top of page
ChatGPT Image Aug 23, 2025, 11_27_34 PM.png

ISO DIS 9001:2026 - Draft International Standard

From Risk Thinking to Sustainability and Stakeholder Value

Integrated Management System with Information Security and AI Governance

 

Introduction: Looking Back, Moving Forward

In September 2018, organizations around the world completed the transition to ISO 9001:2015, a revision that marked a turning point in quality management. The central novelty of that edition was the introduction of Risk-Based Thinking, replacing the old concept of preventive action (see my article at LinkedIn from 2018 - ISO 9001:2015 - How to make a better business decision by risk based thinking). Organizations were asked to not only correct problems, but to anticipate risks and opportunities, embedding prevention into their processes and strategies.

That shift was profound. Risk-based thinking aligned quality management systems (QMS) with strategic planning, supply chain resilience, and customer expectations. For many, it became the cornerstone of how quality supported decision-making at the leadership level.

Now, a decade later, we face a new horizon. The upcoming ISO 9001:2026, currently available in draft form as ISO/DIS 9001:2025, reflects the dramatic changes of our world since 2015: sustainability mandates, ESG accountability, digital transformation, cultural expectations, and the need for organizations to demonstrate not just compliance, but responsibility and resilience.

Just as risk-based thinking was the hallmark of 2015, the 2026 revision will be remembered as the moment when sustainability and stakeholder value became integral to quality management.

Lessons from 2015 – Risk-Based Thinking as the Foundation

Before we explore what’s new, it is important to remember what ISO 9001:2015 achieved.

The concept of risk-based thinking reshaped how organizations approached:

  • Supplier Quality – companies mapped risks in global supply chains, building controls against disruption.

  • Customer Complaints – instead of reactive corrective action, many adopted proactive monitoring of customer perception to prevent dissatisfaction.

  • Strategic Alignment – leadership reviews began to include risk registers and opportunity assessments, linking the QMS directly with business planning.

In practice, risk-based thinking became the language that connected quality managers with executives. It taught organizations that quality is not about avoiding failure alone, but about preparing for success.

This foundation is not going away in ISO 9001:2026, it is being expanded. Risk-based thinking now operates alongside sustainability, culture, and innovation, creating a broader framework for long-term resilience.

 

The Six Major Highlights of ISO 9001:2026

1. Sustainability Integration

The most visible change is the explicit inclusion of sustainability and social responsibility within the quality management system.

  • Organizations must evaluate how their processes affect not only customers but also the environment and society.

  • Quality performance is linked to long-term resilience, aligning ISO 9001 with global ESG expectations.

Teaching point: In the past, reducing scrap or defects was seen purely as a cost-saving measure. Under ISO 9001:2026, those same actions are also contributions to environmental sustainability, reducing waste, energy, and resource consumption.

Example: A manufacturing company that reduces production defects by 15% not only saves money — it also lowers carbon footprint and strengthens its ESG reporting.

2. Stakeholder-Centered Quality

ISO 9001:2015 already introduced the concept of interested parties, but the 2026 revision significantly expands expectations:

  • Organizations must look beyond customers and regulators to include employees, communities, partners, and society at large.

  • Mission, vision, values, and culture must be aligned with stakeholder expectations.

Teaching point: Stakeholder management is no longer a corporate social responsibility (CSR) “nice-to-have.” It becomes a structured expectation in the QMS.

Example: A logistics company is now expected to evaluate how delivery operations impact local communities (traffic, emissions) while meeting customer delivery needs.

3. Digitalization and Knowledge Management

Clause 7.1.6 of ISO 9001:2015 introduced “organizational knowledge.” In 2026, this expands to include digital transformation, data integrity, and AI-enabled processes.

