Public announcements from certification bodies and newly certified companies suggest that only around 350 organisations worldwide held ISO 42001 certificates by spring 2026. The standard was published in December 2023, so the certified population is still small, growing fast, and heavily weighted towards technology companies. Being certified today still puts an organisation in the earliest cohort of adopters.
What the numbers look like
There is no single official register of ISO 42001 certificates, so the count has to be assembled from certification-body announcements and company press releases. The trajectory those sources show is consistent: Boston Consulting Group announced in January 2026 that it was among the first 100 organisations certified globally, and by April 2026 newly certified companies were describing themselves as among the first 350 worldwide. The pace is accelerating as more certification bodies gain accreditation and build audit capacity.
For comparison, ISO 27001, the information security standard ISO 42001 is modelled on, has hundreds of thousands of certificates worldwide. ISO 42001 is at the very beginning of that curve.
Why are so few companies certified?
- The standard is young. Published December 2023; the first certificates were only issued in 2024.
- Audit capacity is limited. Certification bodies had to be accredited for ISO 42001 before they could issue accredited certificates, and auditor availability is still catching up with demand.
- The AI system impact assessment is new work. Unlike ISO 27001, organisations must assess how their AI affects individuals and society, a requirement most companies have never documented before.
- Demand only recently became commercial. Enterprise buyers and the EU AI Act have turned AI governance from a nice-to-have into a procurement question over the last two years.
Who is getting certified
The early cohort is dominated by companies that sell AI or sell to enterprises asking about AI: cybersecurity vendors, SaaS platforms, consultancies and professional services firms. Atoro was the first consultancy in Europe to achieve ISO 42001 certification, audited by A-LIGN, and we run the same AI management system we help clients build.
What this means if you are considering certification
Scarcity is the opportunity. While the certified population is measured in hundreds, holding ISO 42001 is a genuine differentiator in enterprise sales and investor diligence, and it builds the governance backbone the EU AI Act expects. As the population grows into the thousands, it will shift from differentiator to expectation, the same path ISO 27001 followed. The earlier you certify, the longer you hold the advantage.
If you want the detail, start with what ISO 42001 is and the implementation guide, or go straight to our ISO 42001 implementation service.
FAQs
How many companies are ISO 42001 certified?
Public announcements suggest around 350 organisations worldwide held ISO 42001 certificates by spring 2026. There is no official global register, so the figure is assembled from certification-body and company announcements, and it is rising quickly.
Is there an official list of ISO 42001 certified companies?
No. ISO itself does not certify organisations or keep a register. Certificates are issued by accredited certification bodies, and each body maintains its own directory, so verification means checking the issuing body’s register for a specific certificate.
How do I verify a company’s ISO 42001 certificate?
Ask for the certificate and check it against the issuing certification body’s public directory. A credible certificate names the certification body, the scope of the AI management system, and the accreditation body (such as ANAB or UKAS) behind it.
Who was the first consultancy in Europe to be ISO 42001 certified?
Atoro, certified by A-LIGN, one of the first auditors accredited for ISO 42001 by ANAB. We now implement and audit ISO 42001 for AI-enabled software companies across Europe.
Will ISO 42001 certification numbers keep growing?
All the visible signals say yes: more certification bodies are gaining accreditation, enterprise procurement increasingly asks about AI governance, and the EU AI Act’s staged obligations keep raising the commercial stakes. The likely path mirrors ISO 27001’s growth from hundreds to hundreds of thousands of certificates.