Practice guide

AI risk management

AI risk management is how you identify, assess and control the risks an AI system introduces. From bias to security, understanding artificial intelligence risk is now a core part of any AI deployment.

The basics

Understanding artificial intelligence risk

The NIST AI RMF in brief

The NIST AI RMF organises artificial intelligence risk management into four functions — Govern, Map, Measure and Manage — that map cleanly onto EU AI Act obligations for high-risk systems.

What is AI risk?

AI risk covers the ways an AI system can cause harm — inaccurate outputs, bias, privacy breaches, security failures and loss of oversight.

A structured approach

Artificial intelligence risk management brings the same discipline to AI that mature organisations already apply to other enterprise risks.

Frameworks help

The NIST AI Risk Management Framework (NIST AI RMF) gives teams a common language for governing, mapping, measuring and managing AI risk.

What AI risk management requires

Govern

Set accountability and a risk culture for AI, aligned to your governance model.

Map

Understand context and identify the artificial intelligence risk of each system.

Measure

Assess and track risk with metrics and testing.

Manage

Prioritise, treat and monitor AI risk over the lifecycle.

Where to next

Connect risk to governance and rules

AI governance

The oversight structure your risk process reports into.

EU AI Act

High-risk obligations that AI risk management satisfies.

ISO 42001

A management system to run it all.

AI risk management FAQs

What is AI risk management?

The process of identifying, assessing, treating and monitoring the risks an AI system introduces.

What is the NIST AI RMF?

The NIST AI Risk Management Framework, a voluntary framework structured around Govern, Map, Measure and Manage.

How does it relate to the EU AI Act?

AI risk management practices map directly onto the risk-management obligations the AI Act places on high-risk systems.

Put AI risk management on a framework.

Build your program in a workshop and tool it with open-source GRC.