NIST AI Risk Management Framework is a Technical standard from US, adopted on 2023-01-26 and effective 2023-01-26. Current status: In force. Voluntary. Four functions (Govern / Map / Measure / Manage). GenAI Profile (NIST AI 600-1) added 2024 for GPAI-specific guidance.
Scope and obligations
Voluntary. Four functions (Govern / Map / Measure / Manage). GenAI Profile (NIST AI 600-1) added 2024 for GPAI-specific guidance.
NIST AI Risk Management Framework addresses 2 contested AI-governance topics explicitly, 6 via general principles,.
Topics governed
- governsFoundation Models / GPAI— GenAI Profile (NIST AI 600-1, 2024)
- implicitDeepfakes / Synthetic Content— GenAI Profile addresses synthetic content
- governsTransparency Obligations— Trustworthy characteristics 5 (transparency) + 6 (explainability)
- implicitIndividual Redress— Accountability characteristic
- implicitTraining-Data Rights— Manage 4: data integrity
- implicitCatastrophic & Existential Risk— Map 1.1 risk classification covers catastrophic via 'societal' impact tier; GenAI Profile (2024) adds explicit content
- implicitAgentic AI Governance— Map / Manage functions apply to autonomous systems; no agent-specific profile yet
- implicitSynthetic Content Provenance— General framework applies; provenance-specific guidance lives in the GenAI Profile
Enforcement record
Documented enforcement actions catalogued against NIST AI Risk Management Framework (or against rules that this instrument now subsumes).
- FTC investigation of OpenAIUS · 2023 · ongoingFederal Trade Commission v. OpenAI — Civil Investigative Demand alleging consumer-protection violations: misleading claims about ChatGPT capabilities, training-data privacy, and consumer harm from hallucinations.Lesson: First US federal enforcement action against a frontier-AI developer. Establishes that pre-AI-statute consumer-protection authority (FTC §5) can be applied to AI services — supports the US 'sectoral / ex-post liability' regime (vs EU's ex-ante AIA). Action remains pending; no judgment yet.Source record →news secondary
Cross-jurisdiction comparison
How peer instruments treat the topics NIST AI Risk Management Framework governs.
| Topic | EU-AIA-2024 | US-EO-14110 | US-EO-14179 | UK-WHITEPAPER-2023 | CN-GENAI-2023 | G7-HIROSHIMA | OECD-AI-PRIN | COE-AI-CONV | UN-RES-2024 | BLETCHLEY-2023 | SEOUL-2024 | NIST-AI-RMF-GENAI | CA-SB-1047 | IN-DPDP-2023 | BR-AIBILL-2024 | ASEAN-AI-GUIDE-2024 | AU-AI-STRATEGY-2024 | ANTHROPIC-RSP-2024° | OPENAI-PREPAREDNESS-2023° | DEEPMIND-FSF-2024° | META-FRONTIER-2024° | UK-US-AISI-MOU-2024 | WH-VOLUNTARY-2023 | SG-MODEL-AI-2024 | JP-METI-AI-2024 | NYC-LL-144-2021 | CO-SB-24-205 | IL-HB-3773-2024 | EU-GDPR-2016 | EU-GPAI-COP-2025 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Foundation Models / GPAI | governs | governs | silent | implicit | governs | governs | implicit | implicit | silent | governs | governs | governs | governs | implicit | governs | implicit | silent | governs | governs | governs | governs | governs | governs | governs | governs | silent | silent | silent | silent | governs |
| Transparency Obligations | governs | implicit | silent | implicit | conflicts | governs | governs | governs | implicit | implicit | governs | governs | implicit | implicit | governs | governs | silent | governs | implicit | implicit | governs | implicit | governs | governs | governs | silent | silent | silent | governs | governs |
°= industry self-imposed voluntary framework. Comparing a voluntary code's "governs" tint with a binding regulation's "governs" tint flattens the legal-force distinction; use the instrument-page banner for the operative status of each.
How to cite this article
APA 7
Policy Window. (2023). NIST AI Risk Management Framework [Wiki article — Instrument]. https://policywindow.org/wiki/nist-ai-rmf
Chicago 17
Policy Window. 2023. "NIST AI Risk Management Framework." Wiki article (Instrument). https://policywindow.org/wiki/nist-ai-rmf.
BibTeX
@misc{policywindow-nist-ai-rmf,
title = {NIST AI Risk Management Framework},
author = {Policy Window},
year = {2023},
howpublished = {NIST AI 100-1},
url = {https://policywindow.org/wiki/nist-ai-rmf},
note = {Primary source: https://www.nist.gov/itl/ai-risk-management-framework}
}References
- NIST AI 100-1
- GenAI Profile (NIST AI 600-1, 2024)
- GenAI Profile addresses synthetic content
- Trustworthy characteristics 5 (transparency) + 6 (explainability)
- Accountability characteristic
- Manage 4: data integrity
- Map 1.1 risk classification covers catastrophic via 'societal' impact tier; GenAI Profile (2024) adds explicit content
- Map / Manage functions apply to autonomous systems; no agent-specific profile yet
- General framework applies; provenance-specific guidance lives in the GenAI Profile
Cite this article
6 formats · 1-click copyPersistent identifier: https://policywindow.org/wiki/nist-ai-rmf — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Track this article
Save NIST AI Risk Management Framework to your local reading list, follow the RSS changelog for any catalog change, or compare with a peer article. All three work without signup.