AI Ethics: Managing Risks and Impacts under ISO/IEC 42001:2023

Add to my library

H5035 V1 Article

AI Ethics: Managing Risks and Impacts under ISO/IEC 42001:2023

Author : Schallum PIERRE

Publication date: March 10, 2026 | Lire en français

Add to my library Add to my library

Logo Techniques de l'Ingenieur You do not have access to this resource.
Request your free trial access! Free trial

Already subscribed?

Overview

ABSTRACT

Operationalizing AI ethics is a major challenge for organizations. The Amazon, COMPAS and Obermeyer cases illustrate how AI systems can produce systemic discrimination despite the absence of malicious intent. This article proposes an operational framework for transforming ethical principles into concrete risk and impact management practices, based on the ISO/IEC 42001:2023 standard. We first show how this standard aligns with GDPR requirements in Europe and Law 25 in Quebec. We then detail the integration of risk and impact management at different stages of the AI systems lifecycle. Finally, we present operational tools (lifecycle × risks × controls matrix, indicators, organization) and a progressive roadmap for implementation. The illustration through an HR system case demonstrates the practical application of the framework.

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

  • Schallum PIERRE : Advisor on Responsible AI, Ethics, and Innovation at the Institute of Intelligence and Data at Laval University, member of the ISO/IEC JTC 1/SC 42 Artificial Intelligence committee, and co-founder of the non-profit organization Réseau d'expertise en éthique de données (REED)

 INTRODUCTION

The growing interest in the use of artificial intelligence is transforming industrial processes, public services, and various sectors such as healthcare and finance. Recommendation tools, predictive algorithms, anomaly detection systems, and generative models are becoming the building blocks of information systems. These applications create opportunities, but they also introduce new challenges that go beyond traditional IT risks: bias and discrimination, privacy violations, opaque decision-making, data dependency, and model-specific vulnerabilities.

Several high-profile cases have highlighted these new risks. In 2016, a ProPublica investigation into the COMPAS algorithm—used by U.S. courts to assess the risk of recidivism—revealed that African American defendants were twice as likely to be incorrectly classified as high-risk compared to white defendants . In 2018, Amazon abandoned an automated recruitment tool after discovering that it systematically penalized female applicants . In 2019, Obermeyer et al. demonstrated that a commercial health management algorithm, deployed on a large scale in the U.S. healthcare system, systematically underestimated the care needs of Black patients compared to white patients with similar health conditions . The algorithm used historical healthcare costs as an indicator of future care needs, which led to an underestimation of Black patients’ needs due to their lower initial access to care. This is not an isolated case: in 2020, an...

You do not have access to this resource.
Logo Techniques de l'Ingenieur

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource. Click here to request your free trial access!

Already subscribed?


KEYWORDS

artificial intelligence   |   GDPR   |   AI ethics   |   ISO/IEC 42001   |   AI risk management   |   Impact assessment   |   Law 25   |   Algorithmic bias   |   Responsible AI

Ongoing reading
AI Ethics: Managing Risks and Impacts under ISO/IEC 42001:2023

Article included in this offer

"Eco-design and sustainable innovation"

( 136 articles )

Complete knowledge base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

View offer details

Dans les ressources documentaires

IA Act - Approche méthodologique et cas d’application

Cet article traite du règlement européen relatif au système d'intelligence artificielle, l’IA Act. Ce règ...

Stress d’origine professionnelle

Parmi les différents risques dits psychosociaux, le stress d’origine professionnelle occupe une place par...

Gestion des talents - Le management des talents au service de l’innovation

Cet article explore la gestion des talents au service de l'innovation dans les entreprises. Il examine di...

Anonymisation des données, une nécessité à l’ère du RGPD

Le règlement général sur la protection des données (RGPD) définit des contraintes qui limitent, et parfoi...

Tous les livres blancs
Toutes les actualités
Contact us