Major cloud providers like 🔗Amazon Web Services (AWS) have ISO 42001 certification. For organisations hosting their AI tools on these platforms, this is good news but not without misconceptions like:
“If the platform I build on is compliant, my application must be compliant.”
Unfortunately, it’s not that simple. It’s often true that building on a certified foundation is a smart move, but it doesn’t absolve any security responsibility. There is a fundamental nature in cloud compliance: the Shared Responsibility Model.
What is ISO 42001? Artificial Intelligence has an established standard for governance: ISO/IEC 42001. As the world’s first international management system standard specifically for AI, it provides a blueprint for managing the risks and opportunities associated with AI.
Infrastructure vs. Application
When AWS, or any major cloud provider, achieves ISO 42001 certification, they are certifying their Artificial Intelligence Management System (AIMS). They are proving that the underlying infrastructure, the managed services (like Amazon Bedrock or SageMaker), and their internal processes for developing these tools meet rigorous international standards for safety, security, and transparency.
They are not, however, certifying how you use them.
Think of it like renting a top-tier, safety-certified commercial kitchen. The landlord ensures the gas lines are safe, the ventilation meets code, and the fire exits are clear. But if you, the chef, decide to serve undercooked chicken or leave a knife on the edge of a counter, the kitchen’s safety certificate won’t protect your customers, or your reputation.
In the cloud, AWS looks after the “security OF the cloud” (the hardware, the global network, the managed service backend). You are responsible for security and governance “IN the cloud.”
What you inherit vs. what you own…
When you host an AI tool on AWS, you do inherit significant benefits. You inherit the physical security of their data centres and the reliability of their compute power. But ISO 42001 isn’t just about server security; it is about governance, ethics, and risk management and this is where responsibility shifts to you:
|
Data Governance and Bias |
AWS ensures the platform can process data securely. But they can’t control the quality of the data you feed into your model. If you train an AI model on a biased dataset, the resulting tool will be biased, regardless of how secure the server is. Under ISO 42001, you’re responsible for ensuring your data is representative, fair, and ethically sourced. |
|
Transparency and Explainability |
A key pillar of ISO 42001 is transparency, users must know they are interacting with an AI and understand (to a reasonable degree) how decisions are made. AWS provides the tools to build the model, but they can’t force you to design a transparent user interface or publish an explainability statement. That governance sits with your development team. |
|
Impact Assessments |
Before deploying an AI tool, ISO 42001 mandates an assessment of its potential impact on stakeholders. Does your tool make decisions that affect people’s livelihoods, credit scores, or healthcare? A cloud provider can’t perform this risk assessment for you because they do not know the context of your application. |
The “wrapper” risk
A growing trend in the SaaS market is the “wrapper” application, tools that are essentially thin interfaces sitting on top of a Large Language Model (LLM) like GPT-4 or Claude via API.
Developers of these tools often think that because the foundation model provider (e.g., OpenAI or Anthropic hosted on AWS) is compliant, they are covered. This is a critical error. The “wrapper” is where the user interaction happens; it is where the data is collected, and often where the specific business logic is applied.
If your wrapper allows a user to jailbreak the model, leaks sensitive user data through a prompt injection attack, or fails to label AI-generated content, you;re the one failing compliance, not the host.
How to close the gap
At Mondas, we view compliance not just as a checklist, but more of a culture of security. To align with ISO 42001 when hosting on a certified cloud provider, you should consider the following:
|
Map Your Dependencies |
Clearly define which controls you inherit from AWS and which ones remain your responsibility. |
|
Implement Your Own AIMS |
Establish your own internal Artificial Intelligence Management System. This includes your policies on ethical AI use, human oversight, and continuous monitoring. |
|
Validate the Output |
Don’t just trust the model. Implement rigorous testing for hallucinations, bias, and adversarial attacks. |
|
Stay Informed |
The threat landscape changes daily. What was secure yesterday may be vulnerable today. |
The Mondas perspective
We believe that leveraging best-in-class tools from providers like AWS is a good starting point. It gives you a head start on security that would be difficult to replicate on-premise. But true leadership in information security comes from what you build on top of that foundation.
By combining the robust infrastructure of certified cloud providers with Mondas’s expertise in cyber security and governance, organisations can move beyond “ticking the box” to building AI tools that are genuinely resilient, trustworthy, and future-proof.
Talk to our team today about our paths to ISO 42001 compliance for our clients and how we can work to secure each component of your security environment. Discover more by reading the 🔗AWS overview and FAQs on ISO/IEC 42001 here.
This article was brought to you by our Sales and Marketing Manager at Mondas – George Eastman. George has experience in working with organisations on their overall cyber security protection and consults with clients on thier ISO 42001 gap analysis, 🔗learn more about George on LinkedIn.
