Artificial intelligence is often portrayed as a disruptive force that standards and accreditation systems must urgently “catch up with.” In reality, within the ISO/CASCO⁽¹⁾ ecosystem, AI is neither uncharted nor ungoverned. It is already present, already anticipated, and already subject to well-established conformity assessment principles.

The ISO/CASCO framework has always been deliberately technology neutral. It regulates outcomes, responsibilities, competence, impartiality, and trust. This design choice has proven prescient. As AI-enabled tools enter certification, inspection, and scheme management, CASCO standards already provide a robust governance structure without needing to chase technological trends.

Recent revisions and drafts within the ISO/CASCO ISO/IEC 17000 series increasingly acknowledge the use of digital and automated tools, including artificial intelligence (AI)⁽²⁾⁽³⁾, within conformity assessment and accreditation activities. AI is considered critical whenever it affects any part of the selection, determination, review, decision, attestation, surveillance, or acceptance of results.

Standards such as ISO/IEC 17024 (personnel certification), ISO/IEC 17067 (certification schemes), and ISO/IEC 17020 (inspection bodies) now explicitly or implicitly address algorithm-supported processes, remote and automated evaluations, data-driven decision support, and technology-enabled conformity assessment functions.

Explicit AI governance in CASCO standards

The most direct and mature treatment of AI appears in ISO/IEC FDIS 17024:2025 for certification of persons. For the first time, CASCO explicitly defines artificial intelligence and permits its use (for example, in examination invigilation), while simultaneously imposing strict conditions. Where AI is used in any certification activity, the certification body must demonstrate control of impartiality risks (including AI related bias), ensure human oversight, validate AI-supported outcomes, demonstrate validity, reliability and fairness, ensure personnel competence, and disclose AI use where candidates interact with it. Responsibility remains unequivocally with the certification body, not with the algorithm.

In ISO/IEC DIS 17020:2025, AI is embedded within the long-standing concept of controlled inspection resources. AI appears as part of automated equipment, data processing, digital inspection, and non-standard methods. Inspection bodies are required to ensure suitability for use, validation and revalidation, data integrity and security, and to define which AI-generated data are acceptable as inspection evidence. AI is thus treated neither as autonomous decision-maker nor as exempt technology, but as a high-impact technical resource subject to the same rigor as any other inspection tool.

ISO/IEC DIS 17067:2025 addresses AI at the scheme level. Its focus is not on algorithms but on accountability. Where conformity assessment activities are performed exclusively through automated technologies or AI-based tools, the standard makes clear that responsibility does not disappear. Those who design, deploy, or operate such tools are considered to be indirectly performing conformity assessment activities. Scheme owners are expected to remain accountable and to be transparent in adopting automated technologies in order to maintain confidence in scheme outcomes.

Technology neutrality by design

The Harmonized Structure for Management System Standards (Annex SL, Appendix 2 – TMB Resolution 74/2025), ISO’s standard framework for all management system standards (MSS) to ensure they share a common, consistent structure, terminology, and definitions, contains no explicit reference to AI. This is not an omission. It is a design principle. Annex SL establishes a universal management-system backbone built on context, leadership, risk-based planning, competence, resources, operational control, performance evaluation, and improvement. AI governance naturally fits within these clauses as “technology,” “resource,” “risk,” and “change,” without the need to name AI explicitly. This ensures that management system standards remain stable, coherent, and adaptable as technologies evolve.

ISO’s own Guidance on the use of artificial intelligence for ISO committees reinforces the same philosophy. It emphasizes accountability, avoidance of bias, transparency, respect for privacy, and human responsibility when AI is used in standards development. Importantly, it distinguishes between the use of AI as a tool and the governance of AI within standards, confirming that AI governance in ISO deliverables is addressed through appropriate committees and frameworks, not through ad-hoc or reactionary rules.

Already governed, not under-regulated

Taken together, these documents demonstrate a clear reality, that AI is already governed within ISO/CASCO standards. Not through prescriptive software rules or algorithm certification, but through enforceable requirements on:

• responsibility and accountability,
• competence and human oversight,
• impartiality and fairness,
• validation and reliability of results,
• transparency and trust.

This approach avoids the pitfalls of technology-specific regulation while ensuring that the use of AI does not erode confidence in conformity assessment. In fact, ISO/IEC 17024 now stands as a reference model for AI governance across CASCO, showing how explicit AI clauses can be integrated without undermining the technology-neutral foundation of the standards.

Conclusion

Artificial intelligence is not a future challenge for Conformity Assessment as implemented through ISO/CASCO standards. It is a present reality that is already anticipated and governed. The CASCO framework demonstrates that effective AI governance does not require reinventing standards but rather applying timeless principles of conformity assessment to new tools. In this sense, AI within ISO/CASCO is simply another resource, already brought under control by a system designed to inspire trust.

__________________

1. ISO/CASCO is the International Organization for Standardization's (ISO) policy committee responsible for developing standards and guidelines for Conformity Assessment, ensuring products, processes, and systems meet specified requirements globally, creating confidence for trade and regulation.
2. Artificial Intelligence (AI) - research and development of mechanisms and applications of AI systems [engineered system that generates outputs such as content, forecasts, recommendations or decisions for a given set of human-defined objectives] – ISO/IEC 22989:2022.
3. Artificial Intelligence, AI, autonomous system that performs functions normally associated with human intelligence, such as reasoning, learning and self-improvement - ISO/IEC FDIS 17024:2025.

Table 1. Explicit AI references in the current drafts of ISO/IEC FDIS 17024:2025, ISO/IEC DIS 17020:2025 and ISO/IEC DIS 17067:2025.