  • Information must be accurate, protected, and accessible (i.e.: ISO/IEC 27001)

  • Technology becomes an enabler of quality, not just a tool (i.e.: ISO/IEC 42001)

Teaching point: Knowledge is no longer limited to lessons learned or tacit know-how. It includes how organizations manage digital data flows, protect information, and use emerging technologies responsibly.

Example: A service organization that uses AI to predict customer demand must ensure that its algorithms are trained with accurate, bias-free data — a new dimension of quality.

4. Leadership, Culture, and Identity

Leadership was already central in 2015, but ISO 9001:2026 makes it clear: leaders are not only accountable for QMS effectiveness, but also for embedding culture, ethics, and values into the organization’s identity.

  • Mission, vision, and values are explicitly linked to quality management.

  • Leaders must demonstrate trust, fairness, and ethical behavior as part of their role in sustaining success.

Teaching point: Culture is no longer an abstract “soft” element. It is now a formal requirement to align culture with quality objectives.

Example: A company whose mission includes “customer safety” must ensure that leadership behaviors (e.g., investment in product safety testing) are consistent with that declared value.

5. Improvement, Learning, and Innovation

The 2015 edition stressed continual improvement. The 2026 revision reinforces learning and innovation as structured elements.

  • Improvement must include both incremental (kaizen) and breakthrough changes.

  • Organizations must establish systems for capturing lessons learned and fostering creativity.

Teaching point: The QMS is no longer just a compliance mechanism; it becomes a learning system.

Example: A hospital applying ISO 9001:2026 may use incident data not only to prevent recurrence, but also to redesign processes, adopt new technologies, and share learning across departments.

6. Alignment with Other Management Standards

The Annex SL structure remains, but with stronger alignment to environmental, safety, and information security standards:

  • ISO 14001 (environmental) – links to sustainability.

  • ISO 45001 (occupational health and safety) – links to stakeholder well-being.

  • ISO/IEC 27001 (information security) – links to data integrity.

  • ISO/IEC 42001 (AI management) – emerging connection for digital governance.

Teaching point: Integrated Management Systems (IMS) are no longer optional. The 2026 revision anticipates that organizations will seek synergy between quality, environment, safety, and digital governance.

Example: A global electronics company may use one integrated audit to cover ISO 9001, ISO 14001, ISO/IEC 27001, and ISO/IEC 42001, reducing duplication and aligning decision-making across compliance areas.

 

The Transition Period (2026–2029)

ISO is expected to allow a three-year transition period once the 2026 edition is published. Organizations currently certified to ISO 9001:2015 will need to:

  1. Conduct a gap assessment against new sustainability and stakeholder requirements.

  2. Train leadership and employees on culture, ethics, and sustainability integration.

  3. Update QMS documentation to reflect digital knowledge management and innovation systems.

  4. Align QMS objectives with ESG and corporate strategy.

Just as in 2015, early preparation will be critical. The organizations that move first will not only transition smoothly but will also use this revision to strengthen credibility with customers, regulators, and investors.

Call to Action:

Quality Leaders as Strategic Leaders

The 2026 revision of ISO 9001 is not just a compliance exercise, it is an invitation to redefine quality management as a driver of resilience, sustainability, and societal value.

Risk-based thinking taught us to prevent problems. Sustainability and stakeholder value will now teach us to build trust and long-term success.

For quality leaders, this is the moment to step forward as strategic leaders, embedding ESG, digital knowledge, and innovation into the daily fabric of their organizations.

The transition to ISO 9001:2026 is not about surviving an audit. It is about ensuring that quality management remains the language of trust, resilience, and competitive advantage in the next decade.

Author:

Carlos E Da Silva

 

 

 

 

Disclaimer: ESCALA International Consultants facilitates contributions from experts and partners but does not assume responsibility for the accuracy, completeness, or opinions expressed in this article. The content herein reflects the views of the author(s). Readers are advised that the final requirements of ISO 9001:2026 remain subject to modification, as the standard is still under review by the international community and may change upon official publication.

  • LinkedIn
bottom of page