The NIST AI Risk Management Framework (AI RMF) 1.0 is a voluntary framework for managing risks associated with AI systems. It was developed by the US National Institute of Standards and Technology in response to the National AI Initiative Act of 2020 and published in January 2023. The framework provides guidance for organisations seeking to incorporate trustworthiness considerations into the design, development, deployment, and evaluation of AI systems. It is organised around four functions — Govern, Map, Measure, and Manage — and is supported by a companion Playbook, use-case-specific profiles, crosswalks to other frameworks, and an evolving roadmap.
“The AI RMF is intended for voluntary use and to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.” — NIST AI RMF 1.0, Foreword
Where the framework came from
NIST AI Risk Management Framework was directed by the U.S. Congress. The National AI Initiative Act of 2020 (Public Law 116-283) instructed NIST to “develop a voluntary risk management framework for trustworthy artificial intelligence systems.” The Act framed the framework as voluntary from the outset and as oriented around trustworthiness rather than around compliance.
NIST developed the framework through an open, multi-stakeholder process between 2021 and 2023. The development included:
| Stage | What happened |
|---|---|
| Request for Information (July 2021) | NIST solicited input on the scope, structure, and content of the framework |
| Concept Paper and workshops (2021–2022) | NIST published a concept paper and held workshops with industry, civil society, academia, and government |
| Initial Draft (March 2022) | First public draft released for comment |
| Second Draft (August 2022) | Revised draft incorporating initial feedback |
| AI RMF 1.0 (January 2023) | Final version published, along with the AI RMF Playbook |
| Generative AI Profile (July 2024) | NIST AI 600-1 published, adapting the framework to generative AI |
The multi-stakeholder development process is part of why the framework has been widely adopted. Unlike a regulation imposed by an agency or a standard developed by a closed expert body, the AI RMF reflects input from the organisations expected to use it.
What kind of document the NIST AI RMF is
The AI RMF is voluntary guidance. Three negatives clarify what that means:
| What it is not | Why this matters |
|---|---|
| Not a regulation | Failure to use it does not trigger legal sanction |
| Not a certifiable standard | NIST does not certify against it; no third-party certification scheme exists |
| Not a set of principles | It is more operationally detailed than the OECD AI Principles or UNESCO recommendations |
What the framework is: structured guidance that organisations adopt by choice, document internally, and use as a reference for AI risk management. It is closer in form to the NIST Cybersecurity Framework, which has shaped cybersecurity practice in the US and internationally without being a standard or a regulation. The AI RMF is designed to function the same way — through adoption rather than enforcement.
“The AI RMF is intended to be voluntary, rights-preserving, non-sector-specific, and use-case agnostic, providing flexibility to organizations of all sizes and in all sectors and throughout society to implement the approaches in the Framework.” — NIST AI RMF 1.0, Section 1
Key NIST AI RMF definitions
| Term | Meaning |
|---|---|
| AI system | An engineered or machine-based system that can, for a given set of objectives, generate outputs such as predictions, recommendations, or decisions influencing real or virtual environments. AI systems operate with varying levels of autonomy. |
| AI actor | An individual or organisation playing a role in the AI lifecycle — design, development, deployment, operation, evaluation, or governance. |
| AI lifecycle | The full sequence from inception through design, development, evaluation, deployment, operation, monitoring, and retirement. |
| Trustworthy AI | AI exhibiting the seven characteristics the framework treats as the substantive goals of risk management. |
| Function | One of the four top-level structural elements: Govern, Map, Measure, Manage. |
| Category | A grouping of related outcomes within a function. Categories are numbered (Govern 1, Map 2, etc.). |
| Subcategory | A specific outcome the organisation should achieve within a category — the framework’s most granular level. |
| Profile | An adaptation of the framework to a specific use case, sector, or technology. |
The four NIST AI RMF functions
The framework’s substantive structure is four functions. Each contains categories, and each category contains subcategories.
| Function | Purpose |
|---|---|
| Govern | Establish the culture, policies, processes, and accountability structures for AI risk management |
| Map | Establish context, categorise the AI system, identify risks and benefits, characterise impacts |
| Measure | Analyse, assess, benchmark, and monitor AI risks; evaluate against trustworthy characteristics |
| Manage | Prioritise and respond to risks; allocate resources; document and improve treatments |
The functions are iterative rather than sequential. Govern provides standing infrastructure; Map, Measure, and Manage operate continuously as systems and contexts evolve. The framework expects all four to be performed on an ongoing basis rather than as a single linear sequence.
