Even before regulators could decide how to govern AI, India’s IT services companies have started rewriting their own rulebooks.
At Mphasis, that rewrite concretised with the recent ISO/IEC 42001:2023 certification it was presented with, a first-of-its-kind international standard for AI management systems (AIMS) designed to ensure that organisations build, deploy, and monitor AI responsibly.
The standard provides an auditable framework for governing risks such as bias, data integrity, model drift, and ethical compliance, making it increasingly essential for enterprises in regulated or large-scale AI environments.
Mphasis told AIM the framework is being “embedded directly into our AI development and deployment processes within Mphasis.ai,” creating uniform governance across the full lifecycle.
Every AI project now incorporates “mandatory steps for risk assessment, bias mitigation, transparency documentation, and compliance with ethical guidelines,” making responsible AI a non-negotiable part of delivery. The company has restructured governance accordingly, establishing an AI Risk Management Committee and formal accountability for AI system owners.
Documentation requirements have been tightened; fairness checks, data validation, and systematic monitoring are now required at each stage. This aligns with the ISO’s continuous improvement loop, which Mphasis describes as embedding “the ISO’s ‘Plan-Do-Check-Act’ approach into our existing engineering culture.”
It expects measurable gains, saying the certification “strengthens our competitive positioning and helps reduce project risk”, while enabling faster time-to-value and smoother entry into regulated markets.
With 68% of new deals now AI-led, Mphasis says scalability is ensured by NeoIP, where Ontosphere applies governance automatically so responsible AI becomes “a scalable, self-sustaining capability.”
The Big Picture
The broader industry is moving in the same direction. Infosys, Cognizant, and other Indian IT providers have begun adopting ISO/IEC 42001 to meet rising expectations from global clients navigating tightening AI regulations.
NABCB, India’s national accreditation body, has played a pivotal role in operationalising ISO/IEC 42001 by becoming one of the earliest global bodies to approve accreditation schemes for the new AI management standard.
Its framework, launched in 2024, enables Indian certification bodies to conduct ISO 42001 audits under internationally recognised conformity norms.
This has effectively allowed Indian IT and enterprise organisations to be among the first globally to obtain certifiable, regulator-ready AI governance credentials.
Infosys’ executive vice-president Balakrishna DR said the certification not only distinguishes the company but “serves as a guiding beacon” for clients managing AI-related risks.
Cognizant CEO Ravi Kumar S said the standard reflects how businesses now expect partners who drive innovation while aligning with their values, adding that the certification “solidifies our role as a trusted leader in enabling ethical and sustainable digital transformation worldwide.”
As enterprises demand auditable controls around bias, transparency, and accountability, ISO 42001 is rapidly emerging as the AI-era equivalent of ISO 27001 for information security.
Mphasis reflects this sentiment, noting that the standard “is poised to become the global benchmark for AI governance,” evolving into a baseline qualification for IT service providers worldwide.
Reto P Grubenmann, director, head of certification & attestation, KPMG Switzerland, noted that ISO/IEC 42001:2023 verifies that a company’s AIMS meets international standards, offering long-term strategic and operational value.
EY similarly wrote that the standard “was crafted to tackle the concerns and obstacles associated with the conscientious deployment of AI technologies,” emphasising controls around security, fairness, transparency, safety, and data quality throughout the AI lifecycle.
EY also draws parallels with ISO/IEC 27001, urging organisations already compliant with it to integrate ISO 42001 to streamline governance and risk oversight.
What once served as a differentiator is now becoming a minimum qualification for companies handling mission-critical AI workloads, marking a decisive shift in how India’s IT sector builds, deploys, and assures AI systems.
As companies deepen their AI capabilities, many are expanding their broader compliance stack to reinforce trust. Certifications such as ISO 27001 for security, ISO 27701 for privacy, ISO 9001 for quality and SOC 2 for service reliability continue to anchor enterprise expectations, while sector-specific frameworks like PCI DSS and HIPAA apply where financial or health data is involved.
The post Indian IT Firms Rush to Adopt ISO 42001 as AI Enters Accountability Era appeared first on Analytics India Magazine.
