IT in Manufacturing


ISO 42001 helps organisations prepare for the realities of AI governance

July 2026 IT in Manufacturing

Artificial intelligence is already embedded in many business environments through public tools like ChatGPT and through AI functionality built into existing software platforms. While adoption is accelerating, governance and regulation are still catching up. This is creating growing pressure on organisations to understand how AI is being used, what risks it introduces, and how those risks should be managed. ISO 42001 addresses this gap by providing a structured framework for AI governance, helping organisations assess risk, define responsibility, and manage AI use in a controlled and accountable way. As international regulation evolves and clients place more scrutiny on AI usage, a proactive approach puts businesses in a stronger position than those that wait for legislation to force change.


Ryan Boyes, senior security administrator officer at Galix.

A practical reality, not a future concern

Although South Africa does not yet have standalone AI legislation, regulation is already developing internationally. The European Union’s AI Act is one example, and similar frameworks are expected to emerge in other regions over time. In practice, this means a South African firm that processes EU residents’ data through a logistics platform, a financial services portal or even a cloud-based HR system, could already fall within scope of the EU AI Act’s requirements.

For South African organisations, this is important regardless of whether local legislation arrives. AI systems and data flows are not limited by geography, and businesses may already be using international AI platforms, working with overseas clients, or processing information across jurisdictions. As regulatory requirements develop, organisations will increasingly be expected to demonstrate how AI is governed and how associated risks are being managed.ISO 42001 provides a way to address this before legislation becomes mandatory.

Like ISO 27001 and ISO 27701, it provides a recognised framework that organisations can align to and eventually certify against. This allows businesses to establish governance structures early, rather than having to retrofit controls later under commercial or regulatory pressure.

Understanding impact before implementing AI

One of the central requirements of ISO 42001 is the concept of an AI impact assessment. This involves understanding how AI systems could affect the organisation, its employees, its customers and the wider operating environment before implementation takes place.

In some cases, this may involve data privacy or security concerns. In others, it may relate to operational impact, job displacement, skills shortages or the use of external AI providers. The objective is not to block AI, but to ensure organisations understand what they are introducing before they introduce it. A manufacturing company deploying an AI quality control system, for instance, should consider not only whether the technology works, but whether it introduces bias in decisions, what happens when it fails, and which employees need retraining as a result. This is particularly relevant in the South African context where organisations may face skills shortages while simultaneously adopting increasingly complex AI technologies.

Businesses also need to understand where AI systems are hosted, what information is being shared with them, and whether employees are using approved tools or public platforms that are not managed by the business. Without this visibility, organisations may only identify problems after a data breach, operational issue or a compliance failure has already occurred.

Visibility and control are essential

Most organisations already have employees using AI tools in some form, whether for document generation, analysis, customer interaction or administrative tasks. The challenge is that this often happens without formal governance or visibility.

One common risk this introduces is employees using public AI platforms without understanding how organisational information is being handled. Consider a consultant who pastes a confidential client proposal into ChatGPT to improve the wording, or a finance team member who uploads a budget spreadsheet to get an AI-generated summary. Confidential reports, client information or internal assessments may be uploaded into external AI systems without clear controls over where that information is stored or how it is used.

Without this visibility, organisations may only identify risks after a breach, governance issue or operational failure has already occurred. This is why AI governance cannot be treated separately from information security and privacy management. If organisations do not understand what information is being processed through AI systems and how that information is protected, they cannot effectively manage the associated risks.

ISO 42001 addresses this by requiring organisations to identify what AI systems are being used, define how they are approved and managed, and assess the risks linked to their use. This aligns closely with the security, privacy and information management controls already covered by ISO 27001 and ISO 27701. As a result, for organisations that already have ISO 27001 and ISO 27701 in place, ISO 42001 becomes significantly easier to implement because many of the foundational governance structures already exist. Security management, information classification and privacy controls can then be extended to include AI-specific governance and impact assessments.

