Objectives for Responsible Use of AI System
Set clear goals for the responsible management and use of AI systems.
Plain language
This control is about making sure your business sets clear goals for how AI should be used responsibly. Imagine a customer service AI that misguides users: that's what can happen without clear goals. Setting objectives helps avoid misuse and maintain trust in your AI system.
Framework
ISO/IEC 42001:2023
Control effect
Preventative
Classifications
N/A
Official last update
01 Dec 2023
Control Stack last updated
19 May 2026
Maturity levels
N/A
Official control statement
The organisation shall identify and document objectives to guide the responsible use of AI systems.
Why it matters
Without clear goals, AI might act unpredictably and harm customer trust, like recommending wrong products or providing misleading information.
Operational notes
Review AI objectives whenever there's a change in business strategy, as new goals might be needed for new technology use.
Implementation tips
- The business owner should start by listing out key areas where AI is used, like customer service or product recommendations, and think about what 'responsible use' means for each. A simple workshop with your team can help draw out ideas.
- The head of risk might coordinate with the AI lead to turn these ideas into tangible objectives and write them down. A basic document with clear dos and don'ts can serve as a starting guide.
- The product owner should ensure these objectives are communicated clearly to AI developers and users. A quick team meeting or an email with bullet points can be effective.
- Data stewards should ensure that the data used for AI is appropriate for these objectives. They might run checks to ensure there's no bias or errors in the data, such as a quarterly review log they maintain.
- The board should review and approve these AI objectives periodically to make sure they remain relevant as the business or technology changes. An annual strategic review meeting is a good time for this.
Audit / evidence tips
- AskRequest the document listing the AI objectives. GoodThe document clearly outlines objectives for responsible AI use tailored to key areas of the business.
- AskSpeak to the AI lead about how objectives are communicated. GoodThe AI lead explains how objectives are communicated to the team and can show evidence like an email or presentation deck.
- AskAsk the data steward about their review process. GoodThe data steward can show a log or report detailing regular data checks and outcomes.
- AskRequest the board meeting minutes from the last strategic review. GoodThe minutes reflect that AI objectives were reviewed and discussed in the last strategic meeting.
- AskLook at last year's AI development guidelines. GoodThe guidelines incorporate current AI objectives, showing they influence development practices.
Cross-framework mappings
How Annex A 9.3 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| ISM-1999 | Annex A 9.3 requires the organisation to identify and document objectives that guide the responsible use of AI systems (e.g., safety, hum... | |
| handshake Supports (2) expand_less | ||
| ISM-0047 | Annex A 9.3 requires the organisation to identify and document objectives to guide responsible AI use, which must be approved and controlled | |
| ISM-1998 | Annex A 9.3 requires the organisation to identify and document objectives to guide responsible AI use, including how AI will be used acro... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
Want to implement this AI control?
Mindset Cyber runs PECB-accredited ISO/IEC 42001 training that maps directly to the AI controls in this library.