Zendesk achieves ISO 42001 certification: Raising the bar for AI governance in customer experience

AI is transforming how businesses engage with customers, but adoption hinges on trust. IT and security leaders know that without clear safeguards, AI can introduce new risks – ranging from data privacy concerns to opaque decision-making. That’s why we’re proud to announce that Zendesk is one of the first CX companies to achieve ISO 42001 certification, the world’s first international standard for AI management systems.

This milestone underscores our commitment to building AI that is not only powerful, but also transparent, secure, and responsibly governed.

What ISO 42001 means for AI in CX

ISO 42001 establishes requirements for an Artificial Intelligence Management System (AIMS). Think of it as the AI equivalent of ISO 27001 for information security: a framework to help organizations design, deploy, and improve AI responsibly.

The certification focuses on four critical areas:

• Risk and impact assessment: Identifying, mitigating, and monitoring risks such as bias, privacy, and safety.
• AI lifecycle governance: Ensuring executive oversight across design, development, deployment, and monitoring.
• Performance evaluation: Continual auditing, measurement, and management review.
• Continuous improvement: Learning from incidents and evolving processes to keep AI systems safe and effective.

In practice, this means Zendesk AI operates under the same rigorous discipline and accountability you’d expect from other mission-critical enterprise systems.

Why this matters now

Organizations have moved from experimenting with AI to operationalizing it. Yet as our AI Trust Report highlights, most are still struggling with governance. Only 23% of companies feel highly prepared to manage AI risks, and 65% are still in early planning stages.

For IT and security leaders, this gap poses real consequences: regulatory non-compliance, data exposure, reputational risk, and ultimately stalled adoption. By achieving ISO 42001 certification, Zendesk provides assurance that our AI is built with the controls needed to help organizations close this trust gap.

Which Zendesk AI products are covered

All of our core AI features are included in the certification scope, with the exception of two recent acquisitions (Local Measure and HyperArc) that will follow. For enterprise customers, this means you can deploy Zendesk AI with confidence that governance practices are aligned with global standards.

Putting AI governance into action

ISO 42001 doesn’t just validate our processes, it reflects how Zendesk approaches AI trust and security every day:

• Security by design: Protecting customer data with enterprise-grade safeguards, encryption, and strict access controls.
• Privacy first: Customer data is never used to train generative AI models, and organizations retain control through features like self-managed encryption keys and redaction tools.
• Bias mitigation: Embedding fairness reviews and diverse data practices across the AI lifecycle to minimize harmful outcomes.
• Transparency & accountability: Providing visibility into how and why AI makes recommendations, with humans always in the loop.

These commitments extend beyond compliance. They’re how we ensure AI strengthens, not undermines, customer trust.

Looking ahead

We expect ISO 42001 will quickly become a baseline requirement for global enterprises evaluating AI vendors, much like ISO 27001 did for security. With certification in place, Zendesk customers can move faster knowing their AI systems meet internationally recognized standards.

AI is redefining customer experience, and trust is the foundation for adoption. This certification enables enterprises to unlock the benefits of AI while ensuring responsible and ethical practices.

Explore more about our approach in the Zendesk Trust Center.