Skip to content
arrow_back
Annex A 8.2
search
Annex A 8.2 psychology ISO/IEC 42001:2023

Provide Users the Information They Need to Use the AI System

Your organisation must work out and give users the information they need to understand and use the artificial intelligence (AI) system properly.

A.8 Information for interested parties of AI systems Preventative ISO/IEC 42001:2023 AI Management SystemISO 42001 Annex A 8information sharingawareness traininginformation classification
record_voice_over

Plain language

This control is about making sure the people who use your artificial intelligence (AI) system are given the information they need to use it correctly and safely. Think of it like the instructions, label and warnings that come with any product. Users should understand what the AI system is for, what it can and cannot do, how reliable its results are, and when a human should check its output. They should also know how to get help if something does not look right. If users do not have this information, they may trust the AI in situations it was never designed for, or misread its results. As part of an AI management system (AIMS, the set of policies and processes your organisation uses to govern AI responsibly), this control protects both your users and your organisation by setting clear, honest expectations about how the AI should be used.

Framework

ISO/IEC 42001:2023

Control effect

Preventative

Classifications

N/A

Official last update

01 Dec 2023

Control Stack last updated

18 June 2026

Maturity levels

N/A

Official control statement

The organisation shall determine and provide the necessary information to users of the AI system.
psychology ISO/IEC 42001:2023 Annex A 8.2
priority_high

Why it matters

Without clear user information, people may rely on the AI in ways it was not designed for, leading to mistakes, misuse and lost trust.

settings

Operational notes

Treat user information as living material: review it whenever the AI system changes so guidance always matches how the system actually behaves.

build

Implementation tips

  • The product owner identifies who actually uses the AI system (for example staff, customers, or partner businesses) and writes down what each group needs to know to use it safely and correctly.
  • A nominated subject matter expert prepares plain-language user information covering the system's intended purpose, its known limitations, how accurate its results typically are, and the situations where a human should review the output before acting on it.
  • The team makes the information easy to find at the point of use, for example as on-screen guidance, a help page, a printed instruction sheet, or wording built into the AI's responses, rather than buried in a document no one reads.
  • The AI lead sets a schedule to review and update the user information whenever the system changes, such as after a model update or a new feature, so the guidance always matches how the AI actually behaves.
  • Procurement ensures that any AI system bought from a supplier comes with adequate documentation for your users, and obtains the vendor's instructions, capability statements and limitation notes as part of the contract.
fact_check

Audit / evidence tips

  • Askthe user information or documentation provided with the AI system, and confirm it states the system's intended purpose, capabilities and limitations in language a non-technical user can understand
  • Look athow and where users actually receive this information, and check it is available at the point of use rather than only on request; good practice is clear on-screen guidance or an easily accessible help resource
  • Askwho the identified users of the AI system are, and check the organisation has tailored the information to each user group's needs rather than offering one generic document
  • Look atevidence that the user information is kept current, such as version dates or a review log showing updates after system or model changes; good evidence shows a recent review within the last 12 months
  • For AI systems supplied by a vendor, ask to see the supplier-provided user documentation and confirm the organisation has reviewed it for completeness rather than simply passing it on unchecked.
link

Cross-framework mappings

How Annex A 8.2 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.

ISO 27001

Control Notes Details
sync_alt Partially overlaps (1) expand_less
Annex A 6.3 Annex A 8.2 requires the organisation to determine and provide users with the information they need to understand and use an AI system ap...

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

psychology

Want to implement this AI control?

Mindset Cyber runs PECB-accredited ISO/IEC 42001 training that maps directly to the AI controls in this library.

Mapping detail

Mapping

Direction

Controls