ISO/IEC 42001 & EU AI Act — obligations from 2025
The EU AI Act is entering into force step by step from 2025 — many obligations already apply. The SCMC AI Governance Check evaluates your maturity against ISO/IEC 42001:2023 and the EU AI Act: 102 control questions, 10 domains, clear action recommendations.
Structured AI governance review, identify gaps, and prioritize measures — based on ISO/IEC 42001 and the EU AI Act.
Simple, transparent pricing
Monthly
CHF 155
/ month
Annual
CHF 1'550
≈ CHF 129 / month
2 months free
Since February 2025, the first prohibitions of the EU AI Act are in force. Since August 2025, obligations around GPAI models and AI literacy apply. By August 2026, high-risk AI system requirements follow. Any organization that deploys, develops, or procures AI systems is affected now — regardless of size or sector. The assessment evaluates 102 control questions across 10 domains based on ISO/IEC 42001:2023 and the EU AI Act, showing what is already fulfilled and where urgent action is needed.
The Challenge
Many organizations are running AI systems in production without a structured picture of whether governance requirements are met. ISO/IEC 42001 and the EU AI Act create new obligations that remain hard to grasp.
Our Solution
102 structured control questions across 10 domains deliver a clear, traceable baseline — organized by maturity levels and prioritized action areas.
Cover the most important AI governance requirements in one structured run — without managing multiple checklists and separate frameworks in parallel.
102 control questions across 10 domains deliver a precise baseline: what's already implemented? Where is urgent action needed?
The EU AI Act comes into force step by step from 2025. The assessment helps you identify compliance gaps early — before requirements become binding.
A risk-based action list shows which areas to address first — for efficient use of resources.
Assessments, comments, and evidence in one place — as a basis for internal reviews, AI officers, management, and external audits.
AI governance is not a one-time project. Versioned assessments track progress over time and document continuous improvement.
102 control questions across 10 domains — structured, evaluable, and repeatable. The assessment delivers instant visual results, a prioritized action list, and exportable evidence documentation.
The first EU AI Act obligations are already binding. The SCMC AI Governance Check shows you structured and clearly where you stand and what you need to do now — directly online, without external consultants.
The assessment is based on ISO/IEC 42001:2023 (the first international AI management system standard), the EU AI Act, and NIST AI RMF 1.0. The control questions cover technical, organizational, and procedural requirements.
The assessment is designed for organizations that develop, procure, or deploy AI systems — particularly those within the scope of the EU AI Act or pursuing ISO/IEC 42001 certification. Also relevant for AI officers, CISOs, compliance managers, and risk managers.
The assessment contains 102 control questions across 10 domains and 35 sub-domains: AI Governance & Policy, AI Risk Management, Data Governance, Technical Guardrails, Monitoring & Logging, Secure AI Environment, AI Lifecycle & Change, General Purpose AI (GPAI), Deployer Obligations, and Competence & Culture.
The EU AI Act enters into force in phases from 2025 to 2027. The assessment covers deployer obligations (domain 9), transparency and labeling requirements (domain 4), human oversight, and monitoring requirements — each with concrete control questions and action recommendations.
Yes. The assessment covers the core requirements of ISO/IEC 42001:2023 and delivers a documented baseline with gap analysis — as a solid foundation for a certification process or internal AIMS audit.
It depends on the organization's maturity and documentation status. The assessment can be completed step-by-step and distributed across multiple team members — progress is always saved.
You receive a maturity overview per domain (0–4), a gap list with prioritized action items, and exportable evidence documentation — as a basis for internal improvements, management reporting, and external audits.
