What is the primary objective of **EN 1090**?

**EN 1090 ensures controlled execution and conformity assessment of structural steel and aluminium components for CE marking under the Construction Products Regulation (CPR).** It comprises **EN 1090-1** for conformity assessment including certified **Factory Production Control (FPC)** and **Declaration of Performance (DoP)**, **EN 1090-2** for steel structures, and **EN 1090-3** for aluminium, scaling requirements via **Execution Classes (EXC1–EXC4)** based on consequence class, service category, and production category to manage risk in fabrication, welding, tolerances, inspection, and traceability.

Who is legally or professionally required to comply with **EN 1090**?

**Manufacturers of load-bearing steel and aluminium structural components and kits for permanent incorporation in EU construction works must comply with EN 1090 to affix CE marking.** This applies to fabricators, welding shops, and suppliers placing products on the EEA market under CPR; non-structural or non-metallic elements are excluded. Compliance is mandatory for market access, requiring certified FPC and DoP issuance.

Does **EN 1090** require an external audit or third-party certification?

**Yes, EN 1090-1 mandates third-party certification of the Factory Production Control (FPC) system by a notified body under AVCP systems.** This involves initial inspection of the factory and FPC, issuance of a certificate enabling CE marking and DoP, followed by continuous surveillance audits to verify ongoing conformity.

How often should an assessment for **EN 1090** be performed?

**EN 1090 requires initial notified body certification followed by ongoing surveillance audits, typically annually depending on execution class and prior performance.** FPC internal assessments occur continuously via documented procedures, with frequencies scaled to EXC; first surveillance is often one year post-certification per notified body rules like Intertek.

What are the consequences of non-compliance with **EN 1090**?

**Non-compliance with EN 1090 prevents lawful CE marking, risking market exclusion, product withdrawal, certificate suspension, and legal liability under CPR.** Notified bodies publicly report suspensions for major non-conformities; manufacturers face civil claims, fines, and reputational damage from structural failures due to inadequate FPC, welding, or traceability.

An **EN 1090** be mapped to other international frameworks?

**EN 1090 integrates with standards like ISO 3834 for welding quality and ISO 9001 for quality management, but no formal mappings to unrelated international frameworks exist.** It aligns with Eurocodes for design and focuses solely on execution and conformity; organizations adapt FPC using these as foundations without direct equivalence.

What is the first step to begin implementing **EN 1090**?

**The first step is to conduct a product scope assessment to confirm EN 1090 applicability and determine target Execution Classes (EXC1–EXC4) based on consequence, service, and production categories.** Default to EXC2 if unspecified, then perform a gap analysis of current FPC against EN 1090-1 requirements.

Who is legally or professionally required to comply with **ISO/IEC 42001:2023**?

**ISO/IEC 42001:2023 applies universally to any organization developing, providing, or using AI-based products/services, regardless of size, type, or complexity.** It covers all roles—AI developers, providers, producers, users—with role-based scoping (e.g., providers assess model risks, users focus deployment). No legal mandates exist; compliance is voluntary for professional governance, risk management, and certification, with exclusions justified in Clause 4.3 scope statements for non-applicable activities.

Does **ISO/IEC 42001:2023** require an external audit or third-party certification?

**ISO/IEC 42001:2023 does not require external audits or third-party certification, as it is a voluntary standard.** Organizations may pursue certification via accredited bodies (e.g., UKAS, ANAB like Schellman or BSI) through two-stage audits validating AIMS implementation across Clauses 4-10 and Annex A. Certification, valid for 3 years with annual surveillance, demonstrates credibility, as in Microsoft Copilot and UiPath platform cases.

How often should an assessment for **ISO/IEC 42001:2023** be performed?

**Assessments for ISO/IEC 42001:2023 must be performed at planned intervals via internal audits (Clause 9.2) and management reviews (Clause 9.3), with continual monitoring of AI performance indicators (Clause 9.1).** AI Impact Assessments (AIIAs) are required for high-risk systems during planning (Clause 6), with annual reviews recommended alongside PDCA-driven improvements (Clause 10) and post-deployment model drift checks (e.g., F1-score delta ≤0.03).

What are the consequences of non-compliance with **ISO/IEC 42001:2023**?

**Non-compliance with ISO/IEC 42001:2023 carries no direct legal penalties, as it is a voluntary standard.** However, unmitigated AI risks can lead to reputational damage, regulatory fines under laws like the EU AI Act (for high-risk systems), operational failures (e.g., bias incidents), lost procurement opportunities (e.g., Microsoft SSPA requirements), and higher insurance premiums, with certification lapses risking major non-conformities in 32% of audits from inadequate model-drift evidence.

An **ISO/IEC 42001:2023** be mapped to other international frameworks?

