ISO-42001.md

AERF × ISO/IEC 42001

← Compliance Overview · ← README

Scope. AERF is an open wire format for cryptographic receipts of AI-agent actions. This page maps AERF v0.1.0-draft.1 to ISO/IEC 42001:2023 clauses 9.1 (monitoring, measurement, analysis and evaluation) and 10.2 (nonconformity and corrective action). The page is written for an organization implementing an AI Management System (AIMS), an ISO 42001 auditor, or an implementer evaluating AERF for the records-and-monitoring evidence layer.

AERF is in scope for the records and monitoring evidence clauses. AERF is out of scope for the organizational, planning, and operational clauses that constitute the management system itself.

Item	Value
AERF version	v0.1.0-draft.1 (May 2026)
ISO standard	ISO/IEC 42001:2023
Last verified	2026-05-08

Primary mappings

Clause 9.1 — Monitoring, measurement, analysis and evaluation

Source: ISO/IEC 42001 standard page; public summary at Hicomply.

• Requirement (paraphrased). Determine what needs to be monitored and measured, the methods to be used, when monitoring and measurement are performed, and when the results are analyzed and evaluated. Retain documented information as evidence of results.
• AERF provides. Each AERF receipt is documented evidence of one monitored event: it identifies what was observed (the action and evidence payload), when (observed_at, optionally anchored to an RFC 3161 trusted timestamp per SPEC §11), and the policy decision that fired (in_policy, policy_reason, policy_hash). The chain (SPEC §8) preserves ordering across receipts. See SPEC §4 for the full field set.
• Coverage. Partial. AERF supplies the retained-evidence artifact.
• Gap. The plan that determines what to monitor and when to evaluate sits in the organization's documented AI Management System.

Clause 10.2 — Nonconformity and corrective action

Source: ISO/IEC 42001 standard page; public summary at Hicomply.

• Requirement (paraphrased). When a nonconformity occurs, react to it, evaluate the need for action to eliminate causes, implement any action needed, review effectiveness, and retain documented information as evidence of the nature of the nonconformity, action taken, and the result of the corrective action.
• AERF provides. Receipts with in_policy: false are signed, immutable records of nonconformities at the agent-action level. policy_reason describes the nature; subsequent receipts in the chain document the actions that followed. AERF receipts cannot be retroactively modified to obscure or revise a recorded nonconformity.
• Coverage. Partial. AERF preserves the evidence record.
• Gap. The root-cause analysis, corrective-action workflow, and effectiveness review remain organizational.

Note on clause 10.1. Clause 10.1 in ISO/IEC 42001 is Continual improvement (process), not Nonconformity. The nonconformity-and-corrective-action requirements are in clause 10.2. This page maps AERF to the clause where the "documented information as evidence" obligation is normative.

Auxiliary mappings

• Clause 7.5 — Documented information. AERF receipts are a class of documented information: they are created with controlled identification (id, UUIDv4 in v0.1), attribution (key_id, agent), and protection from unintended alteration (Ed25519 signature). Coverage of the per-receipt control of documented information is Full; coverage of the broader system that organizes, retains, and disposes of such documented information is Partial.
• Clause 9.2 — Internal audit. AERF receipts can serve as primary evidence during internal audits of the AIMS. Coverage: Partial (evidence supply only).
• Annex A controls (informative). Where annex A controls touch logging or traceability of AI-system operation, AERF addresses the cryptographic-integrity portion. Coverage: Partial (the annex's policy and process controls remain out of scope).

Gaps — ISO/IEC 42001 clauses AERF does not address

• Clause 4 — Context of the organization. Out of scope: contextual analysis is an organizational planning activity.
• Clause 5 — Leadership. Out of scope: leadership commitment and governance roles are organizational.
• Clause 6 — Planning. Out of scope: risk assessment and AI objectives are upstream of the receipt layer; AERF does not define risk taxonomies.
• Clause 7 — Support (resources, competence, awareness, communication). Out of scope, except 7.5 above.
• Clause 8 — Operation. Out of scope: AI system impact assessment, data management, and life-cycle clauses describe process; AERF records outcomes, not the process of design, development, or deployment.
• Clause 10.1 — Continual improvement. Out of scope: this is a process clause, not an evidence requirement.

Security model

The verifier trusts the issuer's public key, distributed out of band per SPEC §9.2. The issuer's private key is held by the organization operating the AIMS; a key compromise breaks the signature trust assumption (see SPEC §12.3). RFC 3161 trusted timestamps SHOULD be used in the production profile to bind receipts to wall-clock time independently of the issuer.

Auditor verification guide

The verifier workflow is identical across frameworks; see the AIUC-1 auditor verification guide for exact commands and expected output. The verifier source is at verifiers/go/verify.go; the canonical example receipt is at verifiers/go/example/receipt.json.

Sources:

• ISO/IEC 42001:2023 — AI management systems
• Hicomply — Core requirements of ISO 42001 clauses 4–10

---

← Compliance Overview · ← README