Dublin-based Corlytics has become the first RegTech company to achieve ISO/IEC 42001 certification, positioning the firm among a select group of global technology companies certified to stringent international standards for AI governance.
ISO 42001 aligns closely with evolving regulatory frameworks such as the EU AI Act and the UK National AI Strategy. The standard includes the following core principles:Ethical and Responsible AI Deployment: The standard emphasizes aligning AI systems with ethical principles, human rights, and societal values. It advocates for fairness, non-discrimination, and respect for individual autonomy in AI applications.
Risk Management: ISO/IEC 42001 mandates a comprehensive risk management approach, requiring organizations to identify, assess, and mitigate risks associated with AI systems. This includes evaluating potential biases, security vulnerabilities, and unintended consequences throughout the AI lifecycle.
Transparency and Accountability: The standard requires organizations to maintain transparency in AI operations by documenting decision-making processes and ensuring that AI decisions are explainable and auditable. Accountability mechanisms must be in place to address any adverse outcomes resulting from AI system deployment.
Data Privacy and Security: Organizations must ensure that AI systems comply with applicable data protection laws and regulations, such as GDPR and CCPA. This involves safeguarding personal data and implementing robust security measures to protect AI systems from unauthorized access and threats.
Continuous Improvement and Monitoring: ISO/IEC 42001 promotes a culture of continuous improvement by requiring regular monitoring and evaluation of AI systems. Organizations should establish processes to assess AI performance, address deficiencies, and implement enhancements to maintain system effectiveness and compliance.
Stakeholder Engagement: The standard encourages involving stakeholders in the AI governance process to ensure that diverse perspectives are considered. Engaging stakeholders helps in identifying potential impacts, addressing concerns, and fostering trust in AI systems.
The certification was granted following a thorough, two-stage audit by cybersecurity compliance specialists A-LIGN, who reported no compliance issues. “We have been using AI from our inception and have always been led by a strategy of AI-by-design,” explained John Byrne, CEO and Founder of Corlytics. Byrne noted that this approach ensures the firm’s clients benefit from “robust and transparent AI solutions.” The company currently processes approximately 30 million pages of regulations annually and has established relationships with 40% of the world’s 30 largest banks.
The certification process included collaboration with Waystone Compliance Solutions. Conor Flynn, Managing Director at Waystone, recognized the significance of Corlytics’ achievement, stating, “ISO 42001 will quickly become a gold standard for organisations adopting AI, and Corlytics has demonstrated both the strategic foresight and operational discipline to lead from the front.”
The recent certification aligns with strategic shifts since Verdane acquired a majority stake in Corlytics last year. The company has expanded its governance frameworks across all its operations, embedding the new standards into every product and process. Corlytics expects further enhancements to its products and services later in the year.
Chief Data Officer Oisín Boydell noted, “This milestone reflects the years of investment Corlytics has made in building expert, ethical, intelligent AI.”
Responding to a question from RegTech Insight he continued, “We’ve had very positive feedback, particularly from risk and procurement teams in financial services, where due diligence processes are especially rigorous. These teams are deeply aware of the risks surrounding AI, and they care enormously about the reliability and trustworthiness of the systems they adopt. Our ISO/IEC 42001 certification gives them confidence, not just in the functionality of our AI, but in the governance behind it,” he says, emphasising that “This certification reassures clients that we’re building responsibly and aligning with regulatory expectations, not only from the EU AI Act but more broadly across global best practices. It’s not just Corlytics saying ‘we follow good governance,’ we have been independently audited and certified to that effect. That makes a real difference to customers who are under increasing pressure to demonstrate their own oversight of third-party AI systems.”Looking ahead to the updates hinted at for later this year, Boydell noted, “Our roadmap is tightly aligned with the full regulatory compliance lifecycle, from horizon scanning and regulatory change management to obligations, controls and policy alignment. We’re enhancing AI across all stages, guided by six core AI competencies that underpin our platform: classification, summarisation, extraction, rationalisation, mapping and creation.
“The opportunity lies in using AI to unify and streamline this lifecycle. But at the same time, AI is evolving fast – and that comes with risk. New vulnerabilities and unintended consequences are emerging all the time, often before they’re fully understood by the industry. That’s where our AI governance framework, including ISO/IEC 42001, gives us a real advantage. It lets us adapt quickly and responsibly, integrating new AI capabilities while maintaining structured oversight. For us, it’s about balancing innovation with accountability, delivering cutting-edge tools without compromising trust.”
Subscribe to our newsletter
