ISO/IEC 23894 Explained: AI Risk Guidance Compared to ISO 42001
Photo: Markus Spiske / Pexels
Key takeaways
- ISO/IEC 23894:2023 is guidance on managing AI-specific risk, not a certifiable standard like ISO 42001.
- It extends ISO 31000's general risk principles to cover AI issues: bias, explainability, and unpredictable behaviour.
- You can't get 'certified' to it. It's a reference document, not an audit target.
- Most small teams will use it as a checklist inside a wider risk assessment, not as a standalone project.
- It pairs naturally with ISO 42001 for teams that do want a certifiable AI management system.
ISO/IEC 23894:2023 is the first international standard dedicated to AI risk guidance, published in February 2023 by ISO and IEC's joint technical committee. It sits in a different category to its better-known cousin, ISO/IEC 42001: 23894 is guidance you consult, not a management system you certify against. If you've read about ISO 42001 and wondered where 23894 fits, the short answer is that 42001 is the structure and 23894 is one of the technical inputs that structure draws on when it comes to risk.
What it actually covers
The standard extends ISO 31000, the general risk-management standard most large organisations already follow in some form, into AI-specific territory. It walks through risk identification, analysis and treatment for AI systems across their lifecycle, from design through deployment to eventual retirement. Crucially, it names risk categories a generic risk framework wouldn't think to ask about: algorithmic bias, lack of explainability, data quality problems feeding into model behaviour, and the simple fact that an AI system can behave unpredictably in ways a traditional piece of software rarely does.
Guidance, not certification
This is the point most people trip over. You cannot become 'ISO 23894 certified' the way you can become ISO 42001 certified or ISO 27001 certified, because 23894 isn't written as an auditable management-system standard with clauses a certification body checks off. It's guidance, meant to be read and applied, and the honest way to use it is as a checklist you draw from when building your own AI risk process, not as a target you pass or fail an audit against. Anyone offering '23894 certification' as a service is describing something the standard itself doesn't define.
Where it fits next to ISO 42001
ISO 42001 sets out the management-system scaffolding: policies, roles, objectives, a plan-do-check-act cycle, the kind of structure an auditor can verify exists and is followed. It references risk management as one of its required elements but doesn't spell out AI-specific risk techniques in detail. That's exactly the gap 23894 fills. A team pursuing ISO 42001 certification will typically use 23894 as the technical reference for how to actually run the risk-assessment clauses 42001 requires, rather than reinventing an AI risk methodology from scratch.
Do small teams need it?
Rarely as a standalone project. Most teams under a hundred people get more value from a lightweight risk process, an AI risk assessment covering your actual tools and data, than from formally adopting an ISO standard most staff will never read. Where 23894 earns its keep is as a reference when that risk assessment needs a bit more rigour: if you're staring at an AI feature with genuinely unclear failure modes, its risk-category list is a faster starting point than building one from nothing.
How this plays out in practice
A mid-sized insurer we've seen was piloting an AI tool to triage claims descriptions. The team had a general vendor risk process, but nobody had a structured way to think about bias in the triage outputs or what to do if the model's confidence scores started drifting. Pulling the relevant sections of 23894 into their existing risk template took an afternoon and gave them named categories to assess against, rather than a vague sense that 'AI risk' needed covering somehow. They never pursued formal certification against anything; they just borrowed the structure.
The related standard worth knowing
ISO/IEC 23894 sits alongside ISO/IEC 23984 in some references and, more usefully, ISO/IEC 42001 itself for teams building a fuller programme, plus NIST's AI Risk Management Framework for a US-oriented alternative covering similar ground with its own Govern-Map-Measure-Manage structure. None of these are mutually exclusive. Most organisations end up drawing lightly from two or three of them rather than adopting any single one wholesale, and that's a perfectly reasonable way to use standards that were written to be referenced, not memorised.
How to read it without buying the standard outright
The full ISO/IEC 23894 text sits behind ISO's standard paywall, which puts off a lot of small teams before they've even seen what's inside. In practice, you don't need the official document to get most of the value. Summaries from standards bodies and AI governance publishers cover its risk-category structure in enough detail to build a working checklist, and the AI Standards Hub's overview is a reasonable free starting point before deciding whether the full standard is worth purchasing for your specific use case.
A pitfall worth naming: treating it as a compliance box to tick
Because it has an ISO number, some teams instinctively treat 23894 as something to 'comply with', the same instinct that applies naturally to certifiable standards like ISO 27001. That instinct doesn't fit here. Since there's no certification body checking conformance, the only way 23894 fails to add value is if it's referenced in a policy document and then never actually applied to a real risk decision. The standard is only useful to the extent its risk categories genuinely change how you assess a specific AI tool or use case, not as a citation that makes a policy sound more authoritative.
How the risk categories translate into questions worth asking
The most useful way to apply 23894 without reading the full document is to turn its risk categories into questions you ask about any AI tool before rollout. For algorithmic bias: does this tool's output influence a decision about a specific person, and if so, has anyone checked whether that output treats similar people consistently? For explainability: if a customer or regulator asked why the tool produced a particular output, could you give a coherent answer, or would the honest response be 'we don't know'? For data quality: is the data feeding this tool representative of the population it's being applied to, or could it systematically under-serve some group? None of these questions require statistical expertise to ask, only to ask them at all, consistently, before a tool goes into production rather than after something goes wrong.
How this standard came about
ISO/IEC 23894 was developed by the joint technical committee of ISO and IEC that handles AI standards, drawing on the working assumption that AI-specific risk was distinct enough from general enterprise risk to warrant its own guidance document rather than a chapter bolted onto ISO 31000. The timing, published in February 2023, put it slightly ahead of most AI-specific regulation, including the EU AI Act's later provisions, which is part of why it's become a reference point risk teams reach for even where no formal legal obligation requires it: it filled a genuine gap before the law caught up.
A quick sanity check before you dive in
If you're new to standards documents generally, it's worth setting expectations before opening any part of ISO/IEC 23894: it reads like a technical reference, not a blog post, with formal clause numbering and precise but dense language throughout. Don't expect a quick skim to yield a usable checklist in ten minutes. Budget an hour with a coffee, a notepad, and a willingness to translate its formal language into your own team's plainer terms as you go, which is exactly the translation this article has tried to do on your behalf.
Where to start
If you're assessing AI risk for the first time, don't start by reading the full standard cover to cover. Start with a practical AI risk assessment of the tools you actually use, and pull in 23894's risk categories only where your own assessment feels thin, particularly around bias and explainability. Our frameworks hub maps how ISO 42001, NIST AI RMF and the underlying risk standards relate to each other, which is a faster way in than the standards documents themselves.
| ISO/IEC 23894:2023 | ISO/IEC 42001:2023 | |
|---|---|---|
| Type | Risk management guidance | Certifiable management-system standard |
| Can you get certified? | No | Yes, via an accredited certification body |
| Scope | AI-specific risk identification and treatment | Full AI management system: policy, roles, objectives, controls |
| Best used as | A technical reference inside a wider risk process | A structured programme for teams needing formal certification |
“This document provides organizations with guidance on how risk management can be applied to organizations that develop, provide or use products, systems and services that use AI.”