Crypto.com said on February 16, 2026 that it achieved ISO/IEC 42001:2023 certification for its Artificial Intelligence Management System, and it claimed to be the first digital-asset platform to secure the standard. The company is positioning the certification as proof that its AI governance meets a higher bar for security, transparency, and accountability.
The announcement follows Crypto.com’s April 2025 acquisition of the AI.com domain for $70,000,000, a deal it said was completed in cryptocurrency, and the launch of the AI.com consumer platform and the Cronos AI Agent SDK around February 9, 2026. Taken together, the domain purchase, product launch, and certification signal a deliberate pivot to make AI a principal business line rather than an experimental capability.
What Crypto.com Says ISO/IEC 42001:2023 Validates
Crypto.com described ISO/IEC 42001:2023 as a structured management standard for AI risk, and it emphasized governance coverage across the security of AI systems, operational transparency, and accountability mechanisms for AI deployment. In the firm’s framing, the certification functions as a governance backbone that can stand up to rising regulatory expectations for both AI and crypto operators.
Jason Lau, the company’s chief information security officer, said the certification ensures the AI systems the firm develops will be “secure, transparent, and aligned with emerging regulatory expectations,” while CEO Kris Marszalek characterized it as an “important step” in deploying AI tools and technologies. By putting executives on record, the company is turning the certification into a public commitment that stakeholders can measure against product behavior over time.
Crypto.com also presented the standard as anchoring three operational control areas: resilience and protection of AI infrastructure and data flows, ongoing monitoring that includes surveillance, bias control, and reporting, and governance that defines roles, auditability, and incident-response procedures. The unifying theme across these controls is that AI deployment is being treated as a managed system with defined oversight rather than a set of isolated features.
Commercial Strategy and What the Market Will Scrutinize
In the company’s strategy, the certification underwrites a more aggressive commercial push, with the AI.com platform and the Cronos AI Agent SDK intended to enable personalized, autonomous agents that can perform tasks from trading to messaging and shopping, and to route activity back into Crypto.com’s exchange and payments infrastructure. The business bet is that agent-driven engagement becomes a distribution layer that increases throughput across existing rails.
Crypto.com and several industry analysts cited stronger institutional trust and differentiated competitive positioning as expected outcomes, but the shift also raises operational requirements such as cross-disciplinary staffing and enhanced monitoring aligned with expected regulatory scrutiny of AI in financial services. As AI becomes customer-facing and workflow-critical, the operating model has to scale governance, monitoring, and accountability in parallel with product adoption.
Certifications like ISO/IEC 42001:2023 also create expectations around external audit trails, continuous monitoring, and clearer incident escalation paths, which becomes especially relevant when autonomous agents connect to trading and custody-adjacent functions. Market participants will likely evaluate not just the certification itself, but how certified controls perform under real-world load and edge cases.
The certification and consumer rollout mark a phase where regulators and institutional counterparties will focus on how controls are operationalized in live AI products, particularly monitoring effectiveness, bias mitigation, and the reliability of mechanisms linking agents with trading and custody workflows. The ultimate credibility test will be whether governance claims translate into consistent, observable outcomes as AI-driven activity scales.