ISO 42001 and
NIST AI RMF.
Mapped.

Short version.

ISO/IEC 42001:2023 is the first international, certifiable AI management system (AIMS) standard. It is shaped like ISO 27001: clauses 4–10 are the management-system core, Annex A is a list of controls. Certification audits are a documented practice.

NIST AI RMF 1.0 (NIST AI 100-1, January 2023) is a voluntary US-federal framework built around four functions — GOVERN, MAP, MEASURE, MANAGE — with the GenAI Profile (NIST AI 600-1, July 2024) extending it for generative AI. Adoption is increasingly mandatory in US federal contracting.

On audit trails the two converge. ISO 42001 Annex A controls like A.6 (AI system life cycle) and A.7 (data for AI systems) plus the operational-control clauses imply a system of records. NIST AI RMF MEASURE-2 and MANAGE-4 explicitly call for documented, traceable evidence. Both can be satisfied by the same anchored process-trace pattern — which is what makes the Pattern C architecture from the Article 12 guide compounding rather than duplicative.

Disclaimer: this guide is editorial, not legal advice. For certification or contractual interpretation, consult an accredited certification body and review the source standards.

ISO/IEC 42001:2023.

Published December 2023. Title: “Information technology — Artificial intelligence — Management system.” The full standard is available at iso.org/standard/81230.html .

Like ISO 27001, the standard separates a management-system core (clauses 4–10: Context, Leadership, Planning, Support, Operation, Performance evaluation, Improvement) from a normative Annex A list of controls. The Annex A control families relevant to audit trails are:

• A.4 — Organizational policies for AI. Documented policies; the audit trail is a substrate for demonstrating policy adherence.
• A.6 — AI system life cycle. Controls for development, deployment, operation, retirement. Logging, versioning, and traceability sit here.
• A.7 — Data for AI systems. Data-quality, lineage, and provenance controls. Pinning a training-data manifest hash to each inference closes the “was this trained on what we said” clause.
• A.8 — Information for interested parties.Transparency obligations to users and third parties; verifiable evidence of past decisions belongs here.
• A.10 — Third-party relationships. Logging that survives vendor change is implied; ISO 27001 auditors are already trained to ask the “what if the vendor goes away” question.

ISO 42001 is certifiable. An accredited body audits the management system against clauses 4–10 plus applicable Annex A controls, issues a certificate, and revisits annually. The evidence package an auditor builds is functionally a request for the artifacts those controls produce.

NIST AI RMF 1.0.

Published January 2023 as NIST AI 100-1. Voluntary, US-federal leaning, and structured around four functions plus subcategories. Source at nist.gov/itl/ai-risk-management-framework .

The four core functions and what they mean for audit trails:

• GOVERN. Establish organizational accountability, roles, and policies for AI. Maps to ISO 42001 clauses 4–5 (Context, Leadership). For audit trails: governance attestations (“compliance officer X approved this model release on date Y”) should be signed and recorded.
• MAP. Establish context, categorize the AI system, identify risks. Maps to ISO 42001 clause 6 (Planning) and Annex A.6. For audit trails: capture model purpose, intended use, in-scope users at the time of every decision.
• MEASURE. Analyze, assess, benchmark, and monitor risks. Subcategory MEASURE-2 is explicit about “documenting trustworthy AI system properties.” This is where traceability of inputs and outputs lives.
• MANAGE. Allocate risk responses, including response and recovery. MANAGE-4 calls for risk-treatment decisions to be traceable. Incident response feeds back into MEASURE.

The GenAI Profile (NIST AI 600-1, July 2024) overlays generative-AI-specific risks (CBRN, dangerous content, value chain, intellectual property) but leaves the four-function scaffold intact.

Side-by-side.

The mapping below is a working cross-reference, not an accreditation. ISO/IEC 22989 and the upcoming ISO/IEC 42005 will add more formal alignment over time. Where a row reads “—,” the framework does not have a direct counterpart; the requirement is still met by the same evidence under the other framework.

Clause numbers reference ISO/IEC 42001:2023 Annex A and NIST AI 100-1 (AI RMF 1.0) function/subcategory codes. Validate against the source standards for binding interpretation.

