Powered by
MOMENTUM
MEDIA
BigLaw firm Clayton Utz has achieved ISO/IEC 42001:2023 certification, making it one of the first law firms in the world to secure the international standard for responsible use of artificial intelligence.
With both ISO/IEC 42001:2023 and ISO/IEC 27001 – the certification for information security management – secured, the national law firm now holds a double certification, demonstrating the highest level of artificial intelligence (AI) and cyber governance.
“Our clients are highly sophisticated in terms of their own AI adoption and governance, and they expect the same from their legal providers,” chief executive partner Emma Covacevich said.
“These combined certifications are the clearest demonstration that the AI-enabled technologies we use are governed by robust processes and meticulous risk management, and give our clients confidence that we are managing AI with the same rigour we apply to every aspect of our practice.”
Developed by the International Organization for Standardization, ISO 42001 is the world’s first certifiable standard specifically designed to govern the use of AI.
The certification recognises that Clayton Utz has implemented a comprehensive artificial intelligence management system (AIMS) aligned with global best practice, including formal governance structures, clearly defined accountability for AI systems, and robust risk management processes to identify, assess, and mitigate potential harms.
Partner and head of AI Simon Newcomb said the certification reflects the firm’s aim to govern AI “at the level of global best practice”.
Newcomb added that clients and insurers have been asking how the firm has been pursuing the benefits of AI while also managing the risks responsibly.
“We have built AI governance as the foundation on which we can responsibly and safely deliver AI-enabled legal services to our clients,” he said.
“The certification reflects a step up in our maturity in the way we use AI.”
Chief information officer Andrew Fisher said the double certification has created a dual approach to cyber and AI use and management, “and reflects the level of governance and security clients expect of a top-tier law firm”.
“Achieving ISO 42001 is not a one-off milestone – it requires ongoing discipline, monitoring and continuous improvement across the organisation,” Fisher said.
“Clayton Utz was the first large Australian law firm to achieve the ISO/IEC 27001 certification, and we’ve held it consistently for 11 years.
“In obtaining the 42001 certification, we’re now also positioned at the forefront of responsible AI adoption in the legal sector.”
