Last reviewed: April 26, 2026
Key Takeaways
- The NIST AI Risk Management Framework (AI RMF 1.0) is a voluntary framework organized into four core functions — Govern, Map, Measure, Manage — with 19 categories and 72 subcategories covering every aspect of AI risk management.
- It survived the Biden-to-Trump transition intact because it requires no executive order authority. It is the most durable piece of US AI governance infrastructure.
- Colorado’s AI Act explicitly names NIST AI RMF compliance as an affirmative defense, creating a rebuttable presumption of reasonable care. Other states are likely to follow.
- Organizations with mature NIST AI RMF implementations have approximately 60-70% of the foundation needed for EU AI Act compliance — but critical gaps remain (conformity assessment, mandatory incident reporting, penalties).
- The framework is voluntary today. It is becoming de facto required through federal procurement rules (OMB M-25-21, M-25-22), state law references, and international standards convergence.
What the NIST AI RMF Is
The NIST AI Risk Management Framework (AI 100-1) was published on January 26, 2023. It provides voluntary guidance for organizations designing, developing, deploying, or using AI systems. (NIST AI 100-1 PDF)
Three things to understand before going further:
It is not a law. The framework has no penalties, no enforcement mechanism, and no compliance deadline. NIST cannot fine you for ignoring it.
It is increasingly referenced in law. Colorado’s AI Act names it as an affirmative defense. Federal procurement rules expect alignment with it. The EU AI Act’s Article 9 risk management requirements overlap substantially. Organizations that implement it position themselves for compliance with whatever comes next.
It survived the political transition. Unlike Biden’s EO 14110 (revoked January 2025) and OMB M-24-10 (rescinded April 2025), the NIST AI RMF was never tied to any executive order. It is a technical framework published under NIST’s standing authority. The Trump administration rebranded the AI Safety Institute as the Center for AI Standards and Innovation (CAISI) in June 2025, but the AI RMF itself is unaffected. There is no “AI RMF 2.0” — NIST is updating the framework through companion profiles, not a major version release.
The Four Core Functions
The framework is built on four functions. Govern is cross-cutting — it applies to everything. Map, Measure, and Manage are sequential: you identify risks, assess them, then respond.
Govern: Build the Foundation First
Govern establishes the organizational infrastructure for AI risk management. Without it, the other three functions have no institutional support. It has 6 categories and 22 subcategories — the largest function.
What Govern covers:
- Policies and processes (GOVERN 1). Document your AI risk management policies. Define roles, responsibilities, and escalation paths. Establish mechanisms to inventory all AI systems in your organization. Plan for decommissioning AI systems when they no longer meet standards.
- Accountability (GOVERN 2). Assign clear ownership. Ensure executive leadership takes responsibility for AI risk decisions — not just the engineering team. Train personnel on AI risk management.
- Diverse teams (GOVERN 3). Decision-making should involve people with different backgrounds, disciplines, and expertise. This is where NIST explicitly addresses the risk that homogeneous teams produce homogeneous (and potentially biased) AI systems.
- Risk culture (GOVERN 4). Foster a critical-thinking, safety-first mindset. Document risks openly. Make it easy — not career-threatening — for team members to flag AI incidents.
- External engagement (GOVERN 5). Collect feedback from users, affected communities, and external experts. Integrate that feedback into system design.
- Third-party risk (GOVERN 6). Address AI risks from vendors, open-source components, and supply chain dependencies. Have contingency plans for when third-party AI systems fail.
Practical starting point: Begin with GOVERN 1.1 (understand your legal and regulatory requirements) and GOVERN 1.6 (inventory your AI systems). You cannot manage risks in systems you do not know you have.
Map: Identify What Can Go Wrong
Map establishes context and identifies risks before you build or deploy. It has 5 categories and 16 subcategories.
What Map covers:
- Context (MAP 1). Document the intended purpose of your AI system, the laws and norms that apply, and the settings where it will be deployed. Define your organization’s risk tolerance. This step prevents the common failure of building first and asking “is this legal?” later.
