GitLab achieves ISO/IEC 42001 certification for AI governance

Artificial intelligence (AI) is transforming how we work and solve problems across every industry. As AI becomes more integrated into business processes and decision-making, the need for robust AI governance frameworks has never been more critical. Organizations must balance the potential opportunity of AI with ensuring AI systems are built safely, ethically, and with accountability.

As part of our commitment to responsible AI management, we're excited to announce that GitLab has achieved the ISO/IEC 42001 certification, the first internationally recognized standard for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations.

The scope of the certification includes our comprehensive AI offering, GitLab Duo, as well as GitLab Duo Agent Platform and its components. As a leader in DevSecOps, GitLab provides AI-powered features across the development lifecycle, including capabilities such as:

• GitLab Duo Agent Platform (now in public beta, general availability planned for later this year): Enables asynchronous collaboration between developers and specialized AI agents throughout the software development lifecycle, helping transform linear development processes into dynamic, parallel workflows while providing agents with access to all of the software engineering context stored within GitLab's unified platform.
• Code Suggestions (generally available): Allows developers to stay in flow by predictively completing code blocks, defining function logic, generating tests, and proposing common code like regex patterns, all in the same environment where they already code.
• Vulnerability Explanation (generally available): Helps developers and security analysts understand vulnerabilities, how they might be exploited, and how to fix them.
• Test Generation (generally available): Creates tests automatically for selected code, improving coverage and reducing manual effort.

What this certification means for GitLab users

Enhanced trust and transparency: Our AI features are built and managed according to globally recognized best standards for AI governance, supporting reliability and ethical implementation.

Strategic risk management: We've implemented risk assessment and risk treatment strategies for AI components within our platform, considering aspects such as operational business continuity risks, technical risks, security and privacy risks, and broader societal implications. This proactive approach enhances customer data protection and facilitates more reliable AI-powered features.

Continuous improvement: Under the ISO/IEC 42001 framework, we will work to continuously evaluate and enhance our AI capabilities through annual external surveillance audits, regular internal assessments, and leadership AIMS review while maintaining standards of quality and responsibility.

Regulatory alignment: As AI regulations continue to evolve globally, like the EU AI Act, this certification supports GitLab's alignment with emerging regulatory requirements.

This achievement validates GitLab's position as the trusted platform for AI-powered DevSecOps, and we are excited to continue leading the way in responsible AI innovation.

Learn more

• View the ISO/IEC 42001 certificate at the GitLab Trust Center.
• Read about our AIMS in our handbook.
• Check out the GitLab AI Transparency Center.
• Explore all GitLab Duo features and capabilities in our documentation.