What Is the NIST AI Risk Management Framework?
Published in January 2023 by the US National Institute of Standards and Technology, the AI RMF is the most widely adopted voluntary AI governance framework globally, used by organisations in every sector and jurisdiction.
NIST AI Risk Management Framework, a voluntary, sector-agnostic framework published by the US National Institute of Standards and Technology that organises AI risk management around four functions: Govern, Map, Measure, and Manage.
The NIST AI RMF is the most widely adopted AI risk framework in the US enterprise market. Unlike the EU AI Act, it is not law: it is reference guidance. The Govern function is foundational and addresses organisational accountability for AI risk; the other three functions are operational. NIST has also published companion profiles for generative AI (NIST AI 600-1) and other high-risk contexts.
Source: NIST AI Risk Management Framework 1.0 (January 2023)
The Four Core Functions
Establish AI risk management culture, policies, processes, and accountability structures across the organisation.
Identify and categorise AI risks, context, stakeholders, potential harms, and applicable regulations.
Assess the magnitude of identified AI risks through quantitative and qualitative methods including bias testing.
Treat AI risks through controls, monitoring, incident response, and continuous improvement.