Most organisations tracking the EU AI Act are focused on the regulation itself — its risk categories, compliance timelines, and enforcement mechanisms. Fewer are looking at the technical layer beneath it: the international standards being developed by ISO/IEC JTC 1/SC42, the subcommittee responsible for AI standardisation. That gap is a problem, because the standards SC42 produces will shape what "compliance" actually looks like in practice.
What is SC42?
SC42 is a subcommittee of ISO/IEC Joint Technical Committee 1 (JTC 1), the body jointly run by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). Its remit is the standardisation of artificial intelligence. SC42 was established in 2017 and has since grown to include national bodies from across Europe, North America, Asia, and beyond. Its work is organised into several working groups, covering areas such as foundations and terminology, data, trustworthiness, use cases and applications, and governance.
Key Standards and Work Items
Several SC42 standards are already published and increasingly referenced in regulation and procurement:
- ISO/IEC 42001 (AI management systems): a requirements standard for organisations that develop or deploy AI, modelled on the ISO 9001 management systems approach.
- ISO/IEC 24029 series (robustness): covering assessment of the robustness of neural networks.
- ISO/IEC 5259 series (data quality for AI): addressing data quality management specifically in AI contexts.
- ISO/IEC 25059 (quality model for AI systems): an extension of the SQuaRE quality framework to AI.
- ISO/IEC 42006: requirements for bodies providing audit and certification of AI management systems.
Beyond published standards, SC42 has an active pipeline of drafts and new work items — which means the landscape is actively evolving, not static.
Why It Matters for Organisations Now
The EU AI Act's conformity assessment process will increasingly reference harmonised standards, many of which are expected to derive from SC42. Organisations that wait until those standards are finalised before engaging with them will find themselves in reactive compliance mode — updating systems and documentation under time pressure. Those who engage earlier can shape their architecture, governance, and documentation practices to align proactively.
There is also a procurement dimension. Public sector organisations and large enterprises are beginning to require that AI suppliers demonstrate alignment with SC42 frameworks. Understanding the landscape early confers a material advantage.
Navigating SC42 Without Getting Lost
The challenge for most organisations is that SC42's output is voluminous, technical, and constantly in motion. Standards documents run to dozens of pages and are written for standards practitioners, not product teams or compliance officers. Effective navigation requires knowing which work items are relevant to a specific system or use case — and which can be set aside for now.
"The organisations that understand SC42 today are writing the requirements documents their competitors will be scrambling to meet tomorrow."
Where to Start
For most organisations, the right starting point is a structured briefing: understanding the SC42 landscape at a high level, identifying the three to five standards most relevant to your context, and building a working timeline for their development and expected publication. From there, you can decide how deeply to engage — whether that means monitoring, aligning internal practices, or participating directly in standards development.
If you are building or deploying AI systems, SC42 is not optional background reading. It is the architecture of what accountability will look like.
Want to understand which SC42 standards apply to your organisation?
We can provide a structured briefing tailored to your context — covering the standards that matter most for your systems and use cases.
Contact us