Actualités
Derniers communiqués de presse de Suprema
ISO/IEC 42001 Certification FAQ: Understanding Suprema's AI Management System (AIMS) and Regulatory Alignment
July 15, 2026

This FAQ explains the core concepts of ISO/IEC 42001 and the meaning of Suprema’s certification in relation to AI applied to biometric authentication for access control in Suprema’s solutions.

Q1. What is ISO/IEC 42001 certification?
ISO/IEC 42001 is an international standard for AI Management Systems (AIMS), jointly developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides requirements and guidance for organizations to establish, implement, maintain, and continually improve their AI governance framework, and comprehensively evaluates an organization's AI-related policies, accountability structures, risk controls, and management oversight. Certification requires an independent audit by an accredited certification body to confirm that an organization's AIMS conforms to the standard's requirements.

Q2. What is AIMS, and how does it relate to ISO/IEC 42001?
AIMS stands for Artificial Intelligence Management System, a management framework through which an organization establishes, operates, and continually improves the policies, objectives, processes, and controls needed to develop, provide, and use AI systems responsibly. ISO/IEC 42001 is the international standard that defines the requirements for establishing, implementing, maintaining, and continually improving an AIMS within an organization.

Q3. Which of Suprema's products and solutions are covered by this certification?
This certification relates to AI applied within Suprema’s access control solutions in the context of biometric authentication for access control, specifically fingerprint and facial authentication, and the related hardware and software that process this data.

The relevant product lines include

ㆍ BioStation series
a face and fingerprint-based access control solution, where AI is applied to improving the accuracy and processing speed of fingerprint and facial authentication.

ㆍ BioEntry series
an entry-level face and fingerprint-based access control terminal, where AI is likewise applied to improving the accuracy and processing speed of fingerprint and facial authentication.

ㆍ BioStar platform
where biometric authentication data from BioStation and BioEntry devices is processed to support access control.

Suprema obtained ISO/IEC 42001 certification as an AI Producer within this defined scope. It is important to note that ISO/IEC 42001 is not a performance certification for individual devices. It is a certification of the management framework governing how AI within this scope is operated and controlled across these products. Also, operational authority in all cases remains with the human operators and the deploying organization.

Q4. What is the EU AI Act?
The EU AI Act is a regulatory framework established by the European Union that classifies AI systems by risk level and imposes obligations accordingly. It applies stricter requirements to certain use cases with implications for fundamental rights and safety, including biometric identification, remote biometric identification, and emotion recognition.

Q5. How does ISO/IEC 42001 certification relate to regulations such as the EU AI Act?
ISO/IEC 42001 certification does not guarantee compliance with any specific regulation. However, in regulatory environments such as the EU AI Act which require organizations to define the purpose, risk profile, operational accountability, and control structure of their AI systems, the certification can serve as evidence that an organization has an internal management system in place to support such compliance efforts.

Q6. What does this certification mean in practical terms for customers and partners?
For customers and partners, this means that evaluating Suprema’s AI capabilities can include operating principles, accountability structures, and the level of compliance readiness within the defined scope of AI used for fingerprint and facial authentication. Organizations planning to deploy Suprema’s access control systems can review Suprema’s AI usage principles, accountability structures, data handling standards, and risk management processes as part of formal procurement due diligence, before any device is put into service. As AI governance review becomes standard practice in regulated industries and public sector procurement, Suprema can substantiate its credibility through independent certification rather than self-reported assurances.

Q7. How does ISO/IEC 42001 relate to Suprema's existing security certifications?
Suprema has maintained ISO/IEC 27001 certification for information security management and ISO/IEC 27701 certification for privacy information management. The addition of ISO/IEC 42001 brings an AI governance and operational control dimension to this framework, helping connect security, privacy, and AI management in a more integrated way. As a result, customers conducting vendor evaluations can review information security, privacy protection, and AI operations together from a connected governance perspective, rather than considering each certification in isolation.

Q8. Does ISO/IEC 42001 certification alone guarantee regulatory compliance?
No. ISO/IEC 42001 is an international standard for AI management systems that verifies an organization's internal management framework and control structure for operating AI responsibly. It does not automatically guarantee compliance with AI-related laws in any specific country or region, such as the EU AI Act or domestic personal data protection legislation each of which requires separate legal review and technical/organizational measures tailored to its specific requirements. However, having an established internal AIMS provides an important foundation for systematically conducting regulation-specific gap analyses and improvement activities.

Q9. Does ISO/IEC 42001 apply to all future AI use cases at Suprema?
No. The certification applies to AI used within the defined scope described above. Any AI operating outside this scope is not covered by the current certificate, and Suprema informs customers and partners accordingly.
 

Que pouvons-nous faire
pour vous ?

Veuillez remplir le formulaire ci-dessous et nous reviendrons vers vous sous peu.

Si vous recherchez un support technique, veuillez cliquer sur le bouton ci-dessous.

Support Techniquechevron_right
Votre adresse e-mail *
Nom et prénom *
Pays *
Société *
Téléphone *
Valider

Merci.

Votre demande a bien été envoyée.

Nous vous répondrons sous peu.

Votre e-mail : partner@gmail.com