- Categorization (MAP 2). Define what the AI system actually does — is it a classifier, a recommendation engine, a generative model? Document its limitations and the human oversight arrangements.
- Benefits and costs (MAP 3). Examine both. Costs include non-monetary harms: reputational damage, loss of public trust, harm to individuals. Specify the intended scope of the system.
- Component risks (MAP 4). Map risks from third-party software, pre-trained models, datasets, and APIs. If you fine-tune a foundation model, the risks of that model become your risks.
- Impact assessment (MAP 5). Characterize impacts on individuals, groups, communities, and society. Use past incidents, user feedback, and domain expertise to estimate likelihood and severity.
Practical starting point: For each AI system, fill out MAP 1.1 (intended purpose, applicable laws, deployment settings) and MAP 2.2 (knowledge limits and human oversight). These two subcategories alone prevent most deployment-stage surprises.
Measure: Test Before You Trust
Measure defines how you evaluate AI systems for trustworthiness. It has 4 categories and 20 subcategories — the most technically detailed function.
What Measure covers:
- Metrics and methods (MEASURE 1). Select appropriate measurement approaches starting with the most significant risks. Regularly reassess whether your metrics are still effective.
- Trustworthiness evaluation (MEASURE 2). Evaluate the system against seven trustworthiness characteristics: valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with managed bias. This is the function’s core — 13 subcategories covering every angle of AI evaluation.
- Risk tracking (MEASURE 3). Track identified risks over time. Include mechanisms for end users and affected communities to report problems and appeal outcomes.
- Feedback on measurement (MEASURE 4). Assess whether your measurement approaches are actually working. Connect measurement to deployment context and domain expertise.
Practical starting point: MEASURE 2.5 (validity and reliability) and MEASURE 2.11 (fairness and bias evaluation) are where most organizations start because they address the two failure modes that generate the most legal exposure.
Manage: Respond and Monitor
Manage covers risk treatment, ongoing monitoring, and incident response. It has 4 categories and 14 subcategories.
What Manage covers:
- Risk prioritization (MANAGE 1). Based on what MAP and MEASURE found, decide whether to proceed with the AI system. Prioritize risk responses based on impact, likelihood, and available resources. Document negative residual risks that users and downstream acquirers need to know about.
- Benefit maximization (MANAGE 2). Consider non-AI alternatives. Establish mechanisms to sustain value over time. Include procedures for handling previously unknown risks — because they will appear.
- Third-party management (MANAGE 3). Monitor third-party AI risks regularly. Pre-trained models require ongoing monitoring, not just initial evaluation.
- Monitoring and communication (MANAGE 4). Post-deployment monitoring plans that include user feedback, appeal mechanisms, decommissioning procedures, and incident response. Communicate incidents to relevant people promptly.
Practical starting point: MANAGE 1.1 (go/no-go decision on deployment) and MANAGE 4.1 (post-deployment monitoring plan). The first prevents premature deployment; the second catches problems after deployment.
The Generative AI Profile (NIST AI 600-1)
Published in July 2024, the Generative AI Profile layers GenAI-specific guidance onto the AI RMF’s existing structure. It identifies 12 risks unique to or amplified by generative AI. (NIST AI 600-1 PDF)
The most consequential for practitioners:
| Risk | Why It Matters |
|---|---|
| Confabulation | GenAI confidently generates false content. Users may act on incorrect outputs without verification. |
| Data privacy | Training data may contain personal information that surfaces in outputs. |
| Harmful bias | Biases from training data are amplified, not just reproduced. |
| Information security | Prompt injection, data poisoning, and model theft are novel attack surfaces. |
| Intellectual property | Training on copyrighted material creates legal exposure. Output may reproduce protected content. |
| Value chain integration | Foundation models inherit risks from upstream; fine-tuning inherits risks from the base model. |
The Profile does not create new functions. Each risk is mapped to specific GOVERN, MAP, MEASURE, and MANAGE subcategories with GenAI-specific actions. If you have already implemented AI RMF 1.0, the GenAI Profile extends your existing system rather than replacing it.
