Set the standard with ISO 42001: Lessons from Cognizant’s trailblazing journey

ISO 42001: A game changer for the service provider community

ISO 42001, the new international standard for managing artificial intelligence (AI), is rapidly gaining traction as a benchmark for ethical and responsible AI practices. While it is often associated with software technology providers, its relevance to the service provider community—encompassing technology and business services—is equally critical. For companies such as Cognizant, the first global IT service provider to achieve the ISO 42001 certification, the standard is a differentiator that signifies maturity in AI governance and delivery excellence.

Services-as-software: Why service providers need ISO 42001

The line between services and software is increasingly blurring. Service providers are now deploying “services-as-software,” embedding AI-driven tools to automate and enhance client operations. These innovations span technology management, cybersecurity, and even core business processes—all filled with AI tools. ISO 42001 provides a structured framework for responsibly developing, deploying, and managing these AI-driven services.

For service providers, adopting ISO 42001 is not just about compliance—it’s about building trust with clients and ensuring the scalability of AI solutions. Given the rise of regulations such as the European Union AI Act, the importance of ethics and guardrails, and contractual requirements that shift risk to service providers, managing AI solutions delivered as part of contracted services is critical.

Cognizant’s ISO 42001 journey: A blueprint for success

Cognizant’s path to certification offers valuable lessons for other service providers:

• Motivation: Cognizant pursued the ISO 42001 certification to differentiate itself in a competitive market, enhance client trust, and proactively address emerging regulatory landscapes. The certification reflects the firm’s commitment to responsible AI practices and positions compliance as a strategic advantage.
• Challenges: Implementing the standard required substantial organizational change management. Cognizant developed new templates, guidelines, and metrics (e.g., model compliance and prompt acceptance rates) to align with the ISO requirements. As part of this effort, it has committed to training its global workforce of 300,000+ employees to adopt responsible AI practices.
• Benefits:
  • Internal value: Cognizant’s adherence to ISO 42001 has improved risk management, provided a robust framework for AI lifecycle governance, and enabled scalable and consistent AI solution delivery.
  • Client confidence: The certification assures clients that Cognizant’s AI systems are high-performing, reliable, and aligned with ethical principles. It also helps clients manage their liability by trusting Cognizant’s adherence to international standards.
• Next steps: Cognizant plans to scale its ISO 42001 implementation across all projects that develop, deploy, or manage AIMS (AI Management Systems) while extending its capabilities to consult with clients on achieving their own certification—or at least stronger governance programs.

The challenges ahead: Navigating non-compliant client technologies

Despite the benefits of ISO 42001, certified service providers face a significant challenge: working with client technologies and vendors that do not yet meet the standard. Most off-the-shelf AI platforms, including industry giants such as Microsoft and OpenAI, haven’t explicitly shared their compliance to ISO 42001. This gives service providers an opportunity to strengthen design-phase controls and conduct rigorous risk assessments for their clients.

Cognizant’s approach involves:

• A multi-disciplinary team (technologists, lawyers, sociologists, anthropologists) to assess risks at the solution stage
• A tiered risk assessment framework to identify and mitigate high-risk use cases early
• Enhanced p ost-deployment monitoring to ensure AI systems remain within designed operational parameters

As Alexis Samuel, SVP and Head of Global Delivery Excellence at Cognizant, stated, “While it can be difficult to influence Microsoft or OpenAI to change their code, we can strengthen our controls during the development process.”

Why every service provider should obtain the ISO 42001 certification

ISO 42001 is more than a compliance exercise for service providers—it’s a business imperative. Here’s why:

• Competitive differentiation: Early adopters such as Cognizant gain a significant market advantage, showcasing their maturity in managing AI responsibly.
• Client trust: ISO 42001-certified providers inspire confidence, reducing client concerns about liability and compliance.
• Scalability: The standard provides a scalable framework for delivering AI services consistently across geographies and industries.
• Future-ready: With regulations such as the EU AI Act on the horizon, ISO 42001 positions providers to adapt quickly to emerging requirements.

The Bottom Line: The era of AI accountability has arrived. Enterprise buyers should look to service providers to outline how ISO 42001 is being used as a gold standard to get the most from their AI efforts.

The journey to ISO 42001 is demanding, but the rewards are undeniable. Cognizant’s efforts demonstrate what a service provider should be doing to help their clients adopt responsible AI governance.

For future AI projects—whether focused on technology or business services—enterprise leaders and their service partners should incorporate Cognizant’s approach to remain competitive, earn client trust, and prepare for the future of AI-driven operations.

However, not all technologies will be compliant, and working with these non-compliant technologies cannot be ignored. To address this, service providers must adopt innovative risk management strategies to bridge the gap, ensuring their services align with ISO 42001 standards even when client technologies do not. In this rapidly changing world of AI, such strategies will be key to long-term scalability. For service providers, ISO 42001 is the gold standard that separates the leaders from the rest.