Achieving ISO 42001 Compliance With PingChen Lin
Think your business is safe from the AI craze? Think again!
In this episode of Ace Founder podcast, we sit down with PingChen, the powerhouse co-founder and CEO of CybPass, who went from a student with zero network to leading a top UK cybersecurity startup in just two years.
PingChen breaks down why the shiny new international standard ISO 42001 is about to become mandatory for anyone using AI (yes, even if you just use ChatGPT or Claude!), how a massive 7% global revenue fine from the EU AI Act might be lurking in your future, and how his game-changing tool, Themis, is automating the entire compliance headache.
If you want to protect your business from catastrophic AI risks without spending a year drowning in boring paperwork, you cannot afford to miss this episode!
π€ Guest Bio
PingChen is the co-founder and CEO of CyPass, an advanced AI security and governance startup spun out of the University of Sheffield.
Originally from Taiwan, he navigated the UK tech landscape with zero prior corporate background to rapidly scale CybPass into a government-recognized, award-winning cybersecurity SME.
π‘ Key Takeaways
From Academia to Institutional Backing: CyPath evolved from a two and a half year research project at the University of Sheffield into a fully spun-out, venture-backed startup in less than a year [00:08:38].
The New Wave of Physical AI: While most cyber solutions focus on code and text models, the next massive frontier is securing AI embedded in physical, real-world systems like autonomous vehicles, drones, and robotics [00:03:49].
Demystifying ISO 42001: This framework is an extension of the classic ISO 27001 security standard, specifically designed as an "AI Management System" (AIMS) to handle data pipelines, risk assessments, and internal policies [00:10:11].
Itβs Mandatory for AI Users Too: Think you're exempt because you don't build models? Think again! If your business uses third-party AI tools like Claude, ChatGPT, or Cursor, you still need to align with ISO 42001 [00:11:47].
The Cost of Slacking Off: While ISO 42001 is currently a voluntary framework, it underpins the impending EU AI Act, where violating prohibited AI practices can trigger massive fines of up to 7% of global annual turnover [00:23:39].
Ditch the Manual Checklists: Traditional compliance takes 6 to 12 months of manual consulting and yields outdated, static documents. Modern AI systems evolve too quickly for this, requiring adaptive, automated monitoring [00:18:35].
How to Pre-Game Compliance: For businesses just starting out, the best immediate step is creating an internal AI policy and thoroughly documenting every tool used to build a traceable pipeline [00:25:53].
π¬ Direct Quotes
"I don't have any big cooperation background... I just decide to start a business from scratch at a place that I have no any network resources." β Ping Chen
"If you're a company that you are using ChatGPT or you're using Claude... then you also need to demonstrate that you are aligning with ISO 42001." β Ping Chen
"Didn't you think about those accreditation is actually protecting you for the bigger loss if you didn't align with it?" β Ping Chen
π οΈ Connect With Our Guest
PingChen on LinkedIn!
Visit the CybPass Website
