Daon wins ISO/IEC 42001 certification for AI governance

Daon has achieved ISO/IEC 42001 certification for its artificial intelligence management system. The certification covers the company's AI governance framework for digital identity and fraud prevention systems across its global operations.

ISO/IEC 42001 is the first international management system standard focused specifically on artificial intelligence. The certification followed an independent audit and applies to Daon's operations in the United States, Ireland, Serbia, Australia and the United Kingdom.

The standard sets requirements for identifying, assessing, mitigating, monitoring and documenting risks linked to AI systems. In Daon's case, it recognises governance across the lifecycle of its AI systems, including risk assessment, model documentation, human oversight, performance monitoring, transparency, accountability and continuous improvement.

Daon said the certified framework covers AI-driven fraud prevention and identity verification systems used by financial institutions, governments and enterprises. Those systems operate in areas where organisations face growing scrutiny over how AI is governed and monitored.

The certification comes as businesses and public bodies deploy AI tools in customer onboarding and fraud checks. Digital identity providers are increasingly being asked to show how they manage risks tied to technologies used to detect deepfakes, synthetic identities, account takeover attempts and impersonation attacks.

Daon said its AI is used for biometric matching, liveness detection, fraud prevention, document verification, orchestration and risk analysis. Each function is subject to documented controls at both the model and system level, including model information sheets, risk assessments, lifecycle documentation, monitoring requirements and transparency records.

Tom Grissen, Chief Executive Officer at Daon, said the certification reflected a shift in market expectations around AI oversight.

"We're long past the point where innovation is the primary focus concerning AI. The technology now sits at the center of critical identity and fraud prevention decisions. Organisations need confidence not only in the effectiveness of AI-powered identity systems, but also in how they are governed, monitored, and continuously improved over time. The fact that our AI management system meets this new standard reflects the seriousness with which Daon approaches responsible AI management across our business," said Tom Grissen, Chief Executive Officer at Daon.

Travel use

One example of the technology in use is Daon's work with the International Air Transport Association on the IATA Timatic Doc Scan solution. The system lets passengers capture or upload travel documents and verify them before arriving at the airport through an airline app or desktop check-in process.

IATA said the tool is intended to help passengers meet immigration requirements before travel begins. The use case places document verification and identity checks in a consumer-facing environment, where questions around accuracy, oversight and data handling have become more prominent.

"Artificial Intelligence will play a critical role in simplifying passenger processing at airports, leading to a much improved passenger experience while at the same time enhancing safety and security. However, we have to ensure that we put passengers' rights at the center any time we use AI. Daon also shares this vision, which is one of the reasons IATA is happy to collaborate closely with them to support our travel document security solutions," said Frederic Leger, Senior Vice President of Products and Services at IATA.

Broader controls

The AI certification adds to other standards Daon already holds, including ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017 and ISO/IEC 27018. Those standards relate to information security, privacy and cloud security, and have become common benchmarks for technology suppliers working with regulated sectors.

That broader standards base matters for companies selling identity systems to banks, governments and large businesses, where procurement teams often assess security, privacy and governance controls together rather than in isolation. AI-specific certification is likely to draw attention as customers seek ways to compare governance practices across vendors.

Daon said its AI systems are built for identity verification, authentication and fraud prevention using machine learning models rather than generative AI. The company added that its systems are classified as limited-risk under the EU AI Act, while noting that it has adopted a higher level of governance for their development, deployment and management.

Grissen said that approach was intended to go beyond minimum regulatory thresholds.

"Daon's AI systems are purpose-built for identity verification, authentication, and fraud prevention, using advanced machine learning models rather than generative AI technologies. While Daon's solutions are classified as limited-risk under the EU AI Act, we have implemented the highest level of trustworthy AI governance because our goal is not simply compliance, it is industry leadership, instilling our clients with the highest level of confidence in how our systems are developed, deployed, and managed," said Grissen.