Compliance mapping
ISO/IEC 42001 oversight and logging for AI agents
ISO/IEC 42001 is the management-system standard for artificial intelligence. Two of its control themes are especially relevant to Cosignet evidence: human oversight of AI operations, and operational logging. This page maps Cosignet artifacts to those controls.
Scope. Cosignet provides verifiable approval evidence only; it does not determine legal applicability, certify compliance, replace regulated controls, or substitute for legal, compliance, or audit advice.
Framing: Cosignet is a control you can operate inside your AI management system. It is not an ISO/IEC 42001 certification, and it does not certify your organization. It provides evidence in support of your management system. Cosignet is not affiliated with, endorsed by, or certified by ISO or IEC.
Controls Cosignet supports
| ISO/IEC 42001 theme | What is expected | Cosignet artifact |
|---|---|---|
| Human oversight of AI operations | Defined points where a human authorizes or can halt an AI action | Fail-closed payload-bound approval gate; the AI action executes only on an explicit signed human approval |
| Quality of oversight | The overseer understands and controls the specific action | WYSIWYS: the exact action is re-hashed in the browser and confirmed against the signed fingerprint before the human decides |
| Operational logging and traceability | Records of AI operations that support monitoring and review | Append-only Merkle transparency log, Ed25519-signed tree head, Bitcoin anchor, and exportable evidence packs |
| Accountability and evidence | Demonstrable, non-repudiable records of decisions | Passkey-signed decisions bound to the exact action, independently verifiable without vendor trust |
Confirm the exact ISO/IEC 42001 clause and Annex A control references against the official standard with your certification body or advisor. The ISO text is licensed, so we map to themes here rather than quoting clause numbers.
Related reading
- EU AI Act: human oversight and logging under Articles 14 and 12.
- SOC 2: authorization, access, and monitoring controls.
- For auditors: verify a record end to end.
- All compliance mappings.
Operate human oversight as a real, evidenced control
Free to start, no credit card.
Informational, not legal advice. This page describes how Cosignet artifacts can support an ISO/IEC 42001 management system. Cosignet is not ISO/IEC 42001 certified and this is not an attestation. Confirm control mappings and clause references with your certification body or advisor.