ISO/IEC 42001, AI Management System
The world's first standard for responsible AI. I help you implement and build up the AIMS, gap analysis, internal audit and certification readiness, not just review it.
ISO 42001 · ISO 27001 · EU AI Act
The AI-Auditor
Understand AI. Control AI. Profit from AI.
Wherever you build and deploy AI, I help you implement, govern and prove it, ISO/IEC 42001 (a global standard), ISO/IEC 27001 and the EU AI Act. Implementation, advisory and supplier audits, not just reports, backed by hands-on industrial experience across several countries.
Hands-on across borders: I have audited in the Netherlands, the UK (Scotland), Croatia, Serbia and Türkiye, plus Germany, where I'm based, and helped build up a manufacturing operation in Serbia from the ground up.
The world's first standard for responsible AI. I help you implement and build up the AIMS, gap analysis, internal audit and certification readiness, not just review it.
Classify your AI systems, map your obligations under the EU AI Act and build the governance to meet them, with a realistic roadmap, whether you operate in or enter the EU.
The backbone of credible AI governance: a robust ISMS that stands up to audits and customer scrutiny.
Independent supplier and internal audits, in Germany and worldwide, on-site or remote, useful when your own team has no capacity. (Not accredited certification, that is done by the certification body.)
For international buyers · Second-party audits
If you source from German or European suppliers and partners, you need to know they hold up, on quality, information security, AI governance and supply-chain duties. Flying your own team across the Atlantic for every audit is slow and expensive. I am on the ground in Germany: a qualified second-party auditor who audits your European supply chain on your behalf, audits conducted in German, with first-hand manufacturing insight, and your report in English.
An independent second-party audit on your behalf, not accredited certification (that is issued by a certification body). I am not bound to any certification body, so the assessment stays neutral.
Training · PECB Partner & Certified Trainer
Official PECB courses in English, ISO/IEC 42001 and 27001, from Foundation to the internationally recognised Lead Auditor. Available worldwide as eLearning and self-study; live online or in-house on request. Exam and certificate are issued by PECB.
Sectors
I started in aviation and ran a precision-manufacturing company, so I am at home where AI meets real production, safety and supply chains, not just slideware. Many of these sectors fall under the EU AI Act's high-risk rules, and that is exactly where ISO/IEC 42001 and independent audits earn their keep.
AI Act obligations differ by sector, let's identify yours. Book a tailored 15-min review →
Free download
An 8‑page PDF for companies whose AI reaches the EU. Authorised Representative cheat sheet (Article 22), 12-point compliance checklist, penalty reference card (Article 99) and the May 2026 Digital Omnibus state. Written by an ISO/IEC 42001 Senior Lead Auditor, not a marketing intern.
About
From the shop floor to the managing director's chair, and onto the auditor's seat. No academic detour, no consultant CV: real industry, restructuring and AI implementation. That practical background is the foundation of how I audit.
“The AI Auditor” is a brand of FERNAU Präzisionstechnik GmbH, based in Darmstadt, Germany.

Hands-on across Europe
…plus Germany, where I'm based.
Because I have sat on the audited side as a managing director, I know how a management system has to work in real operations, not just on paper. That is the difference between a report and a result.
How we work
Align scope, which systems, which markets, your timeline. Honest reading on whether you need ISO 42001, AI Act readiness, or both.
Gap analysis against ISO/IEC 42001 and the AI Act, classification of your AI systems, prioritised action plan with effort estimate.
Build-up of the AI management system, internal audit, readiness for the external certification audit, or independent second-party audits of your AI suppliers across borders.
Certification bodies may not consult. I help you build and get ready, the accredited body then certifies independently.
I ran and restructured a manufacturing company and built AI myself. I know how management systems survive contact with reality.
You talk directly to the auditor, no rotating junior team, no corporate overhead. Short paths, fast decisions.
What clients say
English translations of attributed German originals, same speakers, same statements.
“Drawing on his experience from the shop floor to the executive suite, Lars Zimmermann quickly grasps what the real problems are, can put himself in the shoes of managing directors and then help in a targeted way with experience and technical know-how. He is a focused practitioner who concentrates pragmatically on results that genuinely move companies forward. In the AI field he is right at the cutting edge and can not only audit AI systems but also knows exactly what he is talking about, because he works productively with AI in his own company every day and confidently masters the latest working methods and tools.”“I work with Lars in both strategic and technical contexts, and that combination is rare. In a short time he has gone deep on modern AI-driven development approaches, while always bringing the domain understanding that many purely technical profiles lack. What convinces me most: Lars thinks disruptively without losing his sense for what actually works in practice. For projects at the intersection of innovation and execution, he is a real asset.”“Lars Zimmermann combines technical know-how with a customer focus that has become rare in our industry. For us he is far more than a customer, he is a sparring partner and advisor. Grounded, competent, reliable, working with Lars is not a business relationship, it is a partnership.”“Lars built us a new website and a small ERP tool. The speed was simply outstanding. We can now automate so much more. He immediately understood what mattered to us and, drawing on his experience, brought in ideas of his own that genuinely surprised us. You can tell Lars is a practitioner. On top of that he gave us tips and tricks and even put us in touch with suppliers. Real added value, all round.”“Lars Zimmermann supports us on our web-based CAM software with regular, practice-grounded feedback. His perspective from industrial use is invaluable in keeping our product aligned with what manufacturing operations actually need. He also contributes valuable input to our user-experience work.”Short, honest answers to what international clients ask first.
Yes. I work in English with international clients whose AI or supply chain touches the EU market, directly or through their customers and partners. The engagement contract is under German law unless agreed otherwise.
Yes, that is a core part of what I do. I run on-site second-party audits of your German and European suppliers and partners on your behalf, audits conducted in German, your report in English. You get local presence and hands-on manufacturing insight without flying a team across the world. The criteria can be ISO/IEC 42001, ISO/IEC 27001 or your own supplier requirements.
The Authorised Representative is a regulated role with statutory duties and termination rights, I help you structure the requirements and prepare the mandate, and I refer you to qualified Authorised Representatives in my network. I do not act as an Authorised Representative myself, to avoid conflicts with my advisory role.
Yes. Documentation review and interview-based audits run reliably remote. On-site visits are useful when production processes, physical environments or supplier facilities matter. We agree the mix per engagement.
End-to-end, plan for 3 to 9 months from gap analysis to certification readiness, depending on your starting point. A short discovery call gives a much more realistic number than a generic estimate.
No. The certificate is issued by an accredited certification body, independent of the consultant. I prepare you for that audit (gap analysis, build-up, internal audit) and conduct second-party audits of your suppliers, never the act of certifying your own system.
A 15-minute discovery call, then a 2- to 4-week roadmap (gap analysis + prioritised plan), then implementation, readiness or supplier audit work over 1 to 3+ months. You can stop after any phase.
Darmstadt, Germany. "The AI Auditor" is a brand of FERNAU Präzisionstechnik GmbH.
Let's spend 15 minutes on where you stand with ISO 42001, ISO 27001 and the EU AI Act, an honest assessment, no sales pitch.
Imprint and privacy policy are available in German (the German version is legally binding): Imprint, Privacy (English summary).