Imagine building a structure: it needs to be safe not just under normal conditions but against earthquakes, fires, and break-ins. Until 2023, organizations deploying AI had no shared standard for understanding what could go wrong and how to prepare.
NIST — the US government standards body — published its AI Risk Management Framework to fill that gap. It is not a law, but it quickly became the de facto reference for US companies and federal agencies.
The framework has four functions: Govern (who decides and is accountable for AI risks), Map (identify which risks exist), Measure (quantify how serious they are), and Manage (take action to reduce them). Each function includes categories, subcategories, and concrete practices.
Its strength lies in flexibility: it adapts to organizations of any size, industry, or technological maturity. It does not prescribe a single solution, but an iterative process. Those working with AI systems in regulated contexts — healthcare, finance, defense — already see it referenced in federal contracts and procurement requirements. It has become the shared language for talking about AI governance.
Companies
NIST
Tools
—
Tags
Sources