In December 2023, ISO 42001 was published as the first international standard for artificial intelligence management systems. Two years later, the landscape in Latin America offers concrete data on adoption, gaps, and opportunities worth examining carefully.
The context: why ISO 42001 is different
Unlike other ISO standards, 42001 was born amid global regulatory pressure. The EU AI Act, OECD guidelines, and local regulations in Brazil, Chile, and Argentina are converging on the same message: AI needs formal governance, not goodwill statements.
ISO 42001 is not just a compliance framework. It is a management system that requires inventorying AI systems, assessing impacts, documenting algorithmic decisions, and establishing traceable controls. And that is where most organizations in the region discover they have a problem.
Adoption data in LATAM: first full cycle
According to data gathered in our research on ISO 42001 certification gaps, fewer than 12% of organizations that began an implementation process in 2024 completed the certification cycle within the first 18 months. The main reasons:
- Lack of AI inventory: 67% of organizations had no formal record of their AI systems when starting the process.
- Absent impact assessment: Only 23% had conducted an algorithmic impact assessment before seeking certification.
- Confusion with ISO 27001: 41% assumed their information security certification covered AI governance requirements.
What your organization should know
If your organization develops, deploys, or uses AI systems, there are three questions you should be able to answer today:
- Do you have an up-to-date AI systems inventory? This includes production models, active prototypes, and third-party tools with AI components.
- Have you assessed the impact of those systems? We are not talking about a generic ethics statement. We mean a documented risk assessment per system with traceable criteria.
- Does your team know what "AI governance" means operationally? Executive training is one of the factors with the greatest impact on implementation success.
The gap between intention and action
One of the most relevant findings from 2025 was the distance between organizations' declared intention and their actual readiness. 78% of surveyed boards declared that AI governance was a "strategic priority." However, only 15% had allocated specific budget to implement an ISO 42001-compliant management system.
This gap is not exclusive to the region. But in LATAM it is amplified by the shortage of specialized auditors, the lack of regulatory precedents, and the tendency to treat AI as an exclusively technological matter rather than an organizational risk.
What comes in 2026
The trends for this year are clear. First, convergence with ISO 27001 will accelerate: organizations with an existing ISMS will seek to extend their controls to AI. Second, regulators will start demanding evidence of AI governance in regulated sectors such as finance, healthcare, and education. Third, demand for independent assessments will grow, because organizations will need to demonstrate that their AI systems operate within auditable parameters.
If you are evaluating how to prepare your organization, the starting point is a gap assessment against ISO 42001 requirements. Not a 12-month project. A 72-hour assessment that tells you exactly where you stand and what you need.