Artificial Intelligence (AI) is reshaping the customer experience in remarkable ways. What began as simple automation is evolving into systems that can learn, reason and soon act on behalf of customers and employees. This shift toward agentic AI opens up exciting opportunities to create new value, not just automate existing work. Yet greater autonomy also introduces new risks, heightening the need for credible, independently verified AI governance.  

That’s why we are excited to share that the Genesys Cloud platform has achieved ISO/IEC 42001:2023 certification for our AI Management System (AIMS). This globally recognized standard is the first of its kind focused on managing AI responsibly. It outlines how organizations can establish, operate and continuously improve an AI management system with structured controls for risk, oversight and performance

Earning ISO/IEC 42001certification represents a major milestone in our ongoing commitment to responsible AI. I recently spoke with Louise Willemse, Principal Product Manager for Security, Privacy, AI and Compliance at Genesys, to discuss the scope of ISO/IEC 42001 for Genesys Cloud, its value to CX leaders and what lies ahead for AI governance. Below is a recap of our conversation.  

Hi Louise, congratulations to you and the entire team on this achievement. It’s the result of a lot of focused effort over many months. For those who might not be familiar, can you explain what ISO/IEC 42001 is and what motivated Genesys to pursue this certification? 

Louise Willemse: Thank you. It would not have been possible without the contribution of many teams. ISO/IEC 42001 is the first globally recognized standard that specifies requirements for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS) within organizations. Achieving the certification demonstrates the application of the AIMS principles such as Accountability, Transparency, Fairness, Security and Privacy, as well as the application of ISO/IEC 42001controls to ensure responsible development and use of AI systems.  

An AIMS consists of the following key components: 

  • Governance structure: Defines roles, responsibilities, and oversight for AI management within the organization. 
  • Policies and procedures: Establishes documented rules for ethical AI design, development, deployment and use. 
  • Risk management: Identifies, assesses and mitigates risks associated with AI systems, including safety and security concerns. 
  • Data governance: Ensures data used by AI systems is properly managed, including security, privacy, integrity and compliance. 
  • Transparency measures: Enables clear documentation and communication about AI systems, decisions and outcomes. 
  • Continuous improvement: Implements monitoring, review and update mechanisms for ongoing AI system enhancement and compliance. 
  • Stakeholder engagement: Fosters communication with internal and external stakeholders to address concerns and feedback. 

The motivation to pursue this certification goes back to 2024 when it became clear that ISO 42001 provided a clear framework to establish an AI governance program.

That’s a great overview. Let’s get a bit more specific about the certification itself. What did Genesys include in scope for the audit, and does the certification apply across all Genesys Cloud global regions?

Willemse: The Genesys Cloud ISO/IEC 42001 certificate scope includes the design, development and deployment of AI technologies in the Genesys Cloud platform.

The AI technologies used include machine learning algorithms, natural language processing, predictive analytics, real-time decision-making algorithms, conversational AI, generative AI and large language models (LLMs). These technologies are embedded in the Genesys Cloud platform. 

ISO 42001 is a global certification and our certificate covers nine sites where AI development is concentrated: Galway (Ireland): Menlo Park (California), Durham (North Carolina), Indianapolis (Indiana), Chennai (India), Hyderabad (India), Toronto (Canada), Tel-Aviv (Israel), and Budapest (Hungary). 

Thanks for clarifying what is in scope. Many customers are already familiar with other ISO standards, such as 27001 and 27701. Can you explain how ISO/IEC 42001 fits alongside those frameworks and where it adds something new?

Willemse: From the start, the intention was to create an integrated management system, building on the management system already in place for ISO 27001/27017/27018. The AIMS shares common IMS processes for document control, risk, audit and continual improvement. 

An initial gap analysis reviewed our existing policies, processes, and procedures to identify what needed to change. While some new AI-specific elements were needed, most changes involved adapting what we already had in place. 

One of the learnings along the way was that AI, initially treated as a subset of information security, is its own unique domain, alongside information security and privacy. This also required some organizational changes.  

AI, more so than information security, requires cross-functional teams working together. One of the main challenges has been to make technical engineering teams more aware of human rights and ethical aspects during the design and development of AI systems. One way we achieved this was by involving these teams early in the AI system impact assessments and having them consider the harms and benefits of using their AI systems on individuals, groups and the organization.  

