Information for Interested Parties
Ensure your AI systems operate according to their specified purposes and documentation.
Plain language
This control means you need to make sure your AI works as intended, just like when you check if a toaster toasts bread properly. If your AI gives wrong advice or makes errors because it’s used differently than supposed to, it can lead to upset customers or damage your reputation.
Framework
ISO/IEC 42001:2023
Control effect
Preventative
Classifications
N/A
Official last update
01 Dec 2023
Control Stack last updated
19 May 2026
Maturity levels
N/A
Official control statement
The organisation shall determine and document their obligations to reporting information about the AI system to interested parties.
Why it matters
If your AI is misused because its purpose is unclear, it can make costly mistakes like providing incorrect medical advice or wrong legal recommendations.
Operational notes
Always update documentation every time you change operational rules or purposes for the AI - not just when issues arise.
Implementation tips
- The AI lead should regularly review what each AI system is supposed to do by comparing it with its documentation - just like double-checking a recipe before cooking. If your AI is designed to help with online shopping recommendations, ensure that's exactly what it is doing.
- Data stewards can create a checklist to ensure the data used by the AI matches what’s expected in terms of type and structure - think of it like ensuring the right ingredients go into a dish. This prevents the AI from working incorrectly due to unexpected data.
- Product owners should organise regular team meetings to discuss any new ways people are using the AI, to make sure these fits the original purpose. This guards against unintended uses, like when a cleaning product isn’t meant to be used on certain surfaces.
- Procurement should require suppliers to provide documentation specifying the intended use of their AI products. They should check these documents as one might check the instructions when buying a power tool, to use it safely and correctly.
- The head of risk should conduct impact assessments whenever there's a significant change in how the AI system is used. This is like checking road conditions before a journey to ensure you’re driving safely.
Audit / evidence tips
- AskRequest the AI's user manual or intended use document. GoodThe document is clear, detailed, and matches the AI's role within the organisation.
- AskAsk for the last impact assessment report. GoodChanges in AI usage are documented with risk assessments and addressed adequately.
- AskSee the meeting notes regarding AI usage within the past year. GoodMeeting notes reflect consistent review and checks against intended use each quarter.
- AskReview the AI system update log. GoodThe logs reflect updates linked to adjustments or confirmations of intended use.
- AskLook at the training records of staff using the AI system. GoodTraining records are complete with training details emphasising correct AI usage in line with its objective.
Cross-framework mappings
How Annex A 8.5 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 5.31 | Annex A 8.5 (ISO/IEC 42001) requires the organisation to determine and document obligations to report information about the AI system to ... | |
| handshake Supports (2) expand_less | ||
| Annex A 5.5 | Annex A 8.5 (ISO/IEC 42001) involves documenting AI-system information reporting obligations to interested parties, such as regulators or... | |
| Annex A 5.12 | To meet the obligations of Annex A 8.5 (ISO/IEC 42001), Annex A 5.12 (ISO/IEC 27001) provides support by requiring classification of info... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
Want to implement this AI control?
Mindset Cyber runs PECB-accredited ISO/IEC 42001 training that maps directly to the AI controls in this library.