**Yes, ISO/IEC 42001:2023 maps seamlessly to other international frameworks due to its Annex SL High-Level Structure (HLS) and PDCA alignment.** It integrates with ISO 9001 (64% evidence overlap for 27001 holders), ISO/IEC 27001 (extending ISMS to AI), ISO 31000 (risk management), and NIST AI RMF (crosswalks available), enabling hybrid AIMS with reduced implementation time (e.g., 4.5 months vs. 11 for greenfield).

What is the first step to begin implementing **ISO/IEC 42001:2023**?

**The first step to implement ISO/IEC 42001:2023 is determining the organizational context and AIMS scope per Clause 4.** Conduct a gap analysis of internal/external issues (Clause 4.1), interested parties' needs (Clause 4.2), and boundaries (Clause 4.3), justifying exclusions and defining roles (e.g., AI provider/user), using cross-functional teams for PDCA-aligned readiness.

EN 1090 vs ISO/IEC 42001:2023

Q: What is the primary objective of **ISO/IEC 42001:2023**?

**ISO/IEC 42001:2023 establishes requirements for an Artificial Intelligence Management System (AIMS) to govern AI responsibly across its full lifecycle.** Published in December 2023, it employs the Plan-Do-Check-Act (PDCA) methodology and High-Level Structure (HLS) across Clauses 4-10, addressing AI-specific risks like bias, transparency, and model drift through policies, AI Impact Assessments (AIIAs), operational controls (Annex A with 38 controls), and continual improvement.

Standards Comparison

EN 1090

Mandatory

2009

EU standards for execution and CE marking of structural metals

ISO/IEC 42001:2023

Voluntary

2023

International standard for AI management systems.

Quick Verdict

EN 1090 mandates CE marking for structural steel/aluminium in EU construction, while ISO/IEC 42001:2023 provides voluntary AIMS framework for global AI governance. Fabricators adopt EN 1090 for market access; AI firms choose 42001 for ethical compliance and trust.

Structural Metalwork

EN 1090

EN 1090: Execution of steel and aluminium structures

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Enables CE marking for structural steel/aluminium components
Risk-based Execution Classes (EXC1-EXC4) scaling requirements
Mandates certified Factory Production Control (FPC) system
Specifies technical execution rules for steel (EN 1090-2)
Integrates ISO 3834 welding quality management

AI Management

ISO/IEC 42001:2023

ISO/IEC 42001:2023 AI Management Systems

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

PDCA-based framework for AI lifecycle governance
Mandatory AI Impact Assessments for high-risk systems
Annex A: 38 AI-specific controls
Third-party risk management and monitoring
Seamless integration with ISO 27001/9001

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

EN 1090 Details

What It Is

EN 1090 is a harmonized European standard series (EN 1090-1, -2, -3) under the Construction Products Regulation (CPR). It governs conformity assessment and technical execution of structural steel and aluminium components/kits for construction works. Primary purpose: enable CE marking via risk-based controls. Key approach: Execution Classes (EXC1-EXC4) scaling requirements by failure consequence, service, and production categories.

Key Components

**EN 1090-1FPC certification, DoP, AVCP systems, notified body oversight.
**EN 1090-2/-3Material traceability, welding (ISO 3834), tolerances, corrosion protection, NDT inspection. Built on risk-proportionate principles; certification model requires notified body initial audit and surveillance.

Why Organizations Use It

Mandatory for EU/EEA market access; reduces liability, ensures traceability. Benefits: defect reduction, rework minimization, qualified personnel. Builds stakeholder trust, unlocks high-risk projects (EXC3/4), competitive edge via certified quality.

Implementation Overview

Phased: gap analysis, FPC build, welding quals, NB certification (3-12 months). Applies to fabricators globally targeting Europe; suits SMEs to enterprises. Involves training, digital traceability, ongoing surveillance audits.

ISO/IEC 42001:2023 Details

What It Is

ISO/IEC 42001:2023 is the world's first international standard for establishing, implementing, maintaining, and improving an Artificial Intelligence Management System (AIMS). It provides a certifiable framework using the Plan-Do-Check-Act (PDCA) methodology and High-Level Structure (HLS) to manage AI risks and opportunities responsibly across the full AI lifecycle.

Key Components

Clauses 4-10 cover context, leadership, planning, support, operation, evaluation, and improvement.
Annex A with 38 AI-specific controls for data, transparency, integrity, and resiliency.
Built on PDCA and HLS for integration with ISO 9001/27001; includes AI Impact Assessments (AIIAs).
Third-party certification via accredited auditors, with 3-year validity and surveillance.

Why Organizations Use It

Mitigates AI risks like bias, drift, and ethics; aligns with EU AI Act.
Enhances trust, reputation, and procurement advantages (e.g., Microsoft SSPA).
Drives innovation, compliance, and ROI via cost savings and insurance discounts.

