Why does AI need specific privacy governance?
Artificial intelligence systems process personal data in ways that differ fundamentally from traditional data processing. Machine learning models train on large datasets that may contain PII, automated decision making systems profile individuals based on behavioural patterns, and generative AI can inadvertently reproduce personal data from its training corpus. These characteristics create privacy risks that require dedicated governance. CISOs play a central role in establishing this governance framework.
ISO 27701:2025 provides the management system framework for addressing these risks. While the standard does not mention AI explicitly in every clause, its controls for PII processing, purpose limitation, data minimisation and individual rights apply directly to AI systems that handle personal data.
For a broader overview of how the standard addresses emerging technologies, see our guide on AI, IoT and biometrics privacy under ISO 27701:2025.
Which ISO 27701 controls apply to AI systems?
Several categories of Annex A controls have direct relevance to AI privacy governance:
| Control category | AI application | Key considerations |
|---|---|---|
| A.2 — Conditions for collection and processing | Training data acquisition | Ensure lawful basis for collecting PII used in training datasets. Document purpose limitation for each AI use case |
| A.2 — Privacy impact assessment | AI system deployment | Conduct PIAs before deploying AI systems that process PII at scale or make automated decisions about individuals |
| A.3 — Obligations to PII principals | Automated decision making | Implement mechanisms for individuals to access, understand and challenge AI driven decisions that affect them |
| A.4 — Privacy by design | Model architecture | Embed privacy preserving techniques (differential privacy, federated learning, anonymisation) into AI system design |
| A.5 — PII sharing and transfer | Third party AI services | Govern data flows to cloud AI providers, third party model vendors and cross-border AI processing |
How does ISO 27701 intersect with ISO 42001?
ISO 42001 is the international standard for AI management systems. While ISO 27701 focuses on privacy and PII protection, ISO 42001 addresses the broader governance of AI systems including safety, fairness, transparency and accountability. Organisations operating AI systems that process personal data (particularly SaaS platforms) should consider how these standards work together:
| Aspect | ISO 27701:2025 | ISO 42001 | Integration point |
|---|---|---|---|
| Scope | Privacy and PII protection | Responsible AI management | AI systems processing PII sit in both scopes |
| Risk assessment | Privacy risks to PII principals | AI risks including bias, safety, transparency | Combined risk assessment covering privacy and AI specific risks |
| Impact assessment | Privacy impact assessment | AI impact assessment | Unified assessment for AI systems processing PII |
| Data governance | PII lifecycle management | Training data management | Shared data governance framework covering quality, provenance and consent |
| Transparency | Privacy notices and data subject information | AI system transparency and explainability | Combined transparency measures for AI driven PII processing |
| Management system | PIMS (Clauses 4 to 10) | AIMS (Clauses 4 to 10) | Shared high level structure enables integrated management system |
Both standards use the ISO Harmonized Structure (Clauses 4 to 10), making integration straightforward. Organisations can run a single integrated management system covering information security (ISO 27001), privacy (ISO 27701) and AI governance (ISO 42001) with shared processes for risk management, internal audit and management review.
Start your free trial
Want to explore?
Sign up for your free trial today and get hands on with all the compliance features that ISMS.online has to offer
What are the key AI privacy risks to address?
Organisations using AI systems that process PII should assess and mitigate these specific privacy risks within their PIMS:
Training data risks:
- Unlawful collection — PII in training datasets may have been collected without appropriate consent or lawful basis for use in AI training
- Purpose creep — Data originally collected for one purpose is repurposed for AI model training without updating consent or legal basis
- Data retention — PII embedded in trained models persists beyond the retention period applicable to the original data
- Data quality — Inaccurate PII in training data leads to incorrect outputs affecting individuals
Processing risks:
- Automated decision making — AI systems making or significantly influencing decisions about individuals (credit, employment, insurance) without adequate human oversight
- Profiling — Building detailed profiles of individuals through inference and aggregation, potentially revealing sensitive information not directly provided
- Re-identification — Combining AI outputs with other data sources to re-identify individuals from supposedly anonymised datasets
- Model memorisation — Large language models and other neural networks memorising and reproducing PII from training data in their outputs
Rights and transparency risks:
- Explainability — Inability to explain how an AI system reached a decision about an individual, undermining the right to meaningful information about decision logic
- Right to erasure — Difficulty in removing an individual’s PII from a trained model without retraining (the “machine unlearning” challenge)
- Right to object — Ensuring individuals can effectively object to AI driven profiling and automated decision making
How should you govern training data under ISO 27701?
Training data governance is one of the most critical aspects of AI privacy. ISO 27701 requirements for PII lifecycle management apply directly:
- Document the lawful basis for including PII in each training dataset, considering whether original consent covers AI training purposes
- Conduct data protection impact assessments before using PII in new training scenarios, particularly where special category data or large scale processing is involved
- Implement data minimisation by using only the PII necessary for the training objective, applying anonymisation or pseudonymisation where full PII is not required
- Maintain provenance records documenting the source, consent basis and processing history of PII in training datasets
- Apply retention controls to training datasets, including procedures for refreshing or retiring datasets as retention periods expire
- Test for memorisation by assessing whether trained models can reproduce PII from training data and implementing mitigation techniques where risks are identified
Manage all your compliance, all in one place
ISMS.online supports over 100 standards and regulations, giving you a single platform for all your compliance needs.
What does an AI privacy governance framework look like?
Organisations can build an AI privacy governance framework within their ISO 27701 PIMS by addressing four layers:
| Layer | Governance activities | ISO 27701 alignment |
|---|---|---|
| Strategic | AI privacy policy, acceptable use principles, risk appetite for AI processing | Clause 5 (Leadership), privacy policy requirements |
| Risk | AI privacy risk assessment (starting with a gap analysis), DPIA for AI systems, ongoing risk monitoring | Clause 6 (Planning), risk assessment and treatment |
| Operational | Training data governance, model testing, rights fulfilment, incident response for AI | Clause 8 (Operation), Annex A controls |
| Assurance | Internal audit of AI privacy controls, management review, continual improvement | Clause 9 (Performance evaluation), Clause 10 (Improvement) |
This layered approach ensures that AI privacy is governed at the strategic, risk, operational and assurance levels — the same structure that ISO 27701 applies to all PII processing activities.
For organisations subject to the GDPR, additional requirements around automated decision making (Article 22), data protection by design (Article 25) and DPIAs (Article 35) must be addressed within this framework. The Annex D mapping in ISO 27701:2025 provides a direct cross reference between the standard’s controls and these GDPR articles.
Why choose ISMS.online for AI privacy governance?
ISMS.online provides the platform infrastructure to manage AI privacy governance effectively:
- Multi-standard integration — Manage ISO 27701, ISO 27001 and ISO 42001 from a single platform, with shared controls and evidence where standards overlap
- AI-specific risk workflows — Configure risk registers to capture AI privacy risks with custom impact categories for automated decision making, profiling and training data
- Impact assessment templates — Conduct and document DPIAs for AI systems using structured templates aligned to GDPR Article 35 and ISO 27701 requirements
- Control mapping — See how AI privacy controls map across ISO 27701, ISO 42001 and GDPR requirements, reducing duplication and ensuring comprehensive coverage
- Evidence management — Link testing results, audit reports, model cards and data governance documentation directly to controls for audit readiness
- Collaboration tools — Assign AI privacy tasks to data scientists, engineers, legal and compliance teams (including DPOs), tracking progress across functional boundaries
- Continuous monitoring — Track AI privacy control effectiveness over time with dashboards that highlight gaps and improvement opportunities
FAQs
Does ISO 27701:2025 specifically address AI systems?
ISO 27701:2025 does not contain AI-specific clauses or controls. However, its requirements for PII processing, purpose limitation, data minimisation, privacy impact assessment and individual rights apply fully to AI systems that process personal data. The standard is technology neutral by design, which means its principles apply regardless of whether PII is processed by traditional systems or AI algorithms. Organisations should interpret and apply the controls in the context of their specific AI processing activities.
Do we need both ISO 27701 and ISO 42001 for AI governance?
It depends on your organisation’s priorities. ISO 27701 covers privacy and PII protection. ISO 42001 covers broader AI governance including safety, fairness and transparency. If your primary concern is protecting personal data processed by AI systems, ISO 27701 is the starting point. If you need comprehensive AI governance covering non-privacy risks as well, consider implementing both. The shared Harmonized Structure makes integration straightforward, and ISMS.online supports both standards on a single platform.
How do we handle the right to erasure for data in trained AI models?
This is one of the most challenging aspects of AI privacy. Once PII is used to train a model, removing it typically requires retraining. Practical approaches include: using anonymised or pseudonymised data for training where possible, implementing machine unlearning techniques where available, maintaining training dataset records so you can retrain if needed, and documenting your approach to erasure requests as part of your PIMS. Your privacy impact assessment should evaluate this risk before deployment and set out the mitigation strategy.
What is the EU AI Act’s relationship to ISO 27701?
The EU AI Act regulates AI systems based on risk level (unacceptable, high, limited, minimal). It complements GDPR and, by extension, ISO 27701. High risk AI systems under the Act have specific requirements for data governance, transparency and human oversight that overlap with ISO 27701 privacy controls. Implementing ISO 27701 for AI systems that process PII helps address several AI Act requirements, particularly around data quality, documentation and impact assessment. However, the AI Act has additional non-privacy requirements that ISO 27701 alone does not cover.
Should we conduct a DPIA for every AI system?
Not necessarily, but most AI systems that process PII will require one. GDPR Article 35 requires a DPIA for processing that is likely to result in a high risk to individuals, and the Article 29 Working Party guidance identifies automated decision making, profiling and large scale processing as triggers. AI systems frequently meet one or more of these criteria. As a best practice, conduct a screening assessment for every AI system and a full DPIA for those that meet any of the triggering criteria. Document your decision rationale within your PIMS.
