There are two different things people mean by AI governance certification, and conflating them wastes money. One is a credential that certifies a person: the IAPP's Artificial Intelligence Governance Professional (AIGP). The other is a certificate that certifies an organisation: ISO/IEC 42001, awarded after an accredited body audits your AI management system. A listicle that ranks them side by side as if they compete is answering the wrong question. You do not choose between them. You work out which one your situation actually calls for, and then you make passing it cheap by having the controls in place before the exam or the audit.
This guide does three things no exam-prep blog does. It lays out the AIGP credential accurately, with the current exam format, cost, and the 2026 body-of-knowledge changes. It separates the personal credential cleanly from the organisational ISO 42001 certificate. And it maps the requirements of both, the AIGP deployment domain and the ISO 42001 lifecycle controls, to the specific technical controls that produce the evidence each one demands at audit. That mapping is the part that turns a certificate into something operational rather than decorative.
Quick answer: which certification, for whom
If you are an individual whose job now includes AI governance, AIGP is the credential. If you are a company that has been told by a customer or board to prove your AI governance, ISO/IEC 42001 is the certificate. They are layers, not alternatives.
- AIGP (IAPP). A personal credential. 100-question exam, roughly three hours, 649 USD for members and 799 USD for non-members as of June 2026 (IAPP). No prerequisites. Two-year term, 20 CPE credits to renew. Proves you understand AI governance across the lifecycle.
- ISO/IEC 42001 (organisational). A certificate awarded to an organisation by an accredited certification body after a two-stage audit of your AI management system (AIMS). Valid three years with annual surveillance. Proves your governance is real and operating (ISO).
- ISO 42001 personal courses. Foundation, Lead Implementer, and Lead Auditor credentials certify individuals to build or audit an AIMS. These are personal, like AIGP, but tied to one standard rather than the whole regulatory landscape.
The thread running through all of them: every certification eventually asks for evidence, and the cheapest way to produce evidence is to have the enforcement and logging infrastructure running before you start. The back half of this guide is about that.
Personal credential or organisational certificate: the distinction that decides everything
The single most common planning mistake is treating "AI governance certification" as one thing. It is two, and they answer to different buyers.
A personal credential certifies that a named human knows the subject. It goes on a CV and a LinkedIn profile. The AIGP is the dominant example. It does nothing to certify your employer's systems; it certifies you. When a hiring manager for an AI governance role wants a filter, this is what they look for.
An organisational certificate certifies that a company's management system conforms to a standard. ISO/IEC 42001 is the example that matters. It goes on a trust page and a procurement questionnaire. It says nothing about whether any individual employee is qualified; it says the system as a whole was audited and found conforming. When a customer's vendor-risk team asks "can you prove your AI is governed," this is the artefact that answers them.
| Dimension | Personal credential (AIGP) | Organisational certificate (ISO 42001) |
|---|---|---|
| Certifies | A named individual's knowledge | A company's AI management system |
| Awarded by | IAPP (a professional body) | An accredited certification body |
| Proof mechanism | A 100-question exam | A two-stage audit (Stage 1 + Stage 2) |
| Lives on | A CV, a profile | A trust page, a procurement response |
| Answers the question | "Does this person understand AI governance?" | "Is this company's AI governance real and operating?" |
| Validity | 2 years, 20 CPE credits to renew | 3 years, annual surveillance audits |
| Who buys it | The professional, or their employer for them | The organisation, for its customers and board |
The practical consequence: a person can hold AIGP and work at a company with no ISO 42001 certificate, and a company can hold ISO 42001 with not a single AIGP-certified employee. They are bought by different people for different reasons. Most organisations serious about AI governance end up wanting both, because the credential builds the internal competence that makes the certificate cheaper to earn.
The IAPP AIGP credential, in detail
The AIGP is issued by the International Association of Privacy Professionals, the body behind the long-established CIPP and CIPM privacy credentials. It launched in 2023 and, by the IAPP's own account, drew over 4,000 enrolments in its first year, which is why it has become the default line item on AI governance job descriptions.
What the exam actually tests
The credential validates competency in the responsible development, deployment, and management of AI systems. The exam is delivered through Pearson VUE. It contains 100 multiple-choice questions, of which 85 are scored and 15 are unscored pilot items, and you have roughly three hours (IAPP AIGP). The passing mark is 300 on a scaled score that runs from 100 to 500, the same scoring model the IAPP uses across its certifications (IAPP FAQs). There are no prerequisites, which is deliberate: the IAPP positions AIGP for lawyers, compliance officers, privacy professionals, and technologists alike, not only engineers.
The four domains
The AIGP body of knowledge is organised into four domains. Understanding their shape tells you where the credential's centre of gravity sits, and it sits firmly on the operational end.
- Domain I, Understanding the foundations of AI governance. AI technology basics, the development lifecycle, and the case for governance. The grounding layer.
- Domain II, Understanding how laws, standards, and frameworks apply to AI. The EU AI Act's risk-based classification, the provider-versus-deployer distinction, the NIST AI RMF, the OECD principles, and emerging law. This is the breadth that makes AIGP a landscape credential rather than a single-standard one.
- Domain III, Understanding how to govern AI development. Governing the build: data, training, validation, and the controls that belong upstream of release.
- Domain IV, Understanding how to govern AI deployment and use. Governing the running system: oversight, monitoring, incident response, and the controls that operate after release.
Domains III and IV are where the credential stops being a survey of regulation and starts describing what governance looks like in practice. They are also, not coincidentally, the domains that map most directly onto technical controls, which is the subject of the mapping table later in this guide.
What changed in 2026
The body of knowledge moved to version 2.1, effective February 2026. The changes are a useful signal of where the field is heading. Agentic architectures were added to the deployment examples, reflecting that autonomous agents calling tools are now a governed category in their own right. ISO/IEC 42005, the AI system impact assessment standard, was added to the core knowledge (ISO 42005). And the terminology shifted throughout from "AI model" to "AI system," acknowledging that governance applies to the deployed system and its surrounding controls, not just the model weights.
Cost and maintenance, in full
The AIGP exam costs 649 USD for IAPP members and 799 USD for non-members, as of June 2026, booked through the IAPP store. IAPP membership is a separate annual fee, and most candidates who pay for membership do so because it discounts the exam and the training. Official training is optional and adds roughly 1,000 USD. The certification term is two years, beginning the day after you pass. To maintain it you submit 20 CPE credits that map to the body of knowledge and pay a maintenance fee each term (IAPP FAQs). Budget for the renewal, not just the exam: a lapsed credential helps no one.
ISO/IEC 42001 certification: the organisational path
ISO/IEC 42001 is a different animal. It is the first certifiable management-system standard for AI, published in December 2023, and the certificate is awarded to an organisation, not a person. The depth of how to implement it, the clause structure, the 38 Annex A controls, the Statement of Applicability, and the realistic timeline, is covered in the companion ISO 42001 guide. This section covers only what the certification process is, so you can see how it differs from sitting an exam.
Certification follows the standard ISO two-stage model. Stage 1 is a documentation and design review: the auditor confirms your AIMS scope, policies, risk methodology, and Statement of Applicability are in place and aligned to the standard. Stage 2 is the implementation audit: auditors interview your teams, review records, observe processes, and verify that the controls you claimed are actually operating. If there are no major nonconformities, the accredited body issues the certificate, valid for three years with annual surveillance audits.
The artefact that ties the standard to your specific systems is the Statement of Applicability (SoA). For each of the 38 Annex A controls, the SoA records whether you implemented it, whether you excluded it, and why. The auditor reads it first, because it tells them what evidence to ask for. This is the structural difference from a personal credential: AIGP asks what you know, ISO 42001 asks what your system can prove.
The two are complementary in a way that matters for budgeting. An AIGP-certified governance lead is well placed to design and run the AIMS that ISO 42001 then certifies. The credential builds the human competence; the certificate audits the organisational result. Companies pursuing the certificate often put their governance owners through AIGP or the ISO 42001 Lead Implementer course first, precisely so the people building the system understand it.
AIGP vs ISO 42001 vs the security-led credentials
AIGP and ISO 42001 are the two names that dominate AI governance certification, but they are not the only credentials in the space, and the security-led ones are growing. The table below compares the main options on the dimensions that actually drive a decision. Use it to place yourself: governance generalist, AIMS specialist, or security-anchored practitioner.
| Certification | Issuer | Certifies | Format | Cost (approx, 2026) | Prerequisites | Best for |
|---|---|---|---|---|---|---|
| AIGP | IAPP | A person | 100-question exam, ~3 hrs | 649 / 799 USD (member / non-member) | None | Governance, legal, compliance, and policy professionals who need landscape breadth |
| ISO/IEC 42001 (org) | Accredited certification body | An organisation | Stage 1 + Stage 2 audit | Auditor-days; scales with scope | A built AIMS | Companies that must prove AI governance to customers or boards |
| ISO 42001 Lead Implementer | Training providers (PECB, BSI, others) | A person | Course + exam | 1,500 to 3,500 USD | Relevant experience recommended | Practitioners who will build and run an AIMS |
| AAISM / security-led | ISACA and similar | A person | Course + exam | Varies | Often a security cert (CISM/CISSP) | Security professionals folding AI risk into an existing SOC remit |
The pattern in the table: AIGP gives you breadth across the regulatory landscape with no entry barrier, ISO 42001 (organisational) is the only certificate a customer can actually verify, the ISO 42001 personal courses give implementation depth on one standard, and the security-led credentials suit people already inside a security function. None of them is a substitute for any other. The cheapest decision is the one that matches the role you are in or the proof your customer is asking for, not the one with the most prestige.
Mapping certification requirements to self-hostable controls
Here is the part the exam-prep industry skips. Both AIGP Domain IV and ISO 42001 Annex A require you to govern deployed AI systems, and "govern" is not satisfied by a policy document. An auditor, and increasingly a customer's security team, wants to see the control operating and a record proving it did. For the lifecycle and deployment requirements, the honest answer to "show me the evidence" is not a screenshot of a policy. It is a log.
This reframes certification readiness as an infrastructure question. The controls that satisfy the deployment-side requirements of both certifications share a common shape: enforce the rule at a point every request passes through, and emit a structured, tamper-evident record of every decision. If your AI agents call tools through the Model Context Protocol, the MCP transport layer is that chokepoint, and governing there means every model, client, and tool inherits the policy. The four controls below are the ones that recur across both frameworks, and all four can run entirely on infrastructure you own, inside your own perimeter, with no data leaving it.
The table maps the certification requirement to the concrete control and the evidence it produces. Read it as a readiness triage: for each row, ask whether you could produce that evidence today. The rows where you cannot are your critical path, and they are an architecture decision, not a paperwork sprint.