Implementation Overview

Phased gap analysis, risk assessments, training; 6-12 months typical.
Applicable to all sizes/sectors/AI roles; integrates existing MSS for efficiency.

Key Differences

Aspect	EN 1090	ISO/IEC 42001:2023
Scope	Execution and conformity of steel/aluminium structures	AI management systems across full lifecycle
Industry	Construction, fabrication; EU/EEA focus	All industries worldwide, any AI role
Nature	Harmonized standard enabling mandatory CE marking	Voluntary international management system standard
Testing	FPC certification, ITT/ITC, ongoing NB surveillance	Internal audits, management reviews, third-party certification
Penalties	Market exclusion, legal liability without CE mark	Loss of certification, reputational damage

Scope

EN 1090

Execution and conformity of steel/aluminium structures

ISO/IEC 42001:2023

AI management systems across full lifecycle

Industry

EN 1090

Construction, fabrication; EU/EEA focus

ISO/IEC 42001:2023

All industries worldwide, any AI role

Nature

EN 1090

Harmonized standard enabling mandatory CE marking

ISO/IEC 42001:2023

Voluntary international management system standard

Testing

EN 1090

FPC certification, ITT/ITC, ongoing NB surveillance

ISO/IEC 42001:2023

Internal audits, management reviews, third-party certification

Penalties

EN 1090

Market exclusion, legal liability without CE mark

ISO/IEC 42001:2023

Loss of certification, reputational damage

Frequently Asked Questions

Common questions about EN 1090 and ISO/IEC 42001:2023

EN 1090 FAQ

ISO/IEC 42001:2023 FAQ

You Might also be Interested in These Articles...

CMMC Cost Calculator: Realistic Budgets for Levels 1-3, C3PAO Fees, and ROI for Small DIB Suppliers

Calculate realistic CMMC costs for Levels 1-3: self-assessments, C3PAO fees, tooling, remediation & ROI. Interactive tool for small DIB suppliers. Get benchmark

Breaking Down NIST CSF 2.0 Structure: Core, Tiers, Profiles, and Real-World Application

Master NIST CSF 2.0 structure: Govern + 5 Core functions, Tiers (Partial-Adaptive), Profiles for gaps, and real-world apps. Build effective cyber risk strategie

NIST CSF 2.0 Supply Chain Risk Management: Complete Playbook with Profiles, Tiers, and Vendor Assessment Templates

Master NIST CSF 2.0 ID.SC supply chain risk management with vendor assessment templates, profile gap analysis, and tier strategies. Mitigate third-party threats

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

K-PIPA vs EN 1090

Unravel K-PIPA vs EN 1090: Compare Korea's stringent data privacy law with EU steel/aluminium standards. Key differences, compliance strategies & risks for global firms. Dive in now!

PCI DSS vs ISO 27701

PCI DSS vs ISO 27701: Compare card data security (PCI's 12 requirements) with PII privacy management (ISO's PIMS). Key differences, overlaps & compliance roadmap. Dive in now!

BREEAM vs ISO 41001

Compare BREEAM vs ISO 41001: BREEAM rates building sustainability (energy, health, ecology) for certifications like Outstanding. ISO 41001 governs FM systems via PDCA for efficiency. Choose wisely—read now!

EN 1090

ISO/IEC 42001:2023

Quick Verdict

EN 1090

Key Features

ISO/IEC 42001:2023

Key Features

Detailed Analysis

EN 1090 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

ISO/IEC 42001:2023 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

EN 1090 FAQ

What is the primary objective of EN 1090?

Who is legally or professionally required to comply with EN 1090?

Does EN 1090 require an external audit or third-party certification?

How often should an assessment for EN 1090 be performed?

What are the consequences of non-compliance with EN 1090?

An EN 1090 be mapped to other international frameworks?

What is the first step to begin implementing EN 1090?

ISO/IEC 42001:2023 FAQ

What is the primary objective of ISO/IEC 42001:2023?

Who is legally or professionally required to comply with ISO/IEC 42001:2023?

Does ISO/IEC 42001:2023 require an external audit or third-party certification?

How often should an assessment for ISO/IEC 42001:2023 be performed?

What are the consequences of non-compliance with ISO/IEC 42001:2023?

An ISO/IEC 42001:2023 be mapped to other international frameworks?

What is the first step to begin implementing ISO/IEC 42001:2023?

You Might also be Interested in These Articles...

CMMC Cost Calculator: Realistic Budgets for Levels 1-3, C3PAO Fees, and ROI for Small DIB Suppliers

Breaking Down NIST CSF 2.0 Structure: Core, Tiers, Profiles, and Real-World Application

NIST CSF 2.0 Supply Chain Risk Management: Complete Playbook with Profiles, Tiers, and Vendor Assessment Templates

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

K-PIPA vs EN 1090

PCI DSS vs ISO 27701

BREEAM vs ISO 41001