Implementing NIST AI RMF: A Realistic Walkthrough
Most organizations approach implementation wrong. They read all 72 subcategories and conclude it is overwhelming. The framework is designed to be scoped — not every subcategory applies to every system.
Phase 1: Governance foundation (weeks 1-4)
- Inventory your AI systems (GOVERN 1.6)
- Identify legal and regulatory requirements (GOVERN 1.1)
- Assign AI risk management roles and responsibilities (GOVERN 2.1)
- Draft initial AI risk management policy (GOVERN 1.2)
Phase 2: Context and risk identification (weeks 5-8)
- For each high-priority AI system, document purpose, scope, and deployment context (MAP 1.1)
- Identify applicable trustworthiness characteristics (MAP 2)
- Assess third-party component risks (MAP 4)
- Conduct initial impact assessment (MAP 5)
Phase 3: Measurement and evaluation (weeks 9-14)
- Select metrics for highest-priority risks (MEASURE 1.1)
- Evaluate fairness and bias (MEASURE 2.11)
- Test validity and reliability (MEASURE 2.5)
- Document security evaluation (MEASURE 2.7)
Phase 4: Risk treatment and monitoring (weeks 15-20)
- Prioritize and respond to identified risks (MANAGE 1.2, 1.3)
- Establish post-deployment monitoring (MANAGE 4.1)
- Document incident response procedures (MANAGE 4.3)
- Set up user feedback and appeal mechanisms (MEASURE 3.3)
These timelines assume a mid-size organization with 5-15 AI systems. Smaller organizations may move faster; large enterprises with hundreds of AI systems should expect 6-12 months for initial implementation.
NIST AI RMF vs. EU AI Act Article 9
Organizations operating in both the US and EU need to understand where these frameworks overlap — and where NIST alone falls short. For the EU side of this comparison, see our EU AI Act conformity assessment guide and Annex III high-risk classification.
| Dimension | NIST AI RMF | EU AI Act |
|---|---|---|
| Legal status | Voluntary | Mandatory (penalties up to EUR 35M or 7% turnover) |
| Risk classification | Organization-defined | Four tiers defined by law (Annex III) |
| Governance | GOVERN function | Art. 9 (risk management), Art. 16-17 (provider obligations) |
| Risk identification | MAP function | Art. 6 + Annex III, Art. 10 (data governance), Art. 27 (FRIA) |
| Testing | MEASURE function | Art. 9(6-7), Art. 15 (accuracy/robustness), Art. 43 (conformity assessment) |
| Risk treatment | MANAGE function | Art. 9(2)(b), Art. 20 (corrective actions), Art. 72-73 (post-market monitoring, incident reporting) |
| Certification | None | CE marking + conformity assessment required |
| Incident reporting | Voluntary | Mandatory within 15 days for serious incidents (Art. 73) |
| Registration | None | EU database registration required (Art. 71) |
The 60-70% overlap: Organizations with mature NIST implementations cover governance structures, risk identification, testing methodologies, and monitoring processes. These map cleanly to EU requirements.
The 30-40% gap: Mandatory conformity assessment procedures, CE marking, EU database registration, mandatory incident reporting timelines, fundamental rights impact assessment (Art. 27, which is more prescriptive than NIST MAP 5), and the penalties that give the whole system teeth.
NIST AI RMF vs. ISO/IEC 42001
NIST published an official crosswalk between the AI RMF and ISO 42001. (Crosswalk PDF)
| Dimension | NIST AI RMF | ISO/IEC 42001 |
|---|---|---|
| Type | Voluntary framework | Certifiable management system standard |
| Structure | 4 functions, 19 categories, 72 subcategories | ISO clause-based (similar to ISO 27001) |
| Certification | No formal certification | Third-party certifiable |
| Approach | Flexible, outcome-oriented | Structured, audit-driven, document-heavy |
| Best for | Organizations starting AI governance from scratch | Organizations needing formal certification for clients or regulators |
The two are complementary: NIST provides the flexible risk guidance, ISO 42001 provides the certifiable management system. Many organizations use NIST to inform their ISO 42001 implementation, reducing duplication.
