On June 29, 2026, the Council of the EU gave final approval to the digital omnibus package that pushes the AI Act's high-risk obligations from August 2, 2026 to December 2, 2027 — August 2, 2028 for AI embedded in regulated products. If your compliance roadmap was built around this summer's deadline, you just got seventeen months back.
Here's what you didn't get back: the security questionnaire sitting in your inbox.
Enterprise procurement doesn't run on regulatory timelines. It runs on risk transfer. And the mechanism buyers are converging on for AI risk isn't an EU conformity assessment — it's ISO/IEC 42001, the international standard for AI management systems. When BCG announced its certification in January 2026, it noted it was among the first 100 organizations worldwide to hold one. That's the entire certified pool, globally, two years after the standard published. AWS became the first major cloud provider to earn accredited certification back in November 2024; Microsoft and Anthropic followed. The certified population is small, visible, and increasingly cited in vendor requirements — which means "are you 42001-aligned?" is showing up in deals long before any regulator asks you anything.
A management system is not a policy binder
The thing that surprises teams about ISO 42001 is what kind of standard it is. It's not a checklist of security controls. It's a management system standard, in the same family as ISO 27001 — and the operative word is "system." It asks whether your organization continuously plans, operates, measures, and improves its AI governance. Present tense. Ongoing.
That distinction is where agent operators get into trouble. A policy binder can be written in a week. A management system has to run — and it has to generate evidence that it's running. Four clauses do most of the work:
Clause 6 (Planning) wants documented risk treatment: which AI risks you've identified and what you're doing about them, with the treatment expressed somewhere more operational than a Word document.
Clause 8 (Operation) is the hard one for agent stacks. It requires operational planning and control over your AI systems — meaning the controls you claim exist have to actually execute in the path of the work, not beside it.
Clause 9 (Performance Evaluation) requires monitoring, measurement, analysis. If an auditor asks "how do you know your AI controls are working," a dashboard has to answer.
Clause 10 (Improvement) requires that incidents feed back into the system. You need a record of what went wrong, what changed, and evidence the change happened.
Notice what all four have in common: they're satisfied by instrumentation, not attestation. The standard is effectively asking whether your governance produces artifacts as a side effect of operating.
What this looks like on an agent stack
Agents make Clause 8 harder than classic ML deployments, because the "operation" being controlled is a loop of autonomous decisions — tool calls, delegations, retries — not a single model inference. Controlling that operation means the control plane has to sit inside the loop.
This is the shape VeriSwarm was built around, so the clause mapping falls out of the architecture:
Clause 4's organizational scoping maps to the tenant hierarchy — organization, tenant, agent — so "what does your AIMS cover" has a concrete answer: these agents, in this workspace. Clause 6's risk treatment maps to Gate scoring profiles, where your risk weights are configuration, not prose. Clause 8 maps to Cortex Workflows, where every step executes under Guard observation by default — each step's input and output scanned for PII, injection patterns, and content flags, with findings persisted. The control is in the execution path because it is the execution path. Clause 9 maps to the analytics layer: provider health, SLO burn rates, cost and cache dashboards. Clause 10 maps to Vault, where the hash-chained audit trail turns incident review from archaeology into a query.
And because assembling that mapping by hand is exactly the kind of work that stalls certifications, the platform generates it: GET /v1/compliance/iso-42001 returns a per-tenant report with pass, warn, or fail status per clause, live evidence counts pulled from your actual agent activity, and a specific recommendation for anything short of pass. Not a template — an assessment of your tenant, from your data. The same endpoint family covers NIST AI RMF and the EU AI Act, so evidence you build once cross-references across frameworks.
The report is a readiness instrument, not a certificate — certification requires an accredited body auditing your whole organization, and typically runs six to nine months if you already operate an ISO 27001 ISMS, longer from scratch. What the report does is compress the part where you figure out what evidence you have and what's missing — usually the slowest, dullest stretch of the entire engagement.
The window is the point
The certified pool being roughly one hundred organizations is the opportunity. Right now, holding real AIMS evidence puts you in rare company when a Fortune 500 questionnaire lands. In two years, when the certified pool is a few thousand and the EU deadlines have arrived anyway, it's table stakes. The omnibus delay didn't remove the pressure — it moved the pressure from regulators to buyers, and buyers move faster.
Run the report. If it comes back full of warns, better to learn that from an API response today than from a lost deal in Q4.
Sign up at veriswarm.ai — the compliance report endpoint reads from your tenant's live activity, so the assessment starts working as soon as your agents do.
Sources:
- Gibson Dunn — EU AI Act Omnibus Agreement: Postponed High-Risk Deadlines
- Morgan Lewis — EU Approves Delays and Other Amendments to Certain EU AI Act Obligations
- BCG — Among First 100 Organizations Globally Certified for ISO/IEC 42001 (Jan 27, 2026)
- Microsoft Learn — ISO/IEC 42001:2023 Compliance Offering