What Is the NIST AI Risk Management Framework (AI RMF)?
What’s inside?
The NIST AI Risk Management Framework (AI RMF) is voluntary guidance from the U.S. National Institute of Standards and Technology for managing risks in artificial intelligence systems. It gives teams a common way to identify what could go wrong, understand who might be affected, judge how serious the risk is, and decide which controls belong across the AI lifecycle.
In plain terms, the AI RMF helps an organization pause before a model becomes part of a real workflow and ask the questions that matter: What is the system supposed to do? Who could be affected by it? What could fail? How likely is that failure? How bad would the impact be? And who is responsible for monitoring the system after launch?
AI RMF 1.0 was released on January 26, 2023. NIST describes it as voluntary, rights-preserving, non-sector-specific, and use-case agnostic. That distinction is easy to miss. The framework is not a regulation, audit badge, or one-size-fits-all checklist; it is a flexible reference that organizations can adapt to different industries, models, and AI use cases.
NIST AI RMF Meaning, Purpose, and Origin
The AI RMF was created by NIST, a bureau of the U.S. Department of Commerce, after the National Artificial Intelligence Initiative Act of 2020 directed NIST to develop a voluntary resource for AI risk management. That origin is important. The framework is not a vendor checklist or a marketing white paper; it is a government-developed reference shaped through public workshops, requests for information, draft feedback, and input from industry, academia, civil society, and government.
NIST frames the AI RMF around trustworthiness in the design, development, use, and evaluation of AI products, services, and systems. In practice, that places it among the teams that already meet: governance, model risk, security, privacy, product, procurement, legal, compliance, and audit.
The four official descriptors are worth keeping clear:
- Voluntary: adoption is a choice unless another law, contract, policy, or agency requirement incorporates it.
- Rights-preserving: it is built around civil rights, civil liberties, privacy, and human impact.
- Non-sector-specific: it applies across industries rather than being tailored to a single vertical.
- Use-case agnostic: it can be applied to many kinds of AI systems, from scoring models to generative AI tools.
NIST released the framework with a companion AI RMF Playbook and later launched the Trustworthy and Responsible AI Resource Center to host related materials, profiles, and implementation resources.
Purpose and Scope
What Problems Does It Address?
The AI RMF starts from a precise view of risk: risk depends on both the probability of an event and the magnitude of its consequences. That keeps teams from treating AI risk as a vague ethical concern or a purely technical defect. A low-probability failure can still matter if the harm is severe, and a modest failure can become serious if it happens at scale.
NIST also takes a socio-technical view. The framework is concerned not only with model performance, but with how AI systems interact with people, institutions, business processes, and society. It covers harms to:
- Individuals: such as discrimination, loss of opportunity, privacy violations, or physical and psychological harm.
- Organizations: such as operational failures, security exposure, reputational damage, or compliance problems.
- Society: such as discrimination at scale, erosion of public trust, or broader economic harm.
That scope is broader than the shorthand phrase ‘AI ethics.’ The AI RMF follows risk across the AI lifecycle: design, data collection, development, evaluation, deployment, monitoring, updates, and retirement.
Who Is It For?
NIST designed the AI RMF for the full AI ecosystem. It can be used by developers building AI systems, deployers putting them into real workflows, acquirers buying AI products, evaluators testing them, auditors reviewing them, and users who rely on AI outputs.
For private organizations, the framework remains voluntary by default. It can still become practically important through procurement requirements, customer expectations, sector rules, internal governance policies, or alignment with other standards.
For U.S. federal agencies, the status is more nuanced. Executive Order 14110 and OMB Memorandum M-24-10 previously pushed agencies toward AI RMF-aligned practices for safety-impacting and rights-impacting AI. Executive Order 14110 was revoked in January 2025, and a later White House order directed agencies and OMB to review, revise, or rescind related actions where appropriate. The practical takeaway is that the AI RMF remains an important federal reference point, but current obligations should be checked against active OMB guidance, agency policy, procurement terms, and applicable law.
The Seven Characteristics of Trustworthy AI
NIST uses seven characteristics to describe trustworthy AI. They should not be treated like a scoreboard where every trait is pushed to the maximum. Real systems involve tradeoffs. Stronger privacy protections may limit explainability, and tighter security controls may affect usability or speed.
The Four Core Functions: Govern, Map, Measure, Manage
The AI RMF organizes AI risk management into four functions: Govern, Map, Measure, and Manage. The labels are simple, but together they describe how AI risk work actually gets organized inside an institution.
How the Functions Relate to Each Other
The functions are not four equal steps in a neat sequence. Govern runs across the whole process. It creates policies, roles, oversight, accountability, and culture that make the other work possible. Map, Measure, and Manage are then applied to specific AI systems and use cases.
