The new edition of the international standard ISO 37001:2025, covering Anti-Bribery Management Systems (ABMS), was published by the International Organization for Standardization (ISO) in February 2025, marking the first revision of the standard in nine years.
The revision strengthens the framework for preventing, detecting, and responding to bribery, incorporates more contemporary governance elements, and improves alignment with other compliance management system standards.
Official Transition Period – IAF MD 30:2025
Under the decision of the International Accreditation Forum (IAF), as set out in IAF MD 30:2025, a two-year transition period applies for migration from ISO 37001:2016 to ISO 37001:2025.
Key transition dates:
Until 30/08/2026
Organizations may undergo initial audits against ISO 37001:2016. After this date (from 31/08/2026), all new certifications must be issued exclusively to ISO 37001:2025.
End of transition period: 28/02/2027
All certifications based on ISO 37001:2016 will be suspended or withdrawn at the end of the transition period. No audits or recertifications to the 2016 edition will be permitted thereafter.
Certificates issued during the transition period
Any ISO 37001:2016 certificate issued or renewed during the transition must carry an expiry date no later than 28/02/2027, regardless of the normal three-year validity.
Transition during routine surveillance
Organizations already certified to ISO 37001:2016 may transition to the new edition during annual surveillance audits, following prior coordination with their certification body.
Key Changes in ISO 37001:2025
The new edition introduces a series of modifications that enhance the practicality and effectiveness of an ABMS. Major changes include:
Strengthening anti-bribery culture
– Integration of a broader “culture of ethics and integrity.”
– Expanded responsibilities for top management and emphasis on active support for the system.
Upgraded “Anti-Bribery Function”
– The term “anti-bribery compliance function” is replaced by “anti-bribery function,” with clearer responsibilities, independence, and access to top management.
Stricter management of conflicts of interest
– New requirements to identify, control, and monitor conflicts of interest at all levels.
Enhanced third-party due diligence
– A strengthened due-diligence model for suppliers, consultants, partners, and intermediaries.
– Ongoing oversight of third-party relationships.
Alignment with modern ESG assessment frameworks
– Integration of elements linking bribery risks with environmental and social dimensions where these affect the organization.
What this means for organizations
Organizations already certified to ISO 37001:2016 should:
Initiate a gap analysis against the new requirements.
Update policies, procedures, roles, and documented information.
Plan the transition in good time before the end of the period (28/02/2027).
Train personnel and leadership on the 2025 edition.