Facewatch, the UK’s largest provider of Live facial Recognition (LFR) crime prevention technology to retailers, has successfully achieved certification under the new international standard in AI governance.
The ISO/IEC 42001:2023 certification for Facewatch’s Artificial Intelligence Management System marks a significant milestone for the company, strengthening the governance framework behind its live facial recognition technology as use of the technology continues to mature across the UK retail sector.
The certification provides independent assurance that Facewatch’s use of artificial intelligence is governed through formal controls, risk management processes and human oversight.
Nick Fisher, CEO of Facewatch, said: “Live facial recognition will only maintain confidence if it is governed as rigorously as it is engineered.
“ISO/IEC 42001 gives retailers, regulators and the public independent evidence that Facewatch is not simply deploying AI-powered technology, but managing it through a formal, independently audited governance framework.
“We believe we are the world’s first UK-based provider of live facial recognition technology to retailers to achieve ISO/IEC 42001 certification for a crime prevention use and, as such, this is a significant milestone for our business and the responsible use of AI in tackling theft and protecting shop workers.”
He added: “It demonstrates that we can help retailers address crime, abuse and violence while meeting the high governance expectations that rightly surround the use of facial recognition technology.”
ISO/IEC 42001 is the world’s first international management system standard dedicated to artificial intelligence. It provides a formal framework for how organisations establish, maintain and continually improve the governance of AI systems, including risk management, accountability, transparency, lifecycle control, monitoring and – a vital component of Facewatch’s system – human oversight.
The certification covers the design, operation, governance and continual improvement of Facewatch’s AI management system for its biometric facial recognition alerting service and Subject of Interest database, which generate real-time crime prevention alerts for retailers protected by its system.
It also covers the governance of AI tool use across the organisation and Facewatch’s roles as AI Provider, Customer, Partner and Producer. The achievement follows a Stage 2 assessment by Tempo Audits, which concluded thatFacewatch’s management system met the requirements of ISO/IEC 42001:2023.
The Auditor’s Executive Summary identified no Major or Minor Nonconformities and described Facewatch as having “demonstrated a mature, well-governed and thoughtfully designed Artificial Intelligence Management System”.
Ashish Verma, Head of IT at Facewatch, who led the certification programme, said: “ISO/IEC 42001 required us to evidence how our AI systems are governed across their lifecycle, from risk and impact assessment through to monitoring, change control and human oversight.
“Achieving certification required a major cross-functional effort by our technology, security and governance teams, creating what Facewatch believes is one of the most comprehensive assurance and compliance frameworks in retail AI.”
The ISO/IEC 42001 certification adds a new responsible AI governance layer to a wider assurance framework developed by Facewatch over the past 12 months. The company already holds ISO/IEC 27001, SOC 2 Type 1 and Type 2, Cyber Essentials and specialist IoT security certifications (IoT Security Baseline assessment Levels 1 and 2).
Together, these controls are designed to give major retailers independent assurance across both security and AI governance. ISO/IEC 27001, SOC 2 and Cyber Essentials demonstrate that Facewatch’s data, cloud infrastructure and control environment are designed and operated securely, while IoT security certification supports confidence in deployments across physical retail environments. ISO/IEC 42001 now extends that assurance into the way Facewatch governs AI itself.
The Tempo Audits Executive Summary also highlighted the integration of Facewatch’s AI governance with its existing ISO/IEC 27001-certified information security management system, its AI impact and risk management processes, and the use of mandatory human review at consequential points in system operation.
Added Nick Fisher: “This certification reflects our long-term commitment to responsible, proportionate and evidence-led use of live facial recognition as retailers face sustained pressure from theft, abuse and violence against employees.”
%20crime%20prevention%20technology%20to%20retailers){kind=link}