Key mappings: GOVERN 1 aligns with ISO Clause 5 (Leadership) and 7.5 (Documentation). MAP 1 aligns with Clause 4.1 (Understanding the organization). MEASURE 1-2 aligns with Clause 9.1 (Monitoring and measurement). If you are ISO 27001 certified, you already have the management system infrastructure — ISO 42001 extends it to AI-specific controls.
Where NIST AI RMF Is Becoming Mandatory
The framework is voluntary by design. It is becoming required by context:
Federal procurement. OMB M-25-21 and M-25-22 (April 2025) govern federal AI use and procurement. While they do not explicitly require NIST AI RMF compliance, they reference the same governance concepts. Organizations selling AI to the government will increasingly find NIST alignment expected in solicitations. The CAISI-GSA MOU (2026) evaluates AI systems before federal deployment — using NIST-derived criteria. See our White House AI Framework 2026 analysis for the full federal procurement picture.
Colorado AI Act. Colorado SB 24-205 (effective June 30, 2026) explicitly names NIST AI RMF compliance as an affirmative defense against allegations of algorithmic discrimination. Full compliance creates a rebuttable presumption of reasonable care. For organizations operating in Colorado, NIST AI RMF implementation is the most cost-effective liability shield available — see our AI liability guide for how this fits into the broader US liability picture.
Texas TRAIGA. While Texas’s law (HB 149, effective January 1, 2026) does not name NIST specifically, its prohibited-use framework and intent-based liability structure reward organizations that can demonstrate systematic risk management — exactly what the NIST AI RMF provides. See our Texas TRAIGA compliance guide.
International convergence. The EU AI Act’s conformity assessment references international standards. NIST’s crosswalk documents demonstrate alignment. Singapore’s Model AI Governance Framework cites NIST. The UK’s AI Safety Institute (now rebranded) references NIST evaluations. Organizations implementing NIST AI RMF find it easier to demonstrate compliance across jurisdictions.
What to Do Next
1. Inventory your AI systems. You cannot manage what you do not know exists. GOVERN 1.6 is step one. Include third-party AI tools, APIs, and foundation models your teams use.
2. Start with Govern. Resist the temptation to jump to technical evaluation (Measure). Governance — policies, roles, accountability — must come first. Without institutional support, technical risk assessments produce reports that nobody acts on.
3. Scope by risk. Not every AI system requires all 72 subcategories. A customer service chatbot and an autonomous vehicle control system require different levels of rigor. Use MAP to determine appropriate scope for each system.
4. Use the Playbook. NIST’s AI RMF Playbook provides suggested actions for every subcategory. It is a living document and the best implementation companion available.
5. Map to your regulatory obligations. If you operate in the EU, use the EU AI Act crosswalk. If you operate in Colorado, document your compliance for the affirmative defense. If you sell to the US government, align with OMB M-25-21 and M-25-22.
Related Reading
US AI Regulation Series:
- AI Liability in the US — How NIST AI RMF compliance supports liability defense (Mobley v. Workday, BIPA, Section 230)
- Texas TRAIGA Compliance Guide — The state law where NIST implementation demonstrates good faith
- White House AI Framework 2026 — Federal procurement context (OMB M-25-21, M-26-04, EO 14365)
- Colorado AI Act 2026: What Developers and Deployers Must Do — the closest US state analogue to EU Annex III; KILO draft watch
- SEC and AI: What Financial Firms Need to Know — sector enforcement playbook, six AI washing cases
- EU vs US AI Regulation: The Definitive Comparison — cross-jurisdiction picture, NIST