Skip to content

Lars Zimmermann, The AI Auditor: ISO/IEC 42001 Senior Lead Auditor & Senior Lead Implementer · ISO/IEC 27001 Lead Auditor & Lead Implementer (PECB) based in Germany

ISO 42001 · ISO 27001 · EU AI Act

The AI-Auditor

Understand AI. Control AI. Profit from AI.

Wherever you build and deploy AI, I help you implement, govern and prove it, ISO/IEC 42001 (a global standard), ISO/IEC 27001 and the EU AI Act. Implementation, advisory and supplier audits, not just reports, backed by hands-on industrial experience across several countries.

Hands-on across borders: I have audited in the Netherlands, the UK (Scotland), Croatia, Serbia and Türkiye, plus Germany, where I'm based, and helped build up a manufacturing operation in Serbia from the ground up.

PECB ISO/IEC 42001 Senior Lead Auditor, Credly-BadgePECB ISO/IEC 42001 Senior Lead Implementer, Credly-BadgePECB ISO/IEC 27001 Lead Auditor, Credly-BadgePECB ISO/IEC 27001 Lead Implementer, Credly-Badge
Öffentlich verifiziert (PECB / Credly)

What I do

ISO/IEC 42001, AI Management System

The world's first standard for responsible AI. I help you implement and build up the AIMS, gap analysis, internal audit and certification readiness, not just review it.

EU AI Act, Readiness & implementation

Classify your AI systems, map your obligations under the EU AI Act and build the governance to meet them, with a realistic roadmap, whether you operate in or enter the EU.

ISO/IEC 27001, Information Security

The backbone of credible AI governance: a robust ISMS that stands up to audits and customer scrutiny.

Second-party & supplier audits

Independent supplier and internal audits, in Germany and worldwide, on-site or remote, useful when your own team has no capacity. (Not accredited certification, that is done by the certification body.)

For international buyers · Second-party audits

Your suppliers are in Germany. Your auditor should be too.

If you source from German or European suppliers and partners, you need to know they hold up, on quality, information security, AI governance and supply-chain duties. Flying your own team across the Atlantic for every audit is slow and expensive. I am on the ground in Germany: a qualified second-party auditor who audits your European supply chain on your behalf, audits conducted in German, with first-hand manufacturing insight, and your report in English.

An independent second-party audit on your behalf, not accredited certification (that is issued by a certification body). I am not bound to any certification body, so the assessment stays neutral.

  • On-site audits of your German and European suppliers and partners, conducted in German
  • Against ISO/IEC 42001, ISO/IEC 27001 or your own supplier requirements
  • Manufacturing insight, I ran a precision-engineering company and know what a real shop floor should look like
  • Clear English audit report: findings, risk rating, recommended actions
  • Cross-border audit experience in five countries across Europe, plus Germany, where I'm based

Sectors

From the shop floor to safety-critical AI

I started in aviation and ran a precision-manufacturing company, so I am at home where AI meets real production, safety and supply chains, not just slideware. Many of these sectors fall under the EU AI Act's high-risk rules, and that is exactly where ISO/IEC 42001 and independent audits earn their keep.

Aviation & aerospaceManufacturing & industrial productionPrecision engineering & machiningAutomotiveMedical & health AICritical infrastructureEnergySaaS & softwareFinTechLogistics & supply chainEdTech

AI Act obligations differ by sector, let's identify yours. Book a tailored 15-min review →

Free download

EU AI Act for non‑EU providers, compliance pack

An 8‑page PDF for companies whose AI reaches the EU. Authorised Representative cheat sheet (Article 22), 12-point compliance checklist, penalty reference card (Article 99) and the May 2026 Digital Omnibus state. Written by an ISO/IEC 42001 Senior Lead Auditor, not a marketing intern.

  • Article 22 mandate components (Annex V) and a 30-day setup plan
  • 12 concrete checks before market entry, mapped to Articles 9–15, 43 and 71
  • Honest scope: not legal advice, with a clear referral note for national law

Get the pack

Enter your details, the PDF starts downloading immediately.

Your details are processed under Art. 6(1)(b) GDPR to deliver this document. See our privacy policy.

About

Lars Zimmermann, The AI Auditor

From the shop floor to the managing director's chair, and onto the auditor's seat. No academic detour, no consultant CV: real industry, restructuring and AI implementation. That practical background is the foundation of how I audit.

  • Lars Zimmermann: ISO/IEC 42001 Senior Lead Auditor & Senior Lead Implementer, ISO/IEC 27001 Lead Auditor & Lead Implementer (PECB), internationally recognised qualifications, publicly verifiable
  • 1,200+ documented audit hours since 2016
  • Seven years of hands-on AI work, from building my own AI/ERP systems to AI governance
  • Managing director and shop-floor practitioner, I have been on the audited side, not just advising
  • Working with companies across Europe and beyond, from the German Mittelstand to international firms operating in or entering the EU market

“The AI Auditor” is a brand of FERNAU Präzisionstechnik GmbH, based in Darmstadt, Germany.

Lars Zimmermann, The AI Auditor AIMODIFIED

Hands-on across Europe

Not a textbook auditor, I have built and audited across borders

  • Cross-border audit experience across several regulatory and cultural contexts, not just one home market
  • Set up a manufacturing operation abroad from scratch, not only audited one
  • Restructured and ran a precision-manufacturing company, I know how a management system survives real operations
  • Implementation and advisory beyond audits, AI governance, EU AI Act readiness and management-system build-up
On the ground in
the Netherlandsthe UK (Scotland)CroatiaSerbiaTürkiye

…plus Germany, where I'm based.

