Practice guide
AI risk management
AI risk management is how you identify, assess and control the risks an AI system introduces. From bias to security, understanding artificial intelligence risk is now a core part of any AI deployment.
The basics
Understanding artificial intelligence risk
The NIST AI RMF in brief
The NIST AI RMF organises artificial intelligence risk management into four functions — Govern, Map, Measure and Manage — that map cleanly onto EU AI Act obligations for high-risk systems.What is AI risk?
AI risk covers the ways an AI system can cause harm — inaccurate outputs, bias, privacy breaches, security failures and loss of oversight.
A structured approach
Artificial intelligence risk management brings the same discipline to AI that mature organisations already apply to other enterprise risks.
Frameworks help
The NIST AI Risk Management Framework (NIST AI RMF) gives teams a common language for governing, mapping, measuring and managing AI risk.
What AI risk management requires
Govern
Set accountability and a risk culture for AI, aligned to your governance model.
Map
Understand context and identify the artificial intelligence risk of each system.
Measure
Assess and track risk with metrics and testing.
Manage
Prioritise, treat and monitor AI risk over the lifecycle.
Where to next
Connect risk to governance and rules
AI governance
The oversight structure your risk process reports into.
EU AI Act
High-risk obligations that AI risk management satisfies.
ISO 42001
A management system to run it all.
AI risk management FAQs
What is AI risk management?
The process of identifying, assessing, treating and monitoring the risks an AI system introduces.
What is the NIST AI RMF?
The NIST AI Risk Management Framework, a voluntary framework structured around Govern, Map, Measure and Manage.
How does it relate to the EU AI Act?
AI risk management practices map directly onto the risk-management obligations the AI Act places on high-risk systems.
Put AI risk management on a framework.
Build your program in a workshop and tool it with open-source GRC.