Manychat is a leading conversational AI and marketing automation platform that helps businesses engage customers through messaging. Unlike companies that are adding AI features incrementally, AI is foundational to Manychat’s product direction — making robust, verifiable governance of its AI systems a business imperative, not a compliance checkbox.
As Manychat’s AI capabilities expanded and enterprise clients began asking harder questions about responsible AI practices, leadership recognized that informal culture — no matter how strong — needed to be formalized. They turned to ISO 42001, the international standard for AI Management Systems (AIMS), and engaged A-LIGN, one of the first accredited certification bodies for ISO 42001 and with nearly 6,000 ISO assessments completed globally, to lead the certification audit.
The challenge
Liberty has pursued compliance with NIST SP 800-171 for more than a decade, completing three previous iterations of compliance work along the way. When CMMC was announced, Liberty’s leadership team made an intentional decision: rather than wait, Liberty would pursue certification as early as possible to position themselves ahead of competitors when contracts requiring Level 2 certification came to market.
Manychat’s engineering and product teams built genuinely responsible AI practices over time. Risk awareness, thoughtful development habits, and internal governance were real, but they existed as informal culture rather than a documented, auditable system.
The challenge was not changing how Manychat built AI, but giving those practices structure, traceability, and an evidence trail that an independent auditor could verify. With the EU AI Act coming into force and enterprise clients increasing scrutiny in vendor assessments, the window for informal governance was closing.
At the same time, Manychat’s GRC function needed a partner who could engage seriously with the specific nuances of an AI-native company — not apply a mechanical checklist designed for more traditional technology environments.
“The work was less about changing how we built AI and more about formalizing what we were already doing — giving it structure, traceability, and the kind of evidence trail an independent auditor can verify. A-LIGN was the right partner for that: they knew how to translate what we’d already built into a certifiable framework, which made all the difference as we pursued ISO 42001 for the first time.”
-Sergey Muslaev, Governance, Risk and Compliance Lead
Why A-LIGN
Manychat had an existing relationship with A-LIGN through its SOC 2 program, which provided a foundation of trust and operational familiarity. When leadership began evaluating auditors for ISO 42001, that established relationship mattered, but so did how A-LIGN showed up in early conversations.
Pre-engagement discussions confirmed that A-LIGN had prepared specifically for Manychat’s context. They engaged with the company’s actual AI use cases, product architecture, and compliance objectives rather than presenting a generic audit approach. That depth of preparation gave Manychat confidence that the process would be rigorous without being mechanical.
Additionally, A-LIGN’s A-SCEND platform provided the operational backbone Manychat needed. With evidence requests tracked in a single platform, documentation uploaded centrally, and progress visible at all times, Manychat’s small GRC team could manage a complex ISO 42001 audit alongside ongoing SOC 2 maintenance without losing control of either.
“A-LIGN came prepared, engaged seriously with our specific context, and gave us confidence that the audit process would be rigorous without being mechanical. Having that continuity with a partner who already understood our environment was a significant benefit to our business.”
-Sergey Muslaev, Governance, Risk and Compliance Lead
Results
Manychat achieved ISO 42001 certification, becoming one of the first companies in the marketing automation and conversational AI industry to do so. The certification now sits alongside SOC 2 and other credentials on Manychat’s security pages, providing enterprise clients and partners with independently verified assurance about Manychat’s AI governance practices.
In vendor assessments, ISO 42001 directly answers a category of questions about responsible AI development that previously required lengthy explanation. For clients who rely on AI functionality within the Manychat platform, certification signals that the governance behind the product is mature and accountable with the same rigor and independent verification applied to how they build every other part of their platform.
Internally, the audit process built organizational muscle that extends beyond the certification itself. Evidence collection practices, documentation discipline, and the structured management system now in place position Manychat to absorb future regulatory requirements such as the EU AI Act within an existing governance framework rather than starting from scratch. The A-SCEND platform materially reduced coordination overhead during Stage 2, when evidence volume was at its highest, enabling the GRC team to maintain momentum without expanding headcount.
“Having a single platform to track evidence requests, upload documentation, and monitor progress meant we always knew where we stood. A-LIGN brought a fairness and intellectual honesty to the process that made it feel like a genuine verification exercise — exactly what you want from an auditor.”
-Sergey Muslaev, Governance, Risk and Compliance Lead
About Manychat
Manychat is a global leader in social media automation, helping businesses and creators engage their audiences through intelligent, automated conversations and connection at scale. With over a million users in 170 countries, Manychat powers billions of conversations optimized for driving engagement, nurturing relationships, and maximizing monetization potential across platforms like Instagram, TikTok, WhatsApp, and Messenger. Follow Manychat at: manychat.com | IG: @manychat