The seven characteristics of trustworthy AI, according to NIST AI RMF
The framework treats trustworthiness as the substantive goal of risk management. Seven characteristics define what trustworthy AI looks like in practice:
| Characteristic | Focus |
|---|---|
| Valid and reliable | Performance accuracy, robustness, reliability over time |
| Safe | Avoidance of physical, psychological, and other harms |
| Secure and resilient | Resistance to attacks, ability to recover from failures |
| Accountable and transparent | Documentation, traceability, audit support |
| Explainable and interpretable | Method-appropriate explanation, stakeholder-appropriate interpretation |
| Privacy-enhanced | Privacy-preserving design, data minimisation, privacy impact management |
| Fair with harmful bias managed | Bias measurement and mitigation, fairness across groups |
The characteristics interact and frequently trade off. Optimising for explainability may reduce predictive performance; optimising for fairness across groups may produce worse outcomes for some groups than an unconstrained alternative. The framework’s Measure function expects organisations to surface these trade-offs and document them, not to claim all characteristics can be maximised simultaneously.
Who the NIST AI RMF framework is for
The framework applies to any organisation involved in the AI lifecycle. NIST does not limit applicability by sector, size, geography, or technology. Most organisations play more than one role:
| AI actor category | What they do |
|---|---|
| AI design and development | Building, training, testing AI systems |
| AI deployment | Putting AI systems into operational use |
| AI operation and monitoring | Running AI systems in production |
| AI TEVV | Independent test, evaluation, verification, and validation |
| Human factors | User experience, interaction design, accessibility |
| Domain experts | Subject-matter expertise for the deployment context |
| AI impact assessment | Assessment of effects across five levels (individuals, groups, communities, organisations, society) |
| Governance and oversight | Policy, legal, compliance, executive oversight |
The framework also addresses AI-impacted communities — individuals, groups, communities, and societies affected by AI systems they did not develop or deploy. The framework provides those audiences with a structured vocabulary for understanding AI risk and engaging with developers and deployers.
The role of the AI RMF Playbook
The Playbook is the companion implementation guide to the framework. Where the framework specifies what an organisation should achieve under each subcategory, the Playbook suggests how to achieve it. For each subcategory, it provides:
| Element | What it offers |
|---|---|
| Suggested actions | Concrete activities the organisation may take |
| References | Pointers to supporting literature, standards, and resources |
| Documentation considerations | What should be recorded about implementation |
| Transparency considerations | What should be communicated externally |
The Playbook is voluntary guidance about how to apply voluntary guidance. It is treated as a living document and updated as practice evolves. NIST is explicit that the Playbook is neither a checklist nor a set of steps to be followed in its entirety — organisations select actions appropriate to their context and document their selections.
What “using the AI RMF” produces
Adoption produces a set of artefacts and standing capabilities. Six recur across implementations:
| Element | Source function |
|---|---|
| AI risk management policies and processes | Govern |
| Accountability assignments | Govern |
| System context documentation | Map |
| Impact characterisation across five levels | Map |
| Trustworthy characteristic evaluations | Measure |
| Risk prioritisation and treatment decisions | Manage |
The framework does not produce a Statement of Applicability or any equivalent to ISO/IEC 42001 Annex A. Documentation of adoption is produced through internal procedures, profiles, and the documentation considerations the Playbook suggests — but there is no single normative artefact that adoption produces by name.
How NIST AI RMF adoption is evidenced
Because the framework is voluntary and non-certifiable, evidence of adoption is produced by the organisation rather than verified by a third party. Three patterns recur:
| Pattern | What it produces |
|---|---|
| Self-attestation | Internal documentation of implementation; self-attested statements to external parties |
| Profile publication | A profile describing the organisation’s adaptation of the framework, shared with customers and partners |
| Third-party assessment | Independent review producing a report supporting external attestation |
None of these is equivalent to ISO/IEC 42001 certification. The framework’s voluntary, non-certifiable design is deliberate — NIST treats the AI RMF as guidance rather than as a compliance instrument, and the framework’s value comes from the discipline it imposes rather than from any certificate it produces.
How NIST AI RMF framework relates to other instruments
The AI RMF is one element in an evolving landscape of AI governance instruments. The relationships matter because most organisations encounter multiple frameworks in parallel.
| Instrument | Type | Relationship to AI RMF |
|---|---|---|
| ISO/IEC 42001 | Voluntary international standard; certifiable | Substantial overlap; AI RMF often used as methodology within an ISO 42001 management system |
| EU AI Act | Binding EU regulation | AI RMF supports Act conformity work; not a harmonised standard under the Act |
| OECD AI Principles | Inter-governmental principles | AI RMF references and aligns with them |
| ISO/IEC 23894 | International standard on AI risk management | Substantial methodology overlap with Map and Measure |
| Sector-specific guidance | Varies by sector | AI RMF profiles adapt the framework to specific sectors |
Crosswalks between the AI RMF and these instruments — published by NIST and by external organisations — identify where evidence produced under one framework supports another.
