A Look at Responsible AI Management

In August, Autodesk received ISO 42001 certification, commonly known as the responsible AI management standard. According to the International Standard Organization (ISO), ISO 42001 recognizes the “establishing, implementing, maintaining, and continually improving an 
AI management system.” 

According to a document from Stanford University Human-Centered Artificial Intelligence, “Artificial Intelligence Index Report 2025” (Chapter 4: Economy, Njenga Kariuki), “Private investment in generative AI reached $33.9 billion in 2024, up 18.7% from 2023 and over 8.5 times higher than 2022 levels … U.S. private AI investment hit $109.1 billion in 2024, nearly 12 times higher than China’s $9.3 billion and 24 times the U.K.’s $4.5 billion.”

ISO 42001 is a relatively new standard, published in 2023. This explains why, despite an explosion of AI solution providers, very few have received the label of assurance. With this certification, Autodesk joins the short list that includes Amazon Web Services, Google, Microsoft, and Infosys. 

In his newsletter, “Doing AI Governance,” James Kavanagh, founder and CEO of AI Career Pro, noted, “If less than 0.01% of AI companies are presently able to independently demonstrate the suitability of their Responsible AI practices, then we clearly have some real work to do” (“Why are so few companies ISO42001 certified?,” January 16, 2025).

In this article, we look at what Autodesk did specifically that led to the certification, and how others view the certification. 

Steps for Responsible AI Management

After receiving the certification, Autodesk published a blog post touting its AI management. The blog stated, “The standard requires rigorous controls across risk management, accountability structures, and lifecycle oversight from design to deployment. It also mandates continuous monitoring and improvement of AI systems.”

More details came from Sebastian Goodwin, Autodesk’s chief trust officer who oversees the company’s global strategy on security, privacy, trusted AI, and resilience. “We monitor several key aspects of our AI systems to ensure they meet both performance and governance standards,” he says. “For example, we track the output acceptance rate—measuring whether users accept or reject AI-generated outputs. This is critical for determining if a model is delivering value or needs refinement.”

The company, he adds, also continuously reviews changes in model behavior and assesses the quality and integrity of the dataset to make sure it hasn’t become outdated. Furthermore, it also closely tracks R&D projects for AI features. 

“Teams working on AI projects must register their project before they can enter the development environments and access data. Each AI feature or project is assigned a dedicated owner responsible for ensuring compliance with our Trusted AI standards and our ISO-certified body of governance. Our Trusted AI team validates whether project teams adhered to those standards,” says Goodwin.

ISO 42001 promotes, among other things, human-in-the-loop governance and avoids unintended biases. “Humans play a central role in our AI review loop. In our current features, users are required to review and explicitly accept AI-generated outputs before they are adopted, meaning that users retain final authority,” says Goodwin. 

He explains Autodesk’s efforts to identify and distinguish intended and unintended bias in the models. “For example, optimization is a form of intentional bias aimed at improving outcomes, such as optimizing sustainability. In contrast, when we detect unintended biases—like parroting or linguistic bias—we implement mitigation controls such as prompt templates, guardrails, and human-in-the-loop reviews,” says Goodwin. 

NVIDIA offers its own Halos certification. Image courtesy of NVIDIA.

Cloud and AI

Onshape, part of PTC, stands apart as a CAD software built from the ground up to run in the cloud from a browser. Many mainstream CAD software products such as SOLIDWORKS, Autodesk Inventor, Siemens NX, and PTC Creo, originated on the desktop, but the move to the cloud is now gaining traction. 

Jon Hirschtick, co-founder of Onshape and chief evangelist at PTC, reveals ISO 42001 is not a top priority for his customers. However, “certifications like SOC-2, ITAR, EAR, FedRAMP, are often on their minds, and we support most of them,” he says.

Hirschtick says Onshape’s approach to AI “is grounded in PTC’s responsible AI policies, which center on transparency and follow the NIST [National Institute of Standards and Technology] Principles of Explainable AI, ensuring we understand how AI is used, what data it processes, and where it operates within our products.”

Autodesk CEO Andrew Anagnost discusses the company’s plans for AI. Image courtesy of Autodesk.

The pillars of its approach are: 

• Data Isolation
• Transparency & Control
• Safety and Reliability
• Security-First Architecture

“Customer data remains private and completely isolated, never used to train AI models. Your intellectual property stays within your secure environment,” says Hirschtick. “We ensure AI capabilities are explainable and keep users in full control. Whether through features like AI Advisor or future innovations, users always understand how AI recommendations are generated and retain complete authority over their actions.”

Safety and reliability measures include exhaustive testing, risk assessment, and safeguards to prevent unintended bias, he added. Furthermore, SOC 2 Type II certification, end-to-end encryption, multi-factor authentication, granular access controls, and comprehensive audit trails shore up Onshape’s AI features.

“It will be important for people to be able to determine exactly what AI did in a design, much like it’s important to determine which human did something. This is another big Onshape advantage here, as I believe we are the only CAD/PDM system that fully tracks all collaborative edits by user. Thus any future AI-driven edits can be easily seen, not buried into a version of a file,” he says.

NVIDIA and AI Safety

There is currently no public record of the AI chip giant NVIDIA seeking ISO 42001. However, the company has its own NVIDIA Halos Certification program, described as “the industry’s first program dedicated to tuning and optimizing safety in physical AI deployments, including autonomous vehicles (AVs) and robotics.”

A Halos-certified product “undergoes thorough evaluation to ensure compliance with the most stringent standards—significantly reducing risks in AI deployments,” and “[meets] demanding safety and security criteria through an efficient and optimized implementation,” the company explains. The NVIDIA Halos AI Systems Inspection Lab is accredited for ISO/IEC 17020 by ANSI National Accreditation Board (ANAB). Lab members include Sony, Advantech, Boston Dynamics, and Aumovia. Halos-certified products are mostly NVIDIA’s own software and hardware stacks, and those from its partners.