Preparing now instead of catching up later

Regulatory requirements around AI are likely to increase over the next few years, particularly as governments and international regulators place more emphasis on accountability, transparency and data governance. At the same time, clients and partners are beginning to ask more questions about how organisations use AI and what controls are in place.

ISO 42001 provides organisations with a structured way to manage AI use. It helps businesses understand how AI is being used, identify risks early, and put governance structures in place before regulation or commercial pressures force a reactive scramble.

Like ISO 27001 and ISO 27701, ISO 42001 involves more than certification; it is about creating governance processes that can be applied consistently and maintained over time. Working with cybersecurity and compliance specialists can help organisations interpret the framework in the context of their business, identify gaps and implement controls that support both operational and compliance requirements.

For more information contact Ryan Boyes, Galix, +27 11 472 7157, [email protected], www.galix.com




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Africa on the edge of a digital future
Schneider Electric South Africa IT in Manufacturing
Edge computing promises lower latency, stronger reliability and real-time responsiveness across Africa, yet its rollout keeps colliding with one stubborn obstacle, power. Steven Santini explores how renewable microgrids, smart energy management and the right partnerships could turn the continent’s energy gap into its biggest edge opportunity.

Read more...
3D electrical systems design workflow for electromechanical innovation
Siemens South Africa Fieldbus & Industrial Networking IT in Manufacturing
Siemens has announced new 3D electrical design capabilities within its Capital software, enabling electrical and mechanical engineers to work concurrently in a shared 3D environment to reduce late-stage design changes and accelerate time to market for complex electromechanical products.

Read more...
Optimising energy reliability for African manufacturing
Electrical Power & Protection IT in Manufacturing
Unreliable power can cost African manufacturers as much as 31% in sales. Behind-the-meter power offers manufacturers in sub-Saharan Africa control, visibility and resilience in their energy provisioning.

Read more...
The digital twin advantage for infrastructure development
Schneider Electric South Africa IT in Manufacturing
Schneider Electric’s Johan Potgieter explains how digital twin technology and virtual commissioning can reduce the cost and risk of large infrastructure projects.

Read more...
Haddy scales AI-enabled adaptive microfactories with Siemens Xcelerator
IT in Manufacturing
Additive manufacturing company Haddy has deployed the Siemens Xcelerator platform across its network of AI-enabled microfactories, connecting design, planning and robotic production through a consistent digital thread to support local, circular manufacturing at scale.

Read more...
Vertiv Rack Extreme targets high-density data centre deployments
IT in Manufacturing
Vertiv has announced the Vertiv Rack Extreme, a next-generation rack platform designed for high-performance computing and artificial intelligence applications.

Read more...
Real-time monitoring and predictive maintenance in African data centres
ACTOM Electrical Machines IT in Manufacturing
Running a data centre in Africa brings many challenges. Traditional maintenance strategies struggle to keep up with these realities. Predictive maintenance offers a different approach.

Read more...
Yokogawa digital plant to accelerate green hydrogen revolution
Yokogawa South Africa Editor's Choice Electrical Power & Protection IT in Manufacturing
Yokogawa explains how a digital plant approach and autonomous operations can integrate the full green hydrogen value chain, from renewable power generation to end-use applications, and why digitalisation and system integration are central to making green hydrogen viable in South Africa.

Read more...
How integrated EMS platforms are redefining risk management in mining
Adroit Technologies IT in Manufacturing
As mining operations become deeper, more mechanised and increasingly data-driven, the role of technology in safeguarding workers has never been more critical. For Adroit Technologies, this shift has driven the evolution of its environmental management and safety system into a fully integrated, enterprise-level platform that supports both real-time safety and long-term occupational health.

Read more...
South Africa’s AI push is running ahead of its digital foundations
IT in Manufacturing
Enterprises across South Africa are pouring money into AI, yet business performance is not keeping pace. Kgomotso Lebele of Accenture argues that the real problem is not the AI itself, but the ageing foundations beneath it, and that fixing this requires a different kind of leadership discipline.

Read more...









While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd | All Rights Reserved