Our journey to becoming the world's first ISO 42001-compliant AI video company

At Synthesia, we've always been at the forefront of responsible innovation. Since 2017, we’ve pioneered advancements in generative AI, empowering tens of thousands of organizations to use our platform to create and distribute videos for business communications. During these past seven years, we’ve built a relationship with our community based on trust and transparency, which is why we’re proud that over one million customers use Synthesia today, many of them from Fortune 500 companies. 

Today, we're thrilled to announce a groundbreaking achievement that sets a new standard for responsible AI development and governance in our industry. We are the world's first AI video company to achieve ISO/IEC 42001 certification, as verified through a comprehensive external audit that was just completed this month. 

In January 2024, we were one of the first companies to begin this process, soon after the final specifications of the ISO 42001 standard became available. To achieve unaccredited certification, we’ve spent the past few weeks with representatives from A-LIGN, a security and compliance partner trusted by more than 4,000 global organizations to mitigate security risks. A-LIGN is accredited as a certification body for ISO 27001, ISO 27701, and ISO 22301 and is undergoing the initial accreditation audit for ISO 42001 with ANSI National Accreditation Board (ANAB), the largest multi-disciplinary accreditation body in the western hemisphere. Once A-LIGN becomes an accredited certification body, our certificate will become accredited too, making us one of the first companies with an ISO 42001-certified system.

Synthesia considers this audit a key accomplishment for their company and employees for several reasons; chief among them was that we underwent what’s called a witness audit which assesses the effectiveness of a certification body's auditing techniques and the competence of its auditors. In practice, the process involved an ANAB auditor observing the entirety of the certification audit, with a Stage 2 audit plan consisting of 18 days of audit activity. This makes us even more proud to have completed the Stage 2 audit with no unresolved non-conformities.

Synthesia’s passion for AI and their unwavering commitment to responsibly managing customer data and maintaining high-quality standards are truly commendable. At A-LIGN, we deeply value this dedication to security and are proud of our shared achievements in the AI industry. We look forward to continuing our successful collaboration in the future - Emily Schuckman, director of ISO at A-LIGN

Here are some important milestones from our journey and why we believe the ISO 42001 will become a requirement for any AI SaaS company. 

What is ISO 42001?

ISO 42001 is an international standard that establishes the requirements for an Artificial Intelligence Management System (AIMS) framework designed to ensure the responsible development and use of AI systems. 

The standard addresses the unique challenges posed by AI, including ethical considerations, transparency, and the need for continuous learning and improvement.

Why this matters

At a time when AI is becoming increasingly prevalent in business operations, deploying AI in a trustworthy and compliant way is paramount. This year, 27% of Fortune 500 companies have cited AI compliance as a risk in their annual reports, with challenges ranging from higher compliance costs and penalties to competitive risk and general harm. 

It’s clear that the industry needs some guidance on how to adopt AI technology and systems in a standardized way. This is what Vanta, a leading security and compliance company that has helped Synthesia achieve SOC 2 compliance, has to say about our new ISO 42001 unaccredited certification: 

As a company deeply committed to cyber security and responsible AI, we understand the dedication and effort required to achieve a certification like ISO 42001. Our team closely collaborated with Synthesia from the very first day of their AIMS implementation, until the last audit day. We are thrilled to see Synthesia reach this milestone, which not only demonstrates their commitment to AI governance but also sets them apart as a leader in Responsible AI.  Achieving ISO 42001 compliance alongside their existing security certifications shows their proactive approach to risk management, data integrity, and stakeholder trust in the ever-evolving AI landscape. - Herman Errico, senior product manager at Vanta

While we’ve always had an in-house responsible AI framework since day one, we wanted to standardize our approach and develop processes that were in line with industry best practices for how AI products are developed and deployed. By achieving our ISO 42001 compliance, our customers and partners now have the assurance that we have a strong AI governance framework in place that has been audited by a group of companies known as the gold standard in risk management and security. 

As conversations about AI governance grow in frequency and intensity, we believe that accreditations like ISO 42001 will soon become a requirement for any reputable provider of AI systems, services and products.

Highlights from the ISO 42001 audit

The path to ISO 42001 compliance involved a rigorous and comprehensive audit process. A-LIGN, a respected and reputable auditing firm, meticulously examined our AI governance policies and a wealth of associated evidence. 

This thorough review ensured that our policies not only meet the high standards set by ISO 42001 but also that we're putting these policies into practice across our operations. 

Our audit process revealed several strengths in our AI governance approach; here are some important takeaways:

• Responsible AI framework: We've implemented a robust framework ensuring ethical AI development and deployment, aligning with global standards for fairness, transparency, and accountability.
• AI risk management: Our systematic approach to identifying, assessing, and mitigating AI-related risks, including bias, data privacy, and model security, was thoroughly validated.
• Transparent AI decision-making: The audit highlighted our commitment to explainable AI, ensuring that AI-driven decisions can be justified to stakeholders.
• Data governance and integrity: Our practices for data sourcing, handling, and usage were reviewed to confirm the accuracy, reliability, and ethical sourcing of data used in our AI systems.
• Continuous AI model monitoring: We demonstrated robust processes for ongoing monitoring of AI models to maintain consistent and reliable performance.
• Stakeholder engagement: The audit recognized our efforts to integrate customer feedback and concerns into our AI governance practices.
• Bias detection and mitigation: Our proactive measures to ensure fairness and avoid discriminatory outcomes in AI models were confirmed.
• AI lifecycle management: The audit verified our comprehensive approach to managing the entire AI lifecycle, from initial design to decommissioning.
• Regulatory compliance: The audit confirmed that we take into account both the current and emerging relevant regulations and standards when developing, deploying, or using AI systems.
• Commitment to Responsible AI innovation: The audit acknowledged our ongoing dedication to developing AI technologies that benefit society while minimizing risks.

What's coming next

As we celebrate this milestone, we're also looking ahead to further enhance our commitment to responsible AI. We'll be sharing our AI Impact Assessment document on the Trust Center in the coming weeks and we're also launching the AI Governance Practices page, similar to our Security Practices page, detailing our ISO 42001 efforts and overall AI governance approach.

Achieving ISO 42001 compliance is not just a milestone for Synthesia; it's a leap forward for the entire industry. We believe it will create an environment where companies will feel confident to adopt and deploy ISO 42001-compliant Synthesia 2.0 platform, leading to more use of generative AI which in turn will incentivize more companies to develop and adopt products and services based on this technology. 

As we continue to innovate and push the boundaries of what's possible with AI-driven video creation, we remain committed to doing so responsibly, ethically, and transparently.

We invite our customers, partners, and the wider community to join us on this journey towards a future where AI technology is not only powerful and transformative but also trustworthy and accountable.

If you’re a customer or partner and want to learn more about our ISO 42001 compliance or our AI governance practices, please don't hesitate to reach out to our go-to-market teams.