NIST AI RMF resource references
The primary references for the framework and its supporting documents:
| Resource | Source |
|---|---|
| NIST AI RMF 1.0 | https://www.nist.gov/itl/airc — the core framework |
| AI RMF Playbook | https://airc.nist.gov/airmf-resources/playbook/ — companion implementation guidance |
| NIST AI 600-1: Generative AI Profile | https://www.nist.gov/itl/airc — generative AI profile |
| AI RMF Roadmap | https://www.nist.gov/itl/airc — planning document for framework evolution |
| AI RMF Crosswalks | https://www.nist.gov/itl/airc — mappings to ISO/IEC 42001, EU AI Act, OECD principles, others |
| AI Resource Center (AIRC) | https://airc.nist.gov — central hub for AI RMF resources |
NIST AI RMF resources are updated continuously. Organisations relying on the framework should check current versions periodically rather than treating an initial download as definitive.
FAQ
What does “AI RMF” stand for?
AI Risk Management Framework. NIST publishes the framework as the AI RMF, version 1.0 as of January 2023.
Is the AI RMF mandatory?
No. The framework is voluntary throughout. It becomes contractually mandatory only where customers, partners, or procurement frameworks require it — most prominently in US federal contracting contexts referencing NIST guidance.
Why did NIST develop the AI RMF?
The National AI Initiative Act of 2020 directed NIST to develop a voluntary risk management framework for trustworthy AI systems. The framework reflects NIST’s response to that congressional direction, developed through multi-stakeholder input over roughly two years.
Is there an AI RMF certification?
No, currently there’s none. NIST does not certify against the AI RMF and does not authorise certification bodies. Third-party assessment services exist in the US market but are not equivalent to ISO certification.
Does AI RMF adoption satisfy the EU AI Act?
No, these are different regulations. The AI RMF is not a harmonised standard under the Act and does not confer presumption of conformity. Evidence produced under the AI RMF supports Act conformity work as supporting evidence, but is not equivalent to conformity assessment.
How does the AI RMF compare to ISO/IEC 42001?
The AI RMF is voluntary guidance organised around four functions; ISO/IEC 42001 is a certifiable international management system standard organised around ten clauses and a normative annex of controls. They are complementary — AI RMF is commonly used as methodology, ISO 42001 as the management system frame. Organisations operating in both US and EU markets often adopt both.
Is the AI RMF only for US organisations?
No, the framework is internationally applicable and adopted globally. Its origin at a US federal agency does not limit its use; non-US organisations adopt it alongside ISO/IEC 42001, the EU AI Act, and sector-specific frameworks.
Does the framework apply to generative AI?
Yes. The core framework is technology-neutral and applies to all AI systems including generative AI. The Generative AI Profile (NIST AI 600-1), published in July 2024, adapts the framework specifically to generative AI use cases and identifies twelve risks distinctive to generative systems.
Does the AI RMF apply to AI systems already in production?
Yes. The Map, Measure, and Manage functions apply to existing systems as well as new ones; Govern provides the standing infrastructure. Organisations adopting the framework retrospectively typically begin with Govern foundation work, then apply Map and Measure to existing systems in priority order.
How long does AI RMF adoption take?
Adoption is gradual rather than discrete. Organisations typically work through the four functions over six to eighteen months, with Govern foundational activity preceding substantive Map, Measure, and Manage work on specific AI systems. Because the framework is voluntary and non-certifiable, there is no equivalent to the audit gates that structure ISO certification timelines.
Does the AI RMF replace existing risk management practices?
No. The framework is designed to integrate with existing enterprise risk management, information security, and quality management practices. It adds AI-specific risk management to the organisation’s broader risk infrastructure rather than replacing it.
Who maintains the framework?
NIST maintains the framework and publishes updates through the AI RMF Roadmap. Version 1.0 was published in January 2023; subsequent updates and profiles continue to extend it. Community engagement through workshops, requests for information, and public comment is part of the development model.
Will the AI RMF be updated?
Yes. NIST publishes the AI RMF Roadmap as a planning document indicating where the framework is expected to develop. Updates to the framework, the Playbook, profiles, and crosswalks continue as the AI landscape and regulatory environment evolve.
