ISO/IEC 42001:2023 and Indonesia’s Path Toward Responsible AI

Without clear governance, the adoption of artificial intelligence (AI) carries significant risks. ISO/IEC 42001:2023 is introduced as a framework that helps organizations ensure that AI systems are not only advanced, but also secure, ethical, transparent, and accountable.
Artificial intelligence (AI) is no longer a future technology but has become an integral part of various sectors today, ranging from digital banking services and e-commerce recommendation systems to decision-support systems in the healthcare and government sectors.

However, the more complex and autonomous the AI systems used, the greater the risks that emerge: algorithmic bias, lack of transparency, unpredictable social impacts, and privacy violations. Public trust and organizational legitimacy now heavily depend on how AI systems are designed, managed, and supervised.

The same applies to Indonesia, where the level of AI adoption continues to increase across various sectors. In the financial sector, for example, AI technology is used for service personalization, fraud detection, credit risk management, and interactive chatbots. Indonesia ranks 42nd out of 193 countries in the AI readiness index [1] published by Oxford Insights. This indicates that the use of AI will continue to grow in the future.

However, without an appropriate governance framework, AI adoption can become a double-edged sword. Reputational risks, legal violations, and social inequality resulting from AI may occur if there is no effective management system in place.

Addressing this need, ISO/IEC 42001:2023 serves as a systematic and measurable response to these challenges, not only to ensure compliance but also to drive competitive advantage. As the first international standard specifically governing Artificial Intelligence Management Systems (AIMS), this standard aims to help organizations manage the use of AI responsibly, ethically, and in accordance with applicable regulations.

ISO/IEC 42001:2023 Provides a Framework for Responsible AI Governance

ISO/IEC 42001:2023 is introduced as an international standard that provides a management system framework to ensure ethical and responsible AI governance. Through this standard, organizations are encouraged to design policies aligned with ethical principles while establishing structured processes for developing, implementing, managing, and improving AI systems.

Under this standard, organizations are required to assess the impact of deployed AI systems on individuals, society, and the environment, as well as to implement mitigation measures. Governance is further strengthened through the establishment of clear roles, responsibilities, and authorities in the use of AI.

Furthermore, this standard facilitates alignment in organizational management practices through the integration of AI controls with other management systems that may already be implemented by the organization, such as ISO 9001:2015, ISO/IEC 27001:2022, or ISO 31000:2018.

This standard also emphasizes globally recognized trustworthy AI principles, which include security, fairness, transparency, accountability, privacy, and human oversight of technology.

More Than a Checklist: Challenges for Organizations in Indonesia in Implementing ISO/IEC 42001:2023
To be truly effective as a guide for AI governance, the implementation of ISO/IEC 42001:2023 must not be interpreted merely as a “compliance checklist.” Beyond a list of technical obligations, this standard represents a framework for transforming organizational management and culture in managing AI technology responsibly, ethically, and sustainably.

To achieve this, preparation beyond written procedures is required. Leadership commitment is key to success, where top management must demonstrate commitment to AI governance by establishing policies, defining roles, and providing adequate resources. Furthermore, the human resources responsible for executing these policies and roles must possess sufficient competence and understanding. Development teams, implementers, users, and decision-makers must understand the ethical, legal, and technical principles of AI adoption and receive training to implement relevant policies and controls to mitigate potential risks.

With this approach, the AI governance framework embedded in this standard can be effectively implemented. AI risk and impact assessments can be conducted through the development of AI risk assessment processes to identify and evaluate potential risks of AI systems, as well as AI impact assessments on individuals, vulnerable groups, society, and the environment. Transparency must also be continuously maintained through comprehensive documentation covering the objectives and scope of AI systems; the data used and system training processes; AI models, evaluation metrics, and test results; as well as usage and oversight policies. Continuous improvement must also be carried out through the implementation of processes to monitor AI system performance and periodically audit the effectiveness of the AI management system.

In this regard, organizations in Indonesia face real challenges. Awareness of the important role of AI continues to increase, but many organizations remain focused on technology, resulting in the neglect of implementation processes and governance. National regulations mandating AI governance standards are not yet available, resulting in a lack of incentives to seriously implement this standard. In addition, the lack of internal competencies in AI ethics, risk, and compliance makes policies difficult to implement consistently.

The absence of a well-documented and auditable management system also presents a distinct challenge. Based on field experience, even organizations that have adopted advanced AI systems often lack adequate risk documentation, impact assessment mechanisms, or policies to control the use of AI models.

From Regulation to Human Resources: Pillars of Readiness Toward Responsible AI Governance

To achieve truly responsible AI implementation, Indonesia requires more than good intentions or the adoption of advanced technology. The implementation of ISO/IEC 42001:2023 requires a solid foundation supported not only by organizations but also by the national regulatory and governance ecosystem.

First, support from regulators is essential. Institutions such as Bank Indonesia (BI), the Financial Services Authority (OJK), the National Cyber and Crypto Agency (BSSN), and the Ministry of Communication and Digital Affairs (Komdigi) play an important role in encouraging the adoption of ISO/IEC 42001:2023 as a national best practice. They can accelerate organizational readiness by issuing guidelines for critical sectors such as finance, healthcare, and government, as well as providing regulatory sandboxes for testing high-risk AI systems.

Second, investment in human resource competencies is non-negotiable. Organizations need to build AI governance teams that combine multiple functions and perspectives from technical, legal, risk, and ethical domains. Ethical and controlled AI usage must be internalized as a cultural foundation embraced by all elements of the organization. In particular, training and certification for ISO/IEC 42001:2023 must be conducted to enhance understanding and expertise in implementing this standard.

Third, harmonization with existing frameworks will strengthen implementation effectiveness. The implementation of ISO/IEC 42001:2023 can be aligned with the NIST AI Risk Management Framework (RMF) for risk management and trustworthiness principles, COBIT 2019 for technology governance and IT assurance, as well as OJK AI guidelines for the banking sector.

Becoming a Pioneer of Responsible AI Governance

ISO/IEC 42001:2023 is not merely a standard, but a roadmap toward safe, fair, and accountable AI adoption. In an era where AI can determine business outcomes, corporate reputation, and even human rights, there is no alternative but to build accountable governance.

Organizations that begin taking action today will be better prepared to face audits, regulations, and public expectations. With the support of professional expertise, this process can become a transformation that not only reduces risk but also enhances stakeholder trust and strengthens competitiveness.

Referensi: 

[1] “Kerja Sama Internasional untuk Mendukung Pemanfaatan dan Pengembangan Artificial Intelligence (AI) di Indonesia,” Sekretariat Kabinet Republik Indonesia, 2024.

This article was published in our quarterly newsletter Valoka Vol. 7, 2025.