Your deep dive into NIST’s AI Risk Management Framework

You can’t mention AI without someone mentioning the risk associated with it – so how do you make sure you’re effectively identifying and mitigating those risks? In January of 2023, the National Institute of Standards and Technology (NIST) released its AI Risk Management Framework (RMF) to help you do just that.  

So what is the RMF? And more importantly, how can you use it to help protect your business? Ready?

What is this? 

The AI Risk Management Framework is designed to provide organizations that develop AI systems with a practical and adjustable framework for measuring and protecting against potential harm. It’s broken into two parts; the first focuses on planning and understanding where AI risk comes from and how you can mitigate it. The second focuses on actionable guidance, which NIST describes as the core of the framework.  

How does it affect your company? 

Since there’s no comprehensive federal legislation for AI in the US, many companies struggle to know where to look for guidance for their AI governance operations. This NIST framework can be used as a north star to help you make sure you’re doing what you can to stay compliant.  

How can you put it into practice? 

If you’re struggling to know where to begin in your own AI governance program, the core of the NIST framework can give you a good place to start. The core is broken into four steps: govern, map, measure, and manage. And although these aren’t intended to be used as a checklist, the functions of each of these stages can help you make sure you’re covering all your bases when it comes to responsible AI use. 

For more information on the NIST AI RMF and how OneTrust can help you put it into practice in your business, check out our full blog post.

Timeline: AI's emerging trends and journey

• OpenAI introduces Sora, its text-to-video AI model. Now you can finally edit Titanic’s ending and prove there was enough space on that door to save Jack. 
• What if your company’s chatbot promises a discount that is not available? That’s what happened with Air Canada’s chatbot. Are chatbots responsible for their own actions or should companies respond to such mistakes? Share your thoughts in the comments below. 
• The bill requires NIST to enable US participation in developing standards development activities for AI and other critical and emerging technologies (CETs).  
• 🚨 New report alert! OneTrust DataGuidance shared the Artificial Intelligence: Principles, Laws and Frameworks Report, your essential guide to comprehending the latest legislative landscape and the key concepts under existing and emerging AI regulations.
• As we’re hitting ‘Publish’, the European Parliament voted on the AI Act. Finally approving the highly discussed #EUAIAct. 

Your AI 101: What are...?  

The EU AI Act defines different AI actors, each carrying distinct responsibilities:  

• Providers develop an AI system to place on the market, or to put into service under their own name or trademark. 
• Deployers use an AI system under their authority. 
• Authorized representatives located or established in the EU who have received and accepted a mandate from a provider to carry out its obligations on its behalf. 
• Importers within the EU that places on the market or puts into service an AI system that bears the name or trademark of a natural or legal person established outside the EU. 
• Distributors make an AI system available in the EU market, not being the provider or importer. 
• Product manufacturers create an AI system that is put on the market or a manufacturer that puts into service an AI system together with its product and under their own name or trademark. 

• Operator is the general term referring to all the terms above.  

Check out this OneTrust DataGuidance Insight series by Sean Musch and Michael Charles Borrelli , from AI & Partners , and Charles Kerrigan , from CMS UK , about obligations for AI actors (part one), provider obligations (part two), and practical considerations for users and other AI actors (part three). 

Follow this human

Karen Hao is an award-winning AI reporter and contributing writer to The Atlantic. Her writing focuses on the intersection between AI technology and society.