Glossary · ISO
Agentic AI
AI systems that plan and take multi-step actions toward a goal — calling tools, browsing, or executing tasks — with limited human intervention per step. Under ISO 42001, agentic systems raise the bar on lifecycle controls (A.6), event logging, and demonstrable human oversight, because autonomy widens the impact surface.
This definition is part of TCSA’s plain-English compliance glossary, written and reviewed by the auditors who prepare organizations for these frameworks — 500+ audits delivered across India, USA, UK, Australia & UAE.
Go deeper: the full Agentic AI guide
The complete plain-English explainer behind this definition.
Related ISO terms
AI Impact Assessment
The outward-looking assessment ISO 42001 Annex A.5 requires: how an AI system could affect individuals, groups, and society — fairness, rights, safety — with documented mitigations. ISO/IEC 42005:2025 provides the methodology. It complements (and differs from) the inward-looking AI risk assessment and a privacy DPIA.
AI System
A machine-based system that infers from inputs how to generate outputs — predictions, content, recommendations, or decisions — that can influence real environments. The definition (shared in substance by ISO/IEC 22989 and the EU AI Act) is deliberately broad: a product feature wrapping a third-party foundation model is an AI system, not just the model itself.
AIMS
The governance system defined by ISO 42001 for managing the risks and obligations that come with building or deploying AI. It sets out policies, roles, and controls so an organisation can show its AI is developed and operated responsibly.
Annex A Controls
The catalogue of 93 information-security controls listed in Annex A of ISO/IEC 27001:2022, grouped into organisational, people, physical, and technological themes. An organisation selects the controls relevant to its risks and records that choice in the Statement of Applicability.
EU AI Act
The European Union's binding AI law, tiering systems by risk from prohibited practices to minimal risk. It phases in from 2025; after the May 2026 digital-omnibus agreement, high-risk obligations apply from December 2027 (Annex III) and August 2028 (Annex I), while transparency duties and GPAI enforcement arrive on 2 August 2026. ISO 42001 is the management system most organisations use to operationalise it.
GPAI
Under the EU AI Act, an AI model trained on broad data and capable of performing many distinct tasks — foundation models like GPT, Claude, Gemini, or Llama. GPAI providers carry their own obligations (Articles 51–56, in force since August 2025), including technical documentation and training-data summaries; companies building on top of GPAI inherit different duties as providers or deployers of the resulting systems.
Written By Expert Auditors
Get in touch
Book a free consultation or send us your requirements. We respond within 24 hours.
Quick Call
Pick a time slot
Send Requirements
Get a custom quote in 24 hours