The NIST AI Risk Management Framework (AI RMF) 1.0 is a voluntary framework for managing risks associated with AI systems. It was developed by the US National Institute of Standards and Technology in response to the National AI Initiative Act of 2020 and published in January 2023. The framework provides guidance for organisations seeking to incorporate trustworthiness considerations into the design, development, deployment, and evaluation of AI systems.
What is the NIST AI RMF?
The framework is voluntary, non-certifiable, and US-originated but internationally applicable. It is not a regulation, not a standard, and not a certification scheme — it is guidance that organisations adopt by choice.
“The AI RMF is intended for voluntary use and to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.” — NIST AI RMF 1.0 (January 2023), Foreword
Key definitions
| Term | Meaning |
|---|---|
| AI system | An engineered or machine-based system that can, for a given set of objectives, generate outputs such as predictions, recommendations, or decisions influencing real or virtual environments. AI systems are designed to operate with varying levels of autonomy. |
| AI actor | An individual or organisation that plays a role in the AI lifecycle. The framework identifies multiple AI actor categories including those who design, develop, deploy, operate, evaluate, govern, and use AI systems. |
| Trustworthy AI | AI that exhibits the seven characteristics the framework treats as the substantive goals of risk management: valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful bias managed. |
| Function | One of the four top-level structural elements of the framework: Govern, Map, Measure, Manage. Functions contain categories and subcategories. |
| Category | A grouping of related outcomes within a function. Categories are numbered (e.g. Govern 1, Map 2). |
| Subcategory | A specific outcome the organisation should achieve within a category. Subcategories are the framework’s most granular level (e.g. Govern 1.1, Manage 4.3). |
| Profile | An adaptation of the framework to a specific use case, sector, or technology — for example, the Generative AI Profile (NIST AI 600-1). |
Structure of NIST AI RMF framework
The AI RMF is organised around four functions, each containing categories and subcategories. The framework itself is roughly 50 pages. Supporting documents — the Playbook, profiles, crosswalks, and the roadmap — extend it further.
| Element | Content |
|---|---|
| Part 1: Foundational Information | Introduction, audience, framing of AI risk, characteristics of trustworthy AI |
| Part 2: Core and Profiles | The four functions (Govern, Map, Measure, Manage), their categories and subcategories, and the concept of profiles |
| AI RMF Playbook | Companion guidance providing suggested actions, references, and documentation considerations for each subcategory |
| Generative AI Profile (NIST AI 600-1) | Use-case-specific adaptation for generative AI, published July 2024 |
| AI RMF Roadmap | NIST’s plan for evolving the framework |
| Crosswalks | Mappings to other frameworks including ISO/IEC standards, OECD principles, and the EU AI Act |
The four NIST AI RMF functions at a glance
| Function | Purpose | Number of categories |
|---|---|---|
| Govern | Establish the culture, policies, processes, and accountability structures for AI risk management | 6 |
| Map | Establish context, categorise the AI system, identify risks and benefits, characterise impacts | 5 |
| Measure | Analyse, assess, benchmark, and monitor AI risks; evaluate against trustworthy characteristics | 4 |
| Manage | Prioritise and respond to risks; allocate resources; document and improve treatments | 4 |
The framework is iterative by design. The four functions are not performed in a single sequence — they operate as a cycle, with Govern providing standing infrastructure, Map establishing context, Measure generating evidence, and Manage taking action, all performed continuously and revisited as systems and contexts evolve.
