There are a lot of people writing about AI governance who have never signed off on a quality manual. I’m going to try to write something different: a practitioner’s view, from inside an organisation certified to ISO 9001, that also ran a production AI Factory.
The premise is simple. Most AI-governance content treats governance as a brand-new, greenfield discipline. For the majority of regulated enterprises, it isn’t. You already have a quality management system (QMS). You already have document control, change control, non-conformance reporting, internal audit, management review, and corrective/preventive action. You already have the bones of everything AI governance needs.
The question isn’t whether to build governance from scratch. It’s what to reuse, what to extend, and what to add new so that your AI programme can run under an existing QMS rather than around it.
Why ISO 9001 is the right chassis
Three reasons.
First, it’s already in the business. ISO 9001 is the most widely adopted management-system standard in the world, more than a million certificates across ~190 countries. If you’re in manufacturing, engineering, construction, logistics, regulated services, public sector, or increasingly tech, you probably already operate under one. The auditors, the cadence, the document structure, and the escalation routes already exist. Fighting them is a waste of the momentum you already have.
Second, its core concepts map cleanly onto AI. ISO 9001’s process approach (clauses 4 and 8), document control (7.5), competence (7.2), operational control (8.1), nonconformity and corrective action (10), and management review (9.3) translate almost one-to-one to what you need for AI: process map → agent inventory; document control → prompt/flow versioning; competence → model-tuning and prompt-engineering proficiency; operational control → runtime guardrails; nonconformity → incident handling; management review → the AI steering group.
Third, it is explicitly complementary to ISO 42001, the AI-specific management-system standard published in December 2023. ISO 42001 was designed to layer on top of 9001, not replace it. If you’re already 9001-certified, extending to 42001 is incremental; if you’re starting from zero, attempting 42001 cold is substantially harder.
Any AI governance narrative that ignores your existing QMS is adding work instead of reducing it.
What the regulators actually demand (as of April 2026)
Two anchors.
EU AI Act
Phased enforcement. Prohibited-practices provisions have been in force since 2 February 2025. GPAI model-provider obligations began 2 August 2025. The full high-risk system obligations activate on 2 August 2026 for systems placed on the market after that date, with the full application of the Act on 2 August 2027. Penalties sit at up to €35 million or 7% of global turnover, whichever is higher.
The Act classifies systems into four tiers: prohibited, high-risk, limited-risk, minimal-risk. For a typical enterprise AI programme, the practical question is: do any of your deployed agents fall into the high-risk category? If the answer is yes, even for a single agent, the entire governance scaffolding needs to meet the Act’s requirements for that agent. There is no partial compliance.
NIST AI Risk Management Framework (AI RMF)
Voluntary, but increasingly used as the de-facto baseline in the United States and in cross-border vendor contracts. Four functions: Govern, Map, Measure, Manage. ISO 9001 already provides most of the Govern and Manage machinery; the AI RMF adds discipline around Map (context, capabilities, risks) and Measure (quantified risk assessment and monitoring).
Australian context
AU’s Voluntary AI Safety Standard (published Sept 2024) gives ten guardrails that align closely with ISO 42001 and the AI RMF. For AU organisations, alignment with ISO 9001 + ISO 42001 + the NIST AI RMF puts you in a strong position regardless of which regulatory line Australia eventually hardens.
A practitioner’s governance framework
Seven controls. Each maps to a clause you likely already have, plus the specific AI extension it needs.
1. AI inventory and classification
ISO 9001 anchor: clause 4.4 (the QMS and its processes), extended with ISO 42001’s AI system lifecycle.
Every agent, every model in use, every RAG index, every MCP server. For each: purpose, owner, data sources, risk tier (EU AI Act classification), deployment environment, dependencies, last review date.
This is the same register you already maintain for business-critical processes, with AI-specific fields added. Keep it in whatever tool holds your existing process map, not in a new shiny AI dashboard.
2. Change control for prompts, flows, and models
ISO 9001 anchor: clause 7.5 (documented information), 8.1 (operational planning and control), 8.5.6 (control of changes).
Prompts, agent flows, and model configurations are controlled documents. Version them in git. Any change above a defined threshold (anything touching outputs for a high-risk agent, for example) goes through the same change-advisory-board your IT changes already go through. You’re not inventing a new process. You’re extending an existing one.
3. Competence and training
ISO 9001 anchor: clause 7.2 (competence), 7.3 (awareness).
Who is authorised to build, modify, and approve AI agents? What’s their competence baseline? What’s the refresher cadence as models change? Role-based, documented, evidenced at audit. Add an AI-specific section to your existing competence matrix.
