks.Increasingly challenged — and replacing it later means paying for certification twice.
Price signalPriced like an audit by competent specialists.Often suspiciously cheap and fast — that is the tell, not a bargain.

The accreditation wave is recent and still rolling: the first AIMS accreditations landed through 2025, and by mid-2026 several major bodies hold ISO 42001 scopes from one or more accreditation bodies — with new grants announced regularly. Treat any static list as stale on arrival; check the accreditation body's live directory instead.

The 30-Minute Check

How To Verify Any ISO 42001 Certificate

1

Get the certificate details

From the vendor: certificate number, issuing certification body, scope statement, issue and expiry dates. A vendor unable to produce these has answered your question already.

2

Check IAF CertSearch

Search the certificate or company on IAF CertSearch (certsearch.iaf.nu) — the global database of accredited management-system certificates. A hit tells you the certificate exists and which accredited body issued it. Note: coverage depends on bodies uploading their data, so absence is a flag to investigate, not automatic proof of a fake.

3

Verify the body’s ISO 42001 accreditation scope

On the accreditation body’s public directory (ANAB, UKAS, RvA, NABCB, and peers), confirm the certification body holds accreditation specifically for ISO/IEC 42001 AIMS — under ISO/IEC 42006 — and note WHEN that scope was granted.

4

Compare dates

If the certificate predates the body’s AIMS accreditation, it was issued unaccredited. Ask whether it has since been reissued under accreditation — reputable bodies converted early certificates; others quietly did not.

5

Read the scope statement

An AIMS certificate covers the management system for a defined scope — which AI systems, sites, and activities. “Certified” with a scope that excludes the product you actually buy is decoration, not assurance.

Buyers: run this on any vendor whose AI governance you rely on. Vendors: run it on yourself before your customers do — and if your certificate fails step 4, talk to your certification body about reissuance before the renewal cycle, not during a deal.

Accreditation — Common Questions

ISO/IEC 42006, IAF CertSearch, and choosing a body whose certificate lasts.

What is ISO/IEC 42006?

ISO/IEC 42006:2025, published in July 2025, specifies the requirements for bodies that audit and certify AI management systems — on top of the general certification-body rules in ISO/IEC 17021-1. It covers AI-specific auditor competence, audit-time determination, and audit methods. Accreditation bodies use it to assess certification bodies before granting them an ISO 42001 scope, which is what makes a certificate “accredited.”

Are unaccredited ISO 42001 certificates invalid?

Not legally invalid — ISO certification is voluntary and any body can issue a document. But an unaccredited certificate carries no independent oversight of the certifier, no IAF recognition, and shrinking acceptance in enterprise procurement. The practical risk is paying twice: once for the cheap certificate, then again for an accredited one when a customer refuses the first.

Why do some early “first ISO 42001 certified” claims deserve scrutiny?

Because of the calendar. ISO 42001 was published in December 2023, but ISO/IEC 42006 — the standard accreditation is granted against — arrived in July 2025, and accreditation grants followed from 2025 into 2026. Certificates issued in that window were necessarily unaccredited at issuance. The right follow-up question is not “was it real?” but “has it since been reissued under an accredited scope?” Reputable early adopters and their certification bodies did exactly that.

What is IAF CertSearch and what are its limits?

IAF CertSearch (certsearch.iaf.nu) is the global database where accredited certification bodies publish management-system certificates, letting anyone verify a certificate’s existence, scope, and issuer. Its limit: coverage depends on bodies uploading their data. A certificate you cannot find is a prompt to ask the vendor for verification through the certification body directly — treat absence as a yellow flag, not a verdict.

Which accreditation bodies grant ISO 42001 scopes?

National accreditation bodies in the IAF network — ANAB (US), UKAS (UK), RvA (Netherlands), and peers including India’s NABCB — began granting ISO/IEC 42006-based AIMS scopes through 2025–2026, and the list of accredited certification bodies grows month to month. Always confirm on the accreditation body’s live public directory rather than a blog list (including this one): the directory shows exactly which bodies hold an ISO 42001 scope today and since when.

What should we ask a certification body before signing?

Four questions: (1) Which accreditation body granted your ISO/IEC 42001 scope, and when — can you show the scope listing? (2) Will AI-competent auditors, per ISO/IEC 42006, staff our audit — what is their background? (3) How do you calculate audit days for an AIMS of our size and AI-system count? (4) If we integrate with our ISO 27001 ISMS, can you run combined audits? A body that answers crisply is telling you what its certificate will be worth.

Related reading: the Learn hub, the certification process (Stage 1, Stage 2, surveillance), integrating with ISO 27001, and the ISO 42001 hub. Terms in the compliance glossary.

Written By Expert Auditors

Surendra Pal Singh
Surendra Pal Singh
Chief Information Security Officer & Data Protection Officer
CISODPOCISAMCSEITILISO 27001 Lead AuditorISO 27701 Lead AuditorISO 42001 Lead Auditor
Saundhi Chauhan
Saundhi Chauhan
Lead Auditor
ISO 27001 Lead AuditorISO 27701 Lead Auditor
Last reviewed: July 2026Content verified by certified lead auditors

Get in touch

Book a free consultation or send us your requirements. We respond within 24 hours.

Quick Call

Pick a time slot

Send Requirements

Get a custom quote in 24 hours

We're Online

⚠️ Business inquiries only. Personal email addresses will be rejected.

24hr Response
Free Consultation
No Obligations