“The AI RMF Core is composed of four functions: GOVERN, MAP, MEASURE, and MANAGE. Each of these high-level functions is broken down into categories and subcategories. Categories and subcategories are subdivided into specific actions and outcomes.” — NIST AI RMF 1.0, Part 2
The seven characteristics of trustworthy AI
The framework treats trustworthiness as the substantive goal of AI risk management. Seven characteristics define what trustworthy AI looks like in practice:
| Characteristic | Focus |
|---|---|
| Valid and reliable | Performance accuracy, robustness, and reliability over time |
| Safe | Avoidance of physical, psychological, and other harms |
| Secure and resilient | Resistance to attacks, ability to recover from failures |
| Accountable and transparent | Documentation, traceability, audit support |
| Explainable and interpretable | Method-appropriate explanation, stakeholder-appropriate interpretation |
| Privacy-enhanced | Privacy-preserving design, data minimisation, privacy impact |
| Fair with harmful bias managed | Bias measurement and mitigation, fairness across groups |
The framework is explicit that the characteristics interact and that trade-offs between them must be made consciously. Optimising for one — explainability, fairness, privacy — may reduce performance against another. The Measure function expects organisations to surface these trade-offs and document the decisions, not to claim that all characteristics can be maximised simultaneously.
Who AI RMF framework is for
The AI RMF applies to any organisation involved in the AI lifecycle, regardless of size, sector, or geography. The framework explicitly addresses multiple AI actor categories — those who design and develop AI systems, those who deploy them, those who use them, those who evaluate them, those who govern them.
| AI actor category | Examples |
|---|---|
| AI designers and developers | Organisations creating AI systems, training models, building components |
| AI deployers | Organisations putting AI systems into operational use |
| AI users | End users of AI systems and downstream integrators |
| AI evaluators | Independent assessors, auditors, red teams |
| AI impacted communities | Individuals, groups, communities, and societies affected by AI systems |
The framework treats AI as sociotechnical — system performance and risk depend on the context of use, not only on technical characteristics — and structures its activities around the actors who shape that context.
What “using the AI RMF” produces
Adoption of the framework produces a set of artefacts and standing capabilities. Six emerge most consistently:
| Element | Source function | Purpose |
|---|---|---|
| AI risk management policies and processes | Govern | Standing infrastructure for risk management |
| Accountability assignments | Govern | Named ownership across the lifecycle |
| System context documentation | Map | Intended use, deployment setting, user populations, sociotechnical context |
| Impact characterisation | Map | Effects on individuals, groups, communities, organisations, and society |
| Trustworthy characteristic evaluations | Measure | Documented assessment against the seven characteristics |
| Risk prioritisation and treatment | Manage | Decisions on which risks to address, how, and with what resources |
The framework does not produce a Statement of Applicability or any equivalent to ISO 42001’s normative control set. Organisations using the AI RMF document their adoption through profiles, internal procedures, and the documentation considerations suggested in the Playbook — but there is no standard artefact that AI RMF adoption produces by name.
The AI RMF Playbook
The Playbook is the companion implementation guide to the framework. For each subcategory, it provides:
| Element | What it offers |
|---|---|
| Suggested actions | Concrete activities the organisation may take to achieve the subcategory’s outcome |
| References | Pointers to supporting literature, standards, and resources |
| Documentation considerations | What should be recorded about implementation |
| Transparency considerations | What should be communicated to external parties |
The Playbook is voluntary guidance about how to apply voluntary guidance. It is treated as a living document and updated as practice evolves. Organisations adopting the framework typically use the Playbook to translate subcategory outcomes into operational activities without designing each from scratch.
How NIST AI RMF framework relates to other frameworks
The AI RMF is one element in an evolving landscape of AI governance instruments. The relationships matter because most organisations encounter multiple frameworks in parallel.
| Framework | Type | Relationship to AI RMF |
|---|---|---|
| ISO/IEC 42001 | Voluntary international standard; certifiable | Substantive overlap on risk, lifecycle, impact; AI RMF is methodology, ISO 42001 is management system |
| EU AI Act | Binding EU regulation | AI RMF supports Act conformity work; not a harmonised standard under the Act |
| OECD AI Principles | Inter-governmental principles | AI RMF references and aligns with the OECD principles |
| ISO/IEC 23894 | International standard on AI risk management | Substantive overlap on risk methodology; AI RMF Map and Measure align with 23894 |
| Sector-specific guidance | Varies by sector | AI RMF profiles adapt the framework to specific sectors |
Crosswalks between the AI RMF and these frameworks are published by NIST and by external organisations. The crosswalks identify where evidence produced under one framework supports another and where gaps require additional work.
