National foreword

This British Standard is the UK implementation of ISO/IEC 42005:2025.

The UK participation in its preparation was entrusted to Technical Committee ART/1, Artificial Intelligence.

A list of organizations represented on this committee can be obtained on request to its committee manager.

Contractual and legal considerations

This publication has been prepared in good faith, however no representation, warranty, assurance or undertaking (express or implied) is or will be made, and no responsibility or liability is or will be accepted by BSI in relation to the adequacy, accuracy, completeness or reasonableness of this publication. All and any such responsibility and liability is expressly disclaimed to the full extent permitted by the law.

This publication is provided as is, and is to be used at the recipient’s own risk.

The recipient is advised to consider seeking professional guidance with respect to its use of this publication.

This publication is not intended to constitute a contract. Users are responsible for its correct application.

Compliance with a British Standard cannot confer immunity from legal obligations.

This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 June 2025.

Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).

ISO and IEC draw attention to the possibility that the implementation of this document may involve the use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not received notice of (a) patent(s) which may be required to implement this document. However, implementers are cautioned that this may not represent the latest information, which may be obtained from the patent database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held responsible for identifying any or all such patent rights.

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 42, Artificial intelligence.

Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-committees.

Introduction

The growing application of systems, products, services and components of such that incorporate some form of artificial intelligence (AI) has led to a growing concern about how AI systems can potentially impact all levels of society. AI brings with it the promise of great benefits: automation of difficult or dangerous jobs, faster and more accurate analysis of large sets of data, advances in healthcare etc. However, there are concerns about reasonably foreseeable negative effects of AI systems, including potentially harmful, unfair or discriminatory outcomes, environmental harm and unwanted reductions in workforce.

The development and use of seemingly benign AI systems can have the potential to significantly impact (both positively and negatively) individuals, groups of individuals and the society as a whole. To foster transparency and trustworthiness of systems using AI technologies, an organization developing and using these technologies can take actions to assure affected interested parties that these impacts have been appropriately considered. AI system impact assessments play an important role in the broader ecosystem of governance, risk and conformity assessment activities, which together can create a system of trust and accountability.

ISO/IEC 38507, ISO/IEC 23894 and ISO/IEC 42001 all form important pieces of this ecosystem, for governance, risk and conformity assessment (via a management system) respectively. Each of these highlights the need for consideration of impacts to individuals and societies. A governing body can understand these impacts to ensure that the development and use of AI systems align to company values and goals. An organization performing risk management activities can understand reasonably foreseeable impacts to individuals and societies to appropriately incorporate into their overall organizational risk assessment. An organization developing or using AI systems can incorporate understanding and documentation about these impacts into its management system to ensure that the AI systems in question meet expectations of relevant interested parties, as well as internal and external requirements.

The act of performing AI system impact assessments and utilizing their documented outcomes are integral to activities at all organizational levels to produce AI systems that are trustworthy and transparent. To this end, this document provides guidance for an organization on how to both implement a process for completing such assessments and promote a common understanding of the components necessary to produce an effective assessment.

1 Scope

This document provides guidance for organizations performing artificial intelligence (AI) system impact assessments for individuals and societies that can be affected by an AI system and its foreseeable applications. It includes considerations for how and when to perform such assessments and at what stages of the AI system life cycle, as well as guidance for AI system impact assessment documentation.

Additionally, this guidance includes how this AI system impact assessment process can be integrated into an organization’s AI risk management and AI management system.

This document is intended for use by organizations developing, providing or using AI systems. This document is applicable to any organization, regardless of size, type and nature.

2 Normative references

3 Terms and definitions

4 Abbreviated terms

5 Developing and implementing an AI system impact assessment process

5.1 General

5.2 Documenting the process

5.3 Integration with other organizational management processes

5.4 Timing of AI system impact assessment

5.5 Scope of the AI system impact assessment

5.6 Allocating responsibilities

5.7 Establishing thresholds for sensitive uses, restricted uses and impact scales

5.8 Performing the AI system impact assessment

5.9 Analysing the results of the AI system impact assessment

5.10 Recording and reporting

5.11 Approval process

5.12 Monitoring and review

6 Documenting the AI system impact assessment

6.1 General

6.2 Scope of the AI system impact assessment

6.3 AI system information

6.4 Data information and quality

6.5 Algorithm and model information

6.6 Deployment environment

6.7 Relevant interested parties

6.8 Actual and reasonably foreseeable impacts

6.9 Measures to address harms and benefits

Bibliography

BS ISO/IEC 42005:2025

Information technology. Artificial intelligence (AI). AI system impact assessment

Current

Published:

30 Jun 2025