What each framework asks for, in audit-trail terms.

Three patterns recur across both frameworks; they are the same patterns that show up in EU AI Act Article 12 and in ISO 27001 with respect to security logs.

• Decisions are recorded automatically and contemporaneously. ISO 42001 A.6 implies it; NIST AI RMF MEASURE-2 names it. A log written after the fact, or selectively, is the audit equivalent of self-reporting.
• Records bind to model state. ISO 42001 A.7 (data) and the life-cycle controls in A.6 require lineage. NIST AI RMF MAP-2 covers data and MEASURE covers model properties. Pinning a manifest hash (model + tokenizer + system prompt + training-data fingerprint) closes both.
• Records survive incidents and vendors. ISO 42001 A.10 (third-party relationships) plus the operational continuity framing of clause 8 implies records that survive vendor change. NIST AI RMF GOVERN-6 covers third-party risk; MANAGE-4 covers response and recovery. Tamper-evident off-vendor storage is the architecturally clean answer.

One anchored trace, two framework checks.

Concrete walk-through. An AI-powered loan-decisioning system produces a decline for applicant X on date D. Under both frameworks the auditor asks: prove the decision, prove the model state at the time, prove the governance.

1. 01

   Trace records the inference.

   Inputs (pseudonymised), retrieval steps, tool calls, model outputs, and a manifest hash binding model + tokenizer + system prompt + training-data fingerprint, all hash-chained.

2. 02

   Governance event embedded.

   A signed attestation (“model version M approved for use by officer O on date G”) lives as an event inside the same Merkle bundle.

3. 03

   Bundle anchored.

   The Merkle root is anchored to Cardano under metadata label 2222. ~0.2–0.3 ADA per anchor. Independently verifiable by anyone with the transaction hash.

4. 04

   ISO 42001 audit pass.

   Annex A.6 (life cycle), A.7 (data lineage via manifest), A.8 (transparency: inclusion proof to the customer), A.10 (vendor-independent) — covered by the same evidence.

5. 05

   NIST AI RMF check pass.

   GOVERN-2 (governance attestation present), MAP-2 (data context recorded), MEASURE-2 (decision documented), MANAGE-4 (response evidence traceable) — same artifact.

The compounding pays off at audit time: one architectural pattern, one evidence package, two framework reports. The underlying SDK is described at Orynq SDK and the wider pattern at the AI audit-trail pillar.

Common questions.

• Is ISO/IEC 42001 mandatory? No. It is a voluntary international management-system standard. Many enterprise procurement and regulated-industry processes are starting to require it; the EU AI Act references harmonised standards but ISO 42001 is not itself binding law.
• Is NIST AI RMF mandatory? It is voluntary by design (NIST publishes guidance, not regulation). However, US federal agencies and contractors increasingly require alignment under EO 14110 and follow-on OMB memos, and finance/health regulators cite it as a baseline. The practical answer is “voluntary on paper, expected in procurement.”
• Does ISO 42001 require on-chain logging? No. ISO 42001 specifies management-system properties; the implementing technology is the organization's choice. The standard cares whether the property holds (traceability, integrity, retention), not how. Anchoring is one durable way to demonstrate tamper-evidence to an auditor.
• How does ISO 42001 relate to ISO 27001? ISO 42001 borrows the management-system architecture from ISO 27001. Organizations already certified to ISO 27001 will find the integration straightforward: many controls cross-reference. The differentiator is the AI-specific content in Annex A.
• Does the NIST AI RMF have a GenAI-specific extension? Yes — the GenAI Profile (NIST AI 600-1, published July 2024) overlays generative-AI-specific risks onto the four-function framework. CBRN information risks, dangerous content, value chain risks, intellectual property risks. The audit-trail subcategories are unchanged.
• Can one log satisfy ISO 42001, NIST AI RMF, and EU AI Act Article 12? If the log has the right properties — automatic, contemporaneous, binding to model state, tamper-evident, retained for the system lifetime — yes. That is the entire point of architecting the audit trail at the data layer rather than per-framework. See the Article 12 guide for the regulatory pillar of the same triangle.