How NIST AI RMF adoption is evidenced
Because the AI RMF is voluntary and non-certifiable, evidence of adoption is produced by the organisation rather than verified by a third party. Three patterns recur:
| Pattern | What it produces |
|---|---|
| Self-attestation | The organisation documents its implementation of the framework’s functions, categories, and subcategories, and attests to the implementation internally or to external parties |
| Profile publication | The organisation produces a profile describing how it has adapted the framework to its use case, often shared with customers and partners |
| Third-party assessment | The organisation engages independent assessors to review its AI RMF implementation, producing a report that supports external attestation |
None of these is equivalent to ISO 42001 certification. The framework’s voluntary, non-certifiable design is deliberate — NIST treats the AI RMF as guidance rather than as a compliance instrument, and the framework’s value comes from the discipline it imposes rather than from the certificate it produces.
NIST AI RMF FAQ
Is the AI RMF mandatory?
No. The framework is voluntary throughout. It becomes contractually mandatory only where customers, partners, or procurement frameworks require it — most prominently in US federal procurement contexts referencing NIST guidance.
Does AI RMF adoption satisfy the EU AI Act?
No. The AI RMF is not a harmonised standard under EU AI Act and does not confer presumption of conformity. Evidence produced under the AI RMF can support Act conformity work as supporting evidence, but is not equivalent to conformity assessment.
Is there an AI RMF certification?
No. NIST does not certify against the AI RMF and does not authorise certification bodies. Third-party assessment services exist in the US market but are not equivalent to ISO certification.
How does the AI RMF compare to ISO/IEC 42001?
The AI RMF is voluntary guidance organised around four functions; ISO 42001 is a certifiable international management system standard organised around ten clauses and a normative annex of controls. The two are complementary — AI RMF is commonly used as methodology, ISO 42001 as the management system frame. Organisations operating in both US and EU markets often adopt both.
Is the AI RMF only for US organisations?
No. The framework is internationally applicable and is used by organisations globally. Its origin at a US federal agency does not limit its use, and many non-US organisations adopt the AI RMF as substantive methodology alongside ISO 42001 or other governance frameworks.
How long does AI RMF adoption take?
Adoption is gradual rather than discrete. Organisations typically work through the four functions over six to eighteen months, with Govern foundational activity preceding substantive Map, Measure, and Manage work on specific AI systems. Because the framework is voluntary and non-certifiable, there is no equivalent to the Stage 1 / Stage 2 audit gates that structure ISO certification timelines.
Does the framework apply to generative AI?
Yes. The core framework is technology-neutral and applies to all AI systems including generative AI. The Generative AI Profile (NIST AI 600-1), published in July 2024, adapts the framework specifically to generative AI use cases and addresses risks distinctive to generative systems.
Who maintains NIST AI RMF framework?
NIST maintains the framework and publishes updates through the AI RMF Roadmap. Version 1.0 was published in January 2023; subsequent updates and profiles continue to extend it. Community engagement through workshops, requests for information, and public comment is part of the framework’s development model.
What is the relationship between the AI RMF and ISO/IEC 23894?
ISO/IEC 23894 (Artificial Intelligence — Guidance on risk management) provides AI risk management methodology in an ISO format. Substantive overlap with AI RMF Map and Measure is significant. Organisations using ISO/IEC 23894 for risk methodology and the AI RMF for the broader framework structure typically find the two compatible; crosswalks between them have been developed.
What is the AI RMF Generative AI Profile?
NIST AI 600-1, published July 2024, is a profile adapting the AI RMF to generative AI use cases. It identifies risks distinctive to generative AI — confabulation, dangerous content generation, data privacy in training, intellectual property concerns, and others — and maps them to actions under the four functions. Organisations developing or deploying generative AI typically use the Generative AI Profile alongside the core framework.
