Compare
Not every certification
is the same certification.
Buyers, regulators, and the public face four broadly available ways to evaluate whether an AI system is trustworthy. Only one of them is structurally designed to be both independent and publicly verifiable.
| Criterion | Ethicality | Consulting-firm audits | Self-attestation | Regulator-only compliance |
|---|---|---|---|---|
| Published, public standard | ✓ AIMSS in full | — Proprietary methodology | — Vendor whitepaper | ◐ Statute only |
| Public registry of certified organisations | ✓ | — | — | ◐ Where regulator publishes |
| Independence policy (no consulting to audited clients) | ✓ | — Same firm sells both | — | ✓ |
| Unannounced surveillance visits | ✓ | — | — | ◐ Where authority empowered |
| Public complaints register | ✓ | — | — | ◐ |
| Suspensions & withdrawals published | ✓ | — | — | ◐ |
| Transparent, scoped fees | ✓ Quoted in engagement letter | — Bespoke engagements | ✓ Free | ◐ Statutory fees |
| Buyer-side certification for AI users | ✓ Ethical Use track | — | — | — |
| Adopt-into-standard process for public proposals | ✓ Policy Institute | — | — | ◐ Rule-making |
| Independent appeals panel | ✓ | — | — | ✓ Judicial review |
| Assessor rotation rules | ✓ | ◐ | — | ✓ |
✓ Present · ◐ Partial · — Absent. No firms or individuals are named.
What this means
The questions to ask any AI audit.
Is the standard public? If you cannot read it, you cannot challenge it.
Can I look up the certificate? If there is no registry, claims are unverifiable.
Who pays the assessor, and who else do they sell to the same client? If the assessment firm also consults them, the report's independence is structural fiction.
What happens between audits? A certificate that is only checked every three years is a snapshot. Continuous integrity is the standard the public deserves.
Where do complaints go? If there is no public channel, problems stay private until they explode.
Read further