The cycle also repeats. When a model is updated, a vendor changes its system, a dataset shifts, or the deployment context changes. The organization may need to map the system again, measure new risks, and adjust how those risks are managed.
Govern
Govern establishes how an organization makes AI risk decisions. It defines ownership, accountability, policies, training, documentation expectations, escalation paths, and how AI risk connects to existing risk, security, privacy, legal, and product governance.
Map
Map frames the system in context. Teams document the intended purpose, users, affected stakeholders, data sources, assumptions, limitations, foreseeable misuse, and categories of harm. A model cannot be responsibly measured or managed until the organization understands where and how it will be used.
Measure
The measure evaluates the risks identified during mapping. Depending on the system, that can include performance testing, robustness checks, fairness testing, privacy assessment, security testing, red teaming, human-factors review, and evaluation across subpopulations or operating conditions.
Manage
Manage turns assessment into decisions. The organization prioritizes risks, selects mitigations, accepts or transfers some risks, sets monitoring triggers, defines rollback paths, and decides whether a system should be deployed, limited, redesigned, or retired.
The AI RMF’s Three-Layer Structure
The AI RMF is easier to understand as a set of connected resources rather than a single static document.
The AI RMF Core
The Core is the conceptual backbone. It defines the four functions and breaks them into categories and subcategories that describe desired AI risk management outcomes.
The AI RMF Playbook
The Playbook is the operational layer. It provides implementation guidance, example actions, documentation prompts, and controls aligned to the four functions. For teams trying to turn the framework into day-to-day work, the Playbook is usually the most useful starting point.
AI RMF Profiles
Profiles adapt the framework to particular sectors or use cases. The Generative AI Profile, NIST AI 600-1, was released in July 2024 and focuses on risks such as hallucinations, intellectual property concerns, content safety, data leakage, and prompt injection. NIST has also continued expanding the profile ecosystem, including 2026 work on trustworthy AI in critical infrastructure.
How the NIST AI RMF Compares to Related Frameworks
NIST AI RMF vs. NIST Cybersecurity Framework
The two frameworks share a risk-management philosophy, but they are aimed at different problems. The Cybersecurity Framework manages cybersecurity risk to information systems. The AI RMF manages AI risk, including technical, safety, privacy, fairness, accountability, and societal dimensions. They can complement each other, but one does not replace the other.
NIST AI RMF vs. ISO/IEC 42001
ISO/IEC 42001 is a certifiable AI management system standard. An organization can be audited against it. The NIST AI RMF is not certifiable; it is outcome-oriented guidance. Many organizations use the AI RMF to shape risk practices and ISO/IEC 42001 when they need a formal management system.
NIST AI RMF vs. EU AI Act
The EU AI Act is a binding law. It classifies AI systems by risk and imposes legal obligations on certain systems and providers. The AI RMF can help organize risk management work that supports compliance, but adopting it is not the same as complying with the EU AI Act.
How the Framework Was Developed
NIST developed the AI RMF through an open, consensus-oriented process that included requests for information, workshops, drafts, public comments, and input from hundreds of organizations. That process is part of why the framework is widely cited: it reflects a broad policy and technical conversation, not one vendor’s view of responsible AI.
NIST also treats the AI RMF as living guidance. The Playbook can be updated, profiles can be added, and AI RMF 1.0 is being revised as AI practices and risks evolve.
Common Misconceptions
It is a compliance regulation. Not by default. The AI RMF is voluntary guidance, though it may be incorporated into contracts, procurement language, agency policies, or compliance programs.
It only covers technical risks. No. It explicitly includes harms to individuals, organizations, and society, such as discrimination, loss of opportunity, harm to privacy, and erosion of trust.
It guarantees trustworthy AI. No framework can guarantee that. The AI RMF improves the discipline of risk management; outcomes still depend on implementation, oversight, testing, and monitoring.
The four functions are a one-time sequence. They are iterative. Govern sits across the process, while Map, Measure, and Manage repeat as the system or its context changes.
It is only for AI developers. The framework applies to a wider ecosystem: deployers, acquirers, evaluators, auditors, business owners, and users all have roles in managing AI risk.
Conclusion
The NIST AI Risk Management Framework is one of the most widely referenced foundations for responsible AI risk management. Its value is not that it certifies a system or turns AI governance into a checklist. Its value is that it gives organizations a precise, shared structure for thinking through AI risk: trustworthy AI characteristics, a lifecycle view of harm, four operating functions, and supporting resources such as the Playbook and Profiles.
Used well, the AI RMF helps teams move from broad statements about responsible AI to concrete decisions about ownership, documentation, testing, monitoring, and response. That is why it remains useful for organizations that build, buy, deploy, or govern AI systems at scale.