| Certification requirement | Where it comes from | Self-hostable control | Audit evidence it produces |
|---|---|---|---|
| Govern AI deployment and use | AIGP Domain IV | Real-time policy enforcement at the tool-call layer: scope checks, allowlists, blocklists | A logged allow/deny decision for every tool call, in structured JSON |
| Human oversight of AI operation | AIGP Domain IV; ISO 42001 A.9 | Permission gating with role-based access control and human-in-the-loop approval records | An audit trail of who approved, denied, or escalated each sensitive action |
| AI system lifecycle monitoring | ISO 42001 A.6 (operation and monitoring) | Hook-driven event capture across sessions, prompts, and tool calls | Immutable, time-stamped event logs of the running system, ingestible by a SIEM |
| Model and asset inventory | AIGP Domain IV; ISO 42001 A.4 | A registry of which models, agents, and tools are in use, with configuration tracked | A current inventory record an auditor can reconcile against live activity |
| Data governance in operation | ISO 42001 A.7; AIGP Domain III | Logged record of which data each request accessed, with secret scanning at the boundary | A data-access trail and a record of blocked sensitive-data egress |
| Third-party tool control | ISO 42001 A.10; AIGP Domain IV | An enforced allowlist of approved external tools and MCP servers | Logged provenance for every external tool call, plus denials of unapproved ones |
Notice that the same control often satisfies a requirement in both frameworks. A logged allow/deny decision at the tool-call layer is evidence for AIGP Domain IV's deployment governance and for ISO 42001's A.9 control on responsible use, simultaneously. This is where the saving compounds: you do not build separate evidence pipelines per certification. You build one enforcement-and-logging capability, and it produces evidence that maps to multiple frameworks at once. The AI governance framework guide sets out how these frameworks overlap; the practical implication here is that a single technical control can close several boxes.
Why "self-hostable" is the operative word
Several of these controls handle prompts, tool calls, and data that an organisation cannot send to a third party, either for regulatory reasons or because the data is the company's crown jewels. A governance control that requires shipping every agent interaction to an external service is a non-starter for a regulated enterprise. The controls in the table above are all of the kind that can run as infrastructure inside your own perimeter, air-gapped if required, which is what makes them viable for the organisations most likely to need certification in the first place. The deployment side of this evidence pipeline is covered in depth in the AI governance platform guide.
The takeaway for anyone preparing for either certification: do not start with the documentation. Start by auditing whether you can produce the deployment evidence at all. If you cannot today show an immutable log of what your AI agents called and a record of the policy decisions that gated them, that gap is your critical path, and closing it makes both the AIGP-level understanding and the ISO 42001-level audit dramatically cheaper.
How both certifications connect to the EU AI Act and NIST AI RMF
Neither AIGP nor ISO 42001 exists in isolation, and a large part of what each certifies is the ability to operate under the regulation and frameworks that sit above them. AIGP Domain II is explicitly about how laws, standards, and frameworks apply to AI, and ISO 42001's risk work is designed to feed conformity evidence for binding regulation. Understanding this layering is what stops you paying for the same risk analysis twice.
The EU AI Act, Regulation 2024/1689, is the one with legal force. It classifies AI systems by risk tier and imposes conformity-assessment obligations on high-risk systems, including requirements for human oversight, logging, and record-keeping that map almost directly onto the technical controls in the table above. The Act draws a hard line between a provider (who builds the system) and a deployer (who operates it), and AIGP tests that distinction precisely because it changes which obligations land on you. A conforming ISO 42001 management system does not automatically satisfy the Act, but it produces much of the documentation, risk assessment, and lifecycle evidence the high-risk regime demands, which is why the two are increasingly run together.
The NIST AI Risk Management Framework, published January 2023, is the voluntary framework both credentials reference. Its four functions (Govern, Map, Measure, Manage) give you a vocabulary for AI risk without committing to an audit, and it is the cheapest place to start. The sequence most organisations land on: use the NIST AI RMF to do the risk thinking, use ISO 42001 to make that thinking auditable and certifiable, and use both to evidence conformity for the obligations the EU AI Act imposes. AIGP sits across all three, which is exactly why it is a landscape credential rather than a single-standard one. The practical reading for a certification candidate is that Domain II is not trivia to memorise; it is the map of how your eventual technical controls satisfy several regimes at once.
The 2026 addition of ISO/IEC 42005, the AI system impact assessment standard, to the AIGP body of knowledge reinforces this. An impact assessment is the document that names the harms a system can cause, and several of those harms are only detectable in production through the monitoring control in the table above. The assessment names the risk; the infrastructure proves you can see and treat it. A certification candidate who understands that link, rather than treating the impact assessment as a form to fill in, is the one who passes Domain IV without effort.