4. Operational controls (human-in-the-loop and bounded autonomy)
ISO 9001 anchor: clause 8.1 (operational planning and control), 8.5 (production and service provision).
For every agent, document:
- Boundary of autonomy: what it can do unsupervised, what requires approval.
- Human-in-the-loop trigger conditions: confidence thresholds, risk thresholds, exception categories.
- Fallback behaviour: what happens when the agent is uncertain or a dependency is down.
- Kill switch: who can stop it, how fast, what state it leaves behind.
This is equivalent to the process controls you already document for any safety-sensitive or quality-sensitive operation. It’s just written for an agent instead of a machine or a procedure.
5. Monitoring, measurement, and evaluation
ISO 9001 anchor: clause 9.1 (monitoring, measurement, analysis, evaluation).
Agent-specific metrics: hit rate, faithfulness, context precision, drift, cost per run, error rate, human-override rate. Published to the same dashboards your KPIs already live in. Reviewed at the same cadence.
The difference from traditional QMS monitoring is the drift dimension. Models don’t degrade linearly; they can shift behaviour after an upstream update. Your measurement system needs to detect drift, not just log outcomes. Evaluation harnesses and golden test sets are the mechanism.
6. Incident handling and corrective action
ISO 9001 anchor: clause 10.2 (nonconformity and corrective action).
When an agent produces a bad output, that’s a non-conformance. Log it, root-cause it, issue corrective action, close it, review at management review. Same machinery you already run for quality escapes.
Add one AI-specific step: preserve the full context of the incident (prompt, retrieved context, model version, full trace) so post-mortem is meaningful. Observability infrastructure is the enabler; without it, root-cause on an LLM failure is speculation.
7. Management review
ISO 9001 anchor: clause 9.3 (management review).
Your AI steering group is the existing management-review forum extended with an AI portfolio view: agent performance, incident trends, risk-tier changes, budget against ROI, compliance status against the EU AI Act schedule, changes in the regulatory landscape.
Quarterly cadence works for most organisations. Monthly if you’re in a heavy rollout phase.
What the paperwork looks like
If you already have a QMS, you already have the document architecture. You’re adding:
- AI Policy (top-level, ~2–4 pages). The organisation’s position on AI use, aligned to corporate values and regulatory posture. Board-approved.
- AI Procedure (operational, ~10–20 pages). How AI systems are proposed, built, reviewed, deployed, monitored, retired. The core of your ISO 42001 case if you ever go for certification.
- AI Work Instructions (per-agent, varies). The specific operational controls for each deployed agent: inputs, outputs, thresholds, escalation paths, owner, review cadence.
- AI Register (live, evergreen). The inventory described in Control 1.
- AI Risk Assessment Template (reusable). EU AI Act classification, data flows, mitigations, residual risk score. Completed for every new agent before production sign-off.
Five artefacts. Some organisations bloat this to twenty. They then can’t maintain twenty, and the governance model collapses under its own weight. Five is the minimum and, in my experience, the maximum that survives contact with operations.
What I’ve learned from running this in practice
Three observations from four years of running a real AI Factory under a real 9001 QMS.
Governance done well accelerates velocity. I cannot stress this enough. The programmes I see stalling have not been slowed by their governance; they’ve been blocked by its absence. When legal, risk, and compliance are in the room from day zero, they become enablers, not bottlenecks. They write the boundaries; the team builds inside them; the business accepts the output. When they aren’t in the room, every production release becomes a negotiation.
Reuse the QMS muscle. You already have people who know how to run document control, change control, internal audit, corrective action. They’re probably in your Quality function, not your IT function. Get them involved early. They’ll add more to AI governance than any specialist consultant will.
ISO 42001 is worth the jump if you’re already 9001-certified. The incremental effort is real but manageable (roughly 3–6 months for a mid-sized enterprise). The commercial advantage in procurement conversations is significant, especially in regulated industries and in EU-adjacent deals where the Act is live.
Where this matters most
If you’re a CIO or CAIO in a regulated, ISO-certified enterprise, your AI governance story is not “build a new framework”. It’s “extend the one we’ve already been audited against for a decade”. That is a much shorter path, and a much more defensible one under EU AI Act scrutiny.
If you’re in an organisation that doesn’t have a QMS, the AI programme becomes the reason to build one. Start with an AI-specific management system aligned to ISO 42001, and let it be the seed for broader operational discipline.
Either way, the governance model is not the enemy of speed. It’s what makes speed safe.
If you want an operator’s read on how your existing QMS maps onto an AI programme under the EU AI Act, book a discovery call. Or see how we built this on top of ISO 9001 at the AI Factory case study.