SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada
Suprema wins AI governance certification for access control

Suprema wins AI governance certification for access control

Thu, 16th Jul 2026 (Today)
Joseph Gabriel Lagonsin
JOSEPH GABRIEL LAGONSIN News Editor

Suprema has obtained ISO/IEC 42001 certification for its artificial intelligence management systems. The certification covers the company's use of AI in biometric authentication and identity verification for access control products.

The standard assesses how an organisation governs AI rather than how well an individual product performs. For Suprema, the certified scope covers AI used across its BioStation series, BioEntry series and BioStar platform.

An independent accredited third-party body carried out the audit required for certification. The process examined the policies, accountability structures, risk controls and oversight practices Suprema uses to manage AI in its products.

The move adds an AI governance layer to compliance work the South Korean security technology company had already completed in information security and privacy management. Suprema previously obtained ISO/IEC 27001 certification for information security management and ISO/IEC 27701 certification for privacy information management.

Governance focus

ISO/IEC 42001 is a relatively new international standard for artificial intelligence management systems. It gives organisations a framework for documenting and reviewing how AI is designed, operated and monitored, with an emphasis on governance and accountability.

For buyers of access control systems, the certification provides a formal basis for reviewing AI governance during procurement checks. That is likely to matter most in sectors such as government, healthcare, finance and large enterprises, where supplier oversight is often tied to security, privacy and compliance requirements.

The framework applies to AI used in biometric access control, where algorithms support authentication and identity verification. Suprema said the certified structure is intended to remain in place as its use of AI expands.

The certification comes amid broader scrutiny of artificial intelligence in regulated markets. Companies selling AI-enabled systems into Europe and other jurisdictions are increasingly being asked not only about technical performance, but also about governance, accountability and risk management.

Regulatory pressure

That scrutiny comes as new rules emerge in the European Union, including the EU AI Act, which applies different obligations according to the risk category of an AI system. Suprema said it is monitoring those developments and addressing related requirements on an ongoing basis.

In practice, standards such as ISO/IEC 42001 can help suppliers show that internal processes exist for managing AI-related risks, assigning responsibility and maintaining oversight. While certification does not amount to regulatory approval, it can form part of the evidence customers use when assessing whether a vendor meets procurement and compliance expectations.

Suprema's core business is access control and physical security, with biometric systems forming a central part of its product line. In that market, the use of facial recognition, fingerprint recognition and other identity technologies has drawn closer attention from regulators and customers because of concerns over privacy, bias, data handling and accountability.

According to the company, the certification gives customers independent verification rather than requiring them to rely on the vendor's own description of its AI practices. That distinction is becoming more significant as procurement teams seek external assurance across security, privacy and AI governance.

Hanchul Kim, Chief Executive Officer, Suprema, commented on the rationale for the move.

"Our customers need to know that the AI in their security systems is not only accurate, it is also governed responsibly and verified independently," said Hanchul Kim, Chief Executive Officer, Suprema. "Every certification Suprema pursues reflects the same conviction: trust has to be earned, and it has to be proven. We cannot simply tell customers that the AI in their access control systems is responsibly built and carefully governed. We need independent verification to back that up. ISO/IEC 42001 is exactly that, and we intend to maintain and build on this standard as AI governance requirements continue to develop globally."