The mistakes that make certification expensive
Most of the cost in AI governance certification is self-inflicted, and the failure modes are predictable. Knowing them in advance is the cheapest optimisation available.
- Treating the certificate as a documentation project. The recurring trap, for organisations, is writing a policy that says "AI use is monitored" and discovering at the Stage 2 audit that there is no log proving it. A policy is necessary and not sufficient. The auditor asks for the decision the policy governed, and a Word document is not that decision.
- Buying the wrong kind of certification. Paying for an organisational ISO 42001 engagement when what the customer actually wanted was a named governance lead, or sending a person to sit AIGP when the procurement questionnaire needed an organisational certificate. The personal-versus-organisational distinction is the first decision, and getting it wrong wastes the entire spend.
- Letting the credential lapse. The AIGP term is two years and renewal requires 20 CPE credits plus a maintenance fee. A lapsed credential on a CV is worse than none, because it signals the holder stopped keeping current in a field that moves every quarter.
- Studying the regulation but not the controls. A candidate who memorises the EU AI Act's risk tiers but has never seen an enforced allow/deny decision will struggle with Domain IV, because deployment governance is operational knowledge, not legal knowledge. The fastest study route is to have operated the controls.
- Building separate evidence per framework. Maintaining one evidence pipeline for ISO 42001, another for the EU AI Act, and a third for an internal audit is a maintenance burden that never ends. The efficient move, shown in the mapping table, is one enforcement-and-logging capability whose output maps to every framework at once.
The pattern across all five is the same one that runs through this entire guide: the gap is rarely the absence of knowledge or policy, it is the absence of the running evidence that the policy operates. That evidence is a property of your infrastructure, decided by architecture, which is why the deployment controls are the thing to put in place first.
A practitioner's path: pick the certification, then make it cheap
The sequence that wastes the least money runs in this order. First, identify whether you are certifying a person or an organisation, because that single distinction selects your entire path. Second, if it is a person, AIGP is the broad default and the ISO 42001 Lead Implementer course is the implementation-deep alternative; pick by whether you need landscape breadth or single-standard depth. Third, if it is an organisation, scope the AIMS honestly, because the boundary decides the audit cost, and treat the certificate as the audit of a capability you run rather than a project you start.
For a team rather than an individual, the sequencing compounds the saving. Put one or two governance owners through AIGP or the ISO 42001 Lead Implementer course first, so the people who will design the management system understand both the regulatory landscape and the standard's clause structure before they touch it. Have them stand up the deployment controls (enforcement at the tool-call layer, immutable logging, role-based access) as the next step, because those controls take real engineering time and produce the evidence every later audit will ask for. Only then book the organisational ISO 42001 audit. Run in that order, the certificate becomes a confirmation of work already done rather than a deadline that forces a scramble, and the human credentials earned along the way are reusable across every subsequent framework the team has to satisfy.
The connecting insight is that the certification is the easy part once the infrastructure exists. An AIGP candidate who has actually operated a logged, enforced AI governance pipeline will find Domain IV intuitive rather than abstract, because they have seen the controls run. An organisation whose agent activity is already producing immutable logs and enforced policy decisions walks into a Stage 2 audit with the evidence already on the shelf. The expensive failure mode, for both, is treating governance as something you write down rather than something you enforce. Map your risk work to a recognised framework first to avoid duplicating it: the AI risk management guide shows how the NIST AI RMF gives you that vocabulary before you commit to either certification.
What to do next
Start by naming what you are certifying. If it is yourself, the AIGP body of knowledge is the syllabus and the four domains are your study map; budget for the 20-CPE renewal, not just the exam. If it is your organisation, read the ISO 42001 implementation guide for the clause-and-control depth, and audit your AI agent activity against the control-to-evidence table above before you book an auditor. For the framework layer that sits beneath both, the AI governance framework guide places AIGP, ISO 42001, NIST, and the EU AI Act in one stack so you map your controls once.