Because I have sat on the audited side as a managing director, I know how a management system has to work in real operations, not just on paper. That is the difference between a report and a result.

How we work

Three steps, you can stop after any of them

01 · 15 minutes, free

Discovery

Align scope, which systems, which markets, your timeline. Honest reading on whether you need ISO 42001, AI Act readiness, or both.

02 · 2 to 4 weeks

Roadmap

Gap analysis against ISO/IEC 42001 and the AI Act, classification of your AI systems, prioritised action plan with effort estimate.

03 · 1 to 3+ months

Implementation, readiness or audit

Build-up of the AI management system, internal audit, readiness for the external certification audit, or independent second-party audits of your AI suppliers across borders.

Why work with me

Auditor and implementer

Certification bodies may not consult. I help you build and get ready, the accredited body then certifies independently.

Practitioner, not theorist

I ran and restructured a manufacturing company and built AI myself. I know how management systems survive contact with reality.

One dedicated contact

You talk directly to the auditor, no rotating junior team, no corporate overhead. Short paths, fast decisions.

What clients say

Real voices from the work

English translations of attributed German originals, same speakers, same statements.

Drawing on his experience from the shop floor to the executive suite, Lars Zimmermann quickly grasps what the real problems are, can put himself in the shoes of managing directors and then help in a targeted way with experience and technical know-how. He is a focused practitioner who concentrates pragmatically on results that genuinely move companies forward. In the AI field he is right at the cutting edge and can not only audit AI systems but also knows exactly what he is talking about, because he works productively with AI in his own company every day and confidently masters the latest working methods and tools.
Dr.-Ing. Maurice PreidelAI process consultantFounder & Managing Director · PhD in AI
I work with Lars in both strategic and technical contexts, and that combination is rare. In a short time he has gone deep on modern AI-driven development approaches, while always bringing the domain understanding that many purely technical profiles lack. What convinces me most: Lars thinks disruptively without losing his sense for what actually works in practice. For projects at the intersection of innovation and execution, he is a real asset.
Timo KülbelParlison Code Couture UGManaging Director & IT entrepreneur · Cooperation partner in the expert network
Lars Zimmermann combines technical know-how with a customer focus that has become rare in our industry. For us he is far more than a customer, he is a sparring partner and advisor. Grounded, competent, reliable, working with Lars is not a business relationship, it is a partnership.
Ersin TurgutKENAN MetalBoard Member
Lars built us a new website and a small ERP tool. The speed was simply outstanding. We can now automate so much more. He immediately understood what mattered to us and, drawing on his experience, brought in ideas of his own that genuinely surprised us. You can tell Lars is a practitioner. On top of that he gave us tips and tricks and even put us in touch with suppliers. Real added value, all round.
Uwe GernandBTM Holz & AluManager
Lars Zimmermann supports us on our web-based CAM software with regular, practice-grounded feedback. His perspective from industrial use is invaluable in keeping our product aligned with what manufacturing operations actually need. He also contributes valuable input to our user-experience work.
Erkut SarikayaautonomIQManaging Director

Frequently asked questions

Short, honest answers to what international clients ask first.

Do you work with non-EU companies?+

Yes. I work in English with international clients whose AI or supply chain touches the EU market, directly or through their customers and partners. The engagement contract is under German law unless agreed otherwise.

I'm based outside the EU, can you audit my European suppliers?+

Yes, that is a core part of what I do. I run on-site second-party audits of your German and European suppliers and partners on your behalf, audits conducted in German, your report in English. You get local presence and hands-on manufacturing insight without flying a team across the world. The criteria can be ISO/IEC 42001, ISO/IEC 27001 or your own supplier requirements.

Can you serve as Article 22 Authorised Representative?+

The Authorised Representative is a regulated role with statutory duties and termination rights, I help you structure the requirements and prepare the mandate, and I refer you to qualified Authorised Representatives in my network. I do not act as an Authorised Representative myself, to avoid conflicts with my advisory role.

Are remote audits possible?+

Yes. Documentation review and interview-based audits run reliably remote. On-site visits are useful when production processes, physical environments or supplier facilities matter. We agree the mix per engagement.

How long does ISO/IEC 42001 typically take?+

End-to-end, plan for 3 to 9 months from gap analysis to certification readiness, depending on your starting point. A short discovery call gives a much more realistic number than a generic estimate.

Do you do accredited certification audits?+

No. The certificate is issued by an accredited certification body, independent of the consultant. I prepare you for that audit (gap analysis, build-up, internal audit) and conduct second-party audits of your suppliers, never the act of certifying your own system.

What does a typical engagement look like?+

A 15-minute discovery call, then a 2- to 4-week roadmap (gap analysis + prioritised plan), then implementation, readiness or supplier audit work over 1 to 3+ months. You can stop after any phase.

Where are you based?+

Darmstadt, Germany. "The AI Auditor" is a brand of FERNAU Präzisionstechnik GmbH.

Serious about AI you can actually prove?

Let's spend 15 minutes on where you stand with ISO 42001, ISO 27001 and the EU AI Act, an honest assessment, no sales pitch.

Imprint and privacy policy are available in German (the German version is legally binding): Imprint, Privacy (English summary).