The other side of this was educating legal and various cross-functional teams on Genesys Cloud AI systems using our technical documentation. 

The connection between standards makes sense, especially since many of our customers already use ISO frameworks in their own operations. From a buyer’s perspective, due diligence is always a big part of vendor selection. How does ISO/IEC 42001 help customers evaluate and trust their CX partners? 

Willemse: ISO 42001 certification significantly reduces the due diligence burden for buyers. The painstaking work of evaluating a vendor’s AI controls has been largely removed given it has been independently verified by an external auditor. It provides assurance of our commitment to developing trustworthy, well governed AI.  

In addition, the detailed transparency reports that Genesys Cloud provides for each of our AI-powered products and AI systems help buyers to evaluate Genesys Cloud AI systems and answer many of the standard due diligence questions.  

Overall, it helps to accelerate vendor selection and procurement since buyers can point to independent third-party validation. 

That perspective on customer value is helpful. I imagine the process also taught us a lot internally. What did we learn about AI risk and impact as we worked through the certification requirements? 

Willemse: Back in 2023, when the EU AI Act was still on the horizon and only the draft ISO 42001 was published, a business case was developed to comply with the EU AI Act. At this stage we had completed a small proof of concept for identifying and assessing AI risk for one of our existing more mature traditional AI systems. It was clear that we faced several foundational challenges: 

  1. No common AI language or AI naming standards across teams  
  2. An incomplete AI inventory, including third-party AI components 
  3. Incomplete technical documentation on AI systems, models and datasets used    
  4. Existing risk management policies and procedures that did not take the complexity of AI risk into account 
  5. Varying levels of knowledge about AI governance 

All of these were absolutely essential to have effective AI risk management as part of broader AI governance and required strong cross functional cooperation between teams.

We realized early on that our customers would also have obligations to carry out AI risk assessments and AI system impact assessments under the EU AI Act. To enable our customers for these tasks, we needed to be transparent and make our AI Product and AI system cards available to customers.  

The work we put in to address these challenges has also given us many internal opportunities, including broad visibility and insights into our AI ecosystem. And that has resulted in closer collaboration on AI projects between all internal teams.   

I know the ink is barely dry on the ISO/IEC 42001certification, but what’s up next for Genesys AI governance?  

Willemse: Having the ISO 42001 certification is an amazing achievement and a great start for our AI journey. The next phase will focus on maturing our AI governance framework, continuing to improve our technical documentation for customers, raising AI literacy for all employees, and automating AI-related workflows (i.e. AI System Impact Assessments).  

Whilst ISO 42001 for Genesys Cloud is a huge step in the right direction, there is more to be done to comply fully with the EU AI Act for all Genesys. This work is ongoing.  

Other focus areas for 2026 and beyond are:  

  1. Strengthening the current privacy framework (working towards ISO 27701 certification), in particular in relation to AI data and the data lifecycle.    
  2. Sustainability, with many new directives coming up and AI’s huge demand for computing resources. Environmental impact assessments with real tools for measuring carbon emissions for AI models are not currently available and need to be developed.  
  3. Business continuity is already a huge priority for Genesys through new regulations like DORA. Embedding AI-related risks and failures into the business impact assessments will be another important focus.  

Lasty, Genesys will continue to prioritize certifications and regulatory assurances to keep pace with the evolving AI governance landscape. 

The Path Forward for Genesys Cloud AI 

Agentic AI represents the next leap in CX; and trust is what will define its success. The path forward lies in scaling AI responsibly, instilling confidence in the technology as it becomes more capable and autonomous. 

The Genesys ISO/IEC 42001 certification provides a solid foundation for that trust through a verified framework for accountability, transparency and continuous improvement. It reinforces our commitment to delivering AI that enhances experiences without introducing risk and gives our customers the confidence to scale responsibly.   

  • To learn more about Genesy Cloud global compliance, visit our Trust Center.  
  • Check out the Genesys Responsible AI page to get an understanding of our commitment to developing AI responsibly. 
  • Obtain a copy of the Genesys Cloud ISO/IEC 42001:2023 certificate, at the Security, Privacy and Compliance portal. Portal access is restricted to Genesys Cloud customers and partners.