Free Demo
  • Linkedin
  • Twitter
  • Youtube

Daon named a Leader in the 2025 Gartner® Magic Quadrant™ for Identity Verification: READ MORE

Free Demo
Contact Us

Connect with a Daon solutions expert

Let us know how we can assist you

  • Product/Solution Information
  • Product Demonstration
  • Request for Proposal
  • Partnership Opportunities

See why many of the world’s strongest brands chose Daon to help them build lasting trust with their customers.

Why ISO 42001 Matters for the Future of Trusted Technology

by Louise McCormack
June 18, 2026

Most organizations recognize responsible AI as a priority but struggle to translate ethical principles into operational controls, leaving governance fragmented and accountability unclear. Daon’s ISO/IEC 42001 certification demonstrates that structured AI governance embedded across the entire development lifecycle produces better products and stronger trust with customers operating in high-stakes identity verification environments.

 

Trust has always been at the core of what Daon does, and strong governance is a fundamental part of maintaining that trust. With this core belief, Daon hired me just under two years ago. Since then, I’ve worked within the organisation on implementing trustworthy AI throughout each department involved in the lifecycle of their AI systems used for digital identity. We aligned the organisation’s governance approach with the EU AI Act, ISO/IEC 42001 (the first international management system standard for AI governance), the EU’s Trustworthy AI framework, TAIMM (Trustworthy AI Maturity Model), and AI4Peoples approach to Ethics by Design.

Last month, we successfully achieved the certification for ISO/IEC 42001. This article will explain what that means, and why more organisations should start to adopt this standard as a priority. Strong governance for AI is becoming increasingly important, yet adoption of ISO/IEC 42001 remains in its early stages, with certification levels still modest compared to more mature standards such as ISO 27001 despite growing industry interest. The standard provides organisations with a structured framework for managing AI responsibly across its entire lifecycle, with the aim of helping ensure that AI systems are developed, deployed and monitored in a transparent, accountable and trustworthy manner. Organisations are focused on what AI can do, ISO/IEC 42001 focuses on how AI should be governed. Because the standard is still new, many organisations are only beginning to formalise their AI governance programmes and assess the resources required for certification.

In the paper Trust and Transparency in AI: Industry Voices on Data, Ethics, and Compliance, published in the Journal of AI & Society in October 2025, I explored the practical challenges organisations face when adopting trustworthy AI. Through interviews with industry professionals, our research found that while there is broad recognition of the importance of responsible AI, many organisations continued to struggle with fragmented governance structures, unclear accountability, limited transparency, concerns around data quality and provenance, and a lack of practical tools to assess AI trustworthiness. The findings also highlighted a growing gap between the rapid pace of AI deployment and the maturity of governance frameworks, with many organisations finding it difficult to translate high-level ethical principles into operational processes and measurable controls. In conjunction with the ethical and legal frameworks listed above, ISO 42001 provides a formal structured process that organisations can follow to embed trustworthiness and ethics into their AI systems.

For Daon, pursuing ISO 42001 was about embedding governance into Digital Identity solutions to build better products. The certification does not simply represent a commitment to ensuring that AI governance evolves alongside AI innovation but is a result of the understanding that better AI governance produces better and more resilient products.

Achieving ISO 42001 required us to build and implement a comprehensive AI Management System that spans the entire AI lifecycle. This includes governance structures, risk management processes, impact assessments, performance monitoring, accountability mechanisms, and continuous improvement practices. Importantly, it also required us to embed oversight and responsibility throughout the organisation rather than treating AI governance as the responsibility of a single team.

One of the most rewarding aspects of this journey was bringing together stakeholders from across the business around a common approach to responsible AI. Box ticking and documentation for the sake of documentation is something nobody wants. The challenge that we undertook, was how to embed governance in a way that it added value to the business, instead of adding barriers or cost. Effective governance requires collaboration, and as such, developing the solution to this challenge was a cross-functional effort. What we found was that there were many processes introduced by aligning with ethics by design. This helped teams to ask questions that resulted in being able to design and build better products. Ethics by design, when implemented well, should add value to a business. It should never be about introducing activities just because they map to controls for a certification. Embedding ethical AI should be about introducing processes that make sense, and add additional value to the business, otherwise they will become box ticking, which nobody wants.

AI is both a technology challenge and a governance challenge. As organisations start relying on AI-driven systems, customers, regulators, and stakeholders need confidence that appropriate controls are in place. Strong governance helps ensure that AI remains transparent, accountable, and aligned with organisational objectives and ethical principles. Responsible AI is not a single policy document or a one-time exercise. It is an ongoing system of governance that requires continuous oversight, review and adaptation as technology evolves. Trustworthy AI is built through consistent processes, clear accountability, and a commitment to continuous improvement.

For organisations deploying AI, particularly in high-trust environments such as biometric authentication and digital identity verification, assurance matters. Customers want evidence that AI systems are being governed responsibly. ISO 42001 provides independent validation that robust governance practices are embedded throughout our organisation and that AI risks, oversight, and accountability are managed through documented, repeatable, and independently audited processes. The certification gives our customers greater confidence in how our AI systems are developed, deployed, and monitored.

Digital identity sits at the intersection of security, privacy, and trust. AI is playing an important role in protecting organisations and consumers from fraud, deepfakes, and sophisticated impersonation attacks. As these capabilities become more powerful, the governance frameworks that support them become even more critical. Innovation and governance must advance together. One cannot succeed sustainably without the other.

While we’re proud to be one of the first digital identity companies globally to achieve ISO 42001 certification, we view this as an important milestone rather than a finish line. The certification is the outcome, but the real value lies in the governance culture we have built throughout the organisation. Maintaining that culture, continuously improving our processes and ensuring our governance framework scales alongside AI innovation will remain an ongoing priority. For me, ISO 42001 ultimately comes down to confidence. Confidence for our customers, confidence for our partners, and confidence that AI is being managed responsibly, transparently, and consistently. As AI continues to shape the future of digital identity, strong governance will be one of the foundations that enables trust to endure.

You may also like....
Article
Customer-Controlled Encryption: Why Key Ownership Matters for Identity Data

Customer-Controlled Encryption: Why Key Ownership Matters for Identity Data

BYOK and customer-managed keys aren’t the same thing. Explore why key ownership affects compliance, data sovereignty, and zero-trust alignment.

Show Me
Article
Moving from Compliance to Competitive Advantage: The True Role of Identity Verification

Moving from Compliance to Competitive Advantage: The True Role of Identity Verification

Identity verification drives conversion and retention, not just compliance. Learn why frictionless onboarding and continuous assurance create competitive advantage.

Show Me
Article
Voice Deepfakes Are Fooling Call Center Agents: Here’s How to Stop Them

Voice Deepfakes Are Fooling Call Center Agents: Here’s How to Stop Them

Contact centers lose two-thirds of fraud to voice deepfakes. Explore why knowledge-based authentication fails and how biometric defense works.

Show Me
Article
Continuous Identity Assurance: A Technical Framework for Financial Institutions

Continuous Identity Assurance: A Technical Framework for Financial Institutions

One-time identity verification at onboarding creates fragmented controls attackers exploit. Learn how continuous assurance closes security gaps.

Show Me
Article
Why Anthropic’s Identity Decision Should Matter to Every AI Operator

Why Anthropic’s Identity Decision Should Matter to Every AI Operator

Anthropic’s identity verification decision on Claude reflects regulatory pressures all AI operators will face.

Show Me

Get Daon Insights in your inbox.