Crypto.com earns ISO/IEC 42001:2023 - first US-based digital asset platform
Crypto.com has become the first US-based digital asset platform to secure ISO/IEC 42001:2023, the international standard for an AI Management System (AIMS). The standard sets requirements to establish, run, and continually improve a company-wide framework for responsible AI.
"We are proud to continue to lead and be recognised for our commitment to safety and security standards. This certification is the latest step in our commitment to being a trusted and secure environment for our global user base, and an important step as we continue to leverage AI tools and technologies," said Kris Marszalek, Co-Founder and CEO of Crypto.com.
What this signals for managers
ISO/IEC 42001 centers on managing AI risk with clear attention to ethics, transparency, accountability, and people impact. For leaders, certification is a visible indicator that governance is in place: documented policies, model lifecycle controls, data oversight, monitoring, and continuous improvement.
- Named owners for AI systems and decisions
- Risk assessment across model design, training data, deployment, and change control
- Incident response, human-in-the-loop checkpoints, and audit trails
- Impact assessments for users and affected groups
It builds on established controls already in use at Crypto.com, including ISO/IEC 27001 (information security), ISO/IEC 27701 (privacy), ISO 22301 (business continuity), PCI DSS, and SOC 2 Type 2. The company is also independently assessed at Tier 4, the highest level for both the NIST Cybersecurity Framework and the NIST Privacy Framework.
Why Crypto.com moved early
AI now drives fraud detection, security monitoring, risk modeling, customer protection, and operational automation across exchanges. A formal AIMS reduces exposure to model drift, bias, misuse, and regulatory gaps-while creating a consistent playbook for teams.
According to Chief Information Security Officer Jason Lau, security and privacy remain a core focus for the exchange, and the certification follows a series of AI-focused partnerships.
AI partnerships that set the stage
In November, Crypto.com integrated with CoincidenceAI, a platform that lets traders create, test, and automate strategies through a conversational interface. That AI is also connected to Bybit and KuCoin.
In December, Crypto.com partnered with Doblox, an AI trading assistant, allowing users in approved jurisdictions to trade with built-in insights. In April 2025, Kris Marszalek purchased the ai.com domain for $70 million-reportedly the highest publicly disclosed price for a domain-in a transaction completed entirely in crypto. The site later launched a consumer platform with autonomous AI agents for tasks such as trading stocks, managing calendars, and automating workflows, pitched as a "front door to AGI" via a decentralized network.
The bigger picture: AI and crypto are converging
Morgan Stanley expects demand for AI compute to exceed supply. Gartner estimates worldwide AI spending reached nearly $1.5 trillion in 2025, with momentum accelerating as major US tech firms commit hundreds of billions to infrastructure this year.
Regulators are stepping in as activity scales. South Korea's Financial Supervisory Service is upgrading its AI-powered VISTA platform to sharpen real-time detection of market manipulation, tightening surveillance on suspicious accounts and trading anomalies.
Action checklist for executives
- Inventory AI use cases and models; assign owners; define success metrics and failure thresholds.
- Stand up an AI policy and risk register; map to ISO/IEC 42001 concepts even if certification is a future goal.
- Put monitoring in place: bias testing, data lineage, drift alerts, change management; require human oversight for high-impact decisions.
- Integrate AI governance with existing programs (ISO 27001/27701, SOC 2, PCI DSS, business continuity) to avoid silos.
- Review vendor contracts for AI data usage, IP, compliance obligations, and incident reporting; include right to audit.
- Prepare for audits: keep logs, training data sources, evaluation records, and impact assessments organized and reviewable.
- Upskill your teams on AI risk, controls, and safe deployment. If you need structured paths, see popular AI certifications.
What to watch next
Expect more exchanges and fintechs to pursue ISO/IEC 42001 as AI moves deeper into core operations. For customers and partners, certifications won't replace due diligence, but they make maturity easier to compare and sharpen the questions you ask.
The takeaway: AI governance is moving from slides to audited controls. If your teams rely on AI for any risk-sensitive workflow, this is the time to formalize it.
Your membership also unlocks:
