Pega Achieves ISO/IEC 42001:2023 Certification to Provide Clients the Most Comprehensive AI Governance and Trust Standards

WALTHAM, Mass. – February 3, 2026 – Pegasystems Inc. (NASDAQ: PEGA), The Enterprise Transformation Company™, announced it has achieved ISO/IEC 42001:2023 certification for Pega Cloud® services, Pega GenAI™ solutions, predictive and adaptive analytics capabilities, and natural language processing. This certification demonstrates how Pega solutions meet the rigorous international standard for AI governance, directly addressing clients’ most pressing trust, compliance, and procurement challenges. 

AI adoption continues to accelerate at an unprecedented pace, with Gartner projecting that global AI spending will top $2 trillion by 2026. However, 74% of enterprises struggle to balance innovation with security when deploying generative AI, according to Boston Consulting Group. The ISO/IEC 42001:2023 standard provides a comprehensive framework for responsible AI lifecycle management, covering everything from AI impact assessments and human-in-the-loop controls to supplier governance and corrective action protocols. For Pega clients deploying AI-powered workflows in highly regulated sectors, the certification delivers the third-party validation needed to scale AI with confidence. 

Pega's certification directly addresses three challenges organizations face when adopting AI:

• Buying-center trust and reduced friction – Enterprises require evidence of formal AI governance, supplier controls, and shareable policy artifacts. Without third-party certification, security reviews stall and procurement cycles extend. Pega's ISO/IEC 42001 certification provides auditable evidence that accelerates vendor evaluation and shortens time to contract. 
• Regulatory readiness and market access – The EU AI Act, which began phased implementation in 2024, imposes strict lifecycle requirements on AI systems, and similar regulations are emerging globally. EU penalties can reach up to €35 million or 7% of global turnover for prohibited practices. Pega's certification validates the formal controls required by these regimes – including AI impact assessments, incident management, risk management, and competency tracking – are already operational.
• Operational risk and scale – To deploy AI across the enterprise, organizations need consistent safeguards such as human-in-the-loop oversight, data masking, and release gating. Pega's Artificial Intelligence Management System enforces these controls natively, enabling organizations to scale AI features without introducing unmanaged risk.

Pega’s ISO/IEC 42001 certification applies to version 25.1 and newer of Pega Infinity™ — Pega’s Agentic Enterprise Platform — helping organizations modernize legacy systems, automate work with AI agents, and boost productivity without sacrificing reliability. Pega’s certified AI management system gives clients confidence in achieving measurable value while reducing risk. Built in controls support regulatory readiness, lifecycle safeguards enable safe AI scaling, and auditable supplier controls strengthen governance, trust, and brand credibility in regulated environments.

For more information, download Pega’s ISO/IEC 42001 certification here and visit www.pega.com/trust for more detail on Pega’s security practices.

Quotes & Commentary:
“As enterprises rush to adopt AI, the gap between innovation and governance is the biggest barrier to success,” said Carlos Fuentes, chief information security officer, Pega. “The ISO/IEC 42001 certification isn’t just a compliance checkbox, it’s proof Pega AI solutions are built on solid, auditable controls, so clients can move fast without taking unnecessary risks. In regulated industries, governance isn’t optional – it’s an essential part of business. This certification gives clients the confidence that they can unlock AI’s potential while meeting regulatory and industry expectations.”