Legal and Regulatory Compliance
Legal and regulatory requirements involving AI are understood, managed and documented.
NIST Artificial Intelligence Risk Management Framework providing guidance for managing AI risks through the lifecycle, with functions for Govern, Map, Measure and Manage.
The NIST AI Risk Management Framework provides organizations with a structured approach to managing risks associated with AI systems across their lifecycle. Version 1.0, released in January 2023, remains current, and NIST is working on a revision.
Key provisions and requirements of NIST AI RMF.
Legal and regulatory requirements involving AI are understood, managed and documented.
The characteristics of trustworthy AI and the organization's risk tolerance are made clear to individuals and teams through policies, processes and practices.
Executive leadership of the organization takes responsibility for decisions about risks associated with AI system development and deployment.
Policies and procedures are in place to define and differentiate roles and responsibilities for human-AI configurations and oversight of AI systems.
The business or operational context of the AI system is understood and documented.
The capabilities, limitations and appropriate use cases of the AI system are documented.
Metrics are defined to measure and monitor the performance of AI systems.
Risks associated with AI systems are assessed and prioritized.
Bias and fairness in AI systems are evaluated and measured.
Appropriate response strategies are implemented for identified AI risks.
Response plans for AI system related incidents are established and maintained.
AI risk management processes are continuously improved.