Building trust and AI governance

AUTONOMOUS ROBOTS and AI-powered sorting systems are now being deployed to support materials handling and fulfilment in warehouses. Machine learning is used to optimise route planning, so that fuel consumption and transit times are minimised. Predictive maintenance is also being used to optimise fleet health and minimise downtime, while AI-driven demand forecasting ensures inventory levels remain efficient and flexible.

However, simply having systems that benefit from advanced AI features is not enough. Investors, customers and the supply chain are demanding that companies prove their AI systems are trustworthy, transparent and responsible. Procurement decisions are increasingly prioritising companies that can demonstrate robust AI governance and ethical practices. Organisations within the logistics sector must therefore treat AI trustworthiness and transparency as a strategic priority.

Trust by Design builds on the legacy of Secure by Design and Privacy by Design, expanding them to a broader mandate of trustworthiness. Whereas Secure by Design embedded cybersecurity from the start, and Privacy by Design mandated data protection by default, Trust by Design calls for governance and continuous assurance across the entire AI lifecycle. This proactively engineers trust into AI systems from day one, rather than retrofitting it later.

ISO/IEC 42001 provides a concrete framework to meet those challenges by defining requirements for establishing an effective AI governance programme. It guides organisations in managing the whole AI lifecycle and ensures responsible AI use that is aligned with emerging regulatory requirements. With an AI Management System (AIMS) certified according to the international standard ISO/IEC 42001, legal requirements can be better understood and implemented.

ISO/IEC 42001 provides a structured framework for establishing, implementing, maintaining and continuously improving an AI management system. Rather than prescribing specific technical solutions, it outlines what processes and controls need to be in place for responsible AI management. The companion standard ISO/IEC 42005 (Artificial intelligence (AI) – AI system impact assessment) helps organisations systematically evaluate, document and manage the potential benefits and risks of AI on individuals, groups and society across the entire lifecycle.

Key pillars of ISO/IEC 42001 include:

• Governance – Defining roles, responsibilities and AI ethics.
• Risk Management – Identifying AI-specific risks.
• Impact Assessment – Evaluating how the AI affects individuals, society and the environment.
• Transparency – Ensuring AI decisions are explainable.

This provides a holistic governance framework, ensuring that an organisation addresses all the key dimensions of trustworthy AI: ethical use, risk management, security/ privacy, transparency, human oversight and compliance. This set of requirements and certification by an accredited body externally validates an organisation’s commitment to trustworthy AI and adherence to international best practices.

Companies already familiar with implementing ISO standards will find a common high-level structure, including clauses on context, leadership, planning, support, operation, performance evaluation and continual improvement, allowing easy integration with existing corporate governance systems. These standards support flexible, needs-based integration into existing processes. However, organisations must establish concrete and effective measures for controlling and monitoring AI, not just during deployment but throughout the whole AI lifecycle. Otherwise, the AI management system remains a paper tiger – in theory it may look good, but in practice it has no effect.

The standard’s structure addresses AI technical controls, and the organisational processes and cultural elements required for trust. Its key components – governance, impact assessment, risk management, security, oversight, third-party management, incident handling and improvement – provide a multi-dimensional assurance framework. Implementing ISO/IEC extends beyond compliance, as by building trustworthiness into their AI systems and processes, companies can achieve strategic, financial and operational advantages.

Implementing Trust by Design goals with ISO/IEC 42001 should be approached as a clear sequence of steps, as a change programme involving people, processes and technology. The implementation pathway goes beyond achieving a certification tick-box, to embedding a sustainable capability for trustworthy AI. This will allow organisations to confidently pursue AI innovations.

Following this pathway, organisations create a virtuous cycle – leadership and stakeholders define trust goals; those goals translate into processes and controls; the controls are executed by teams; outcomes are monitored and fed back into improvements. However, ISO/IEC 42001 adoption does not need to happen all at once, as a phased approach can yield quick wins and lessons that inform a broader rollout. By aligning closely with Trust by Design principles, the standard enables companies to build trust by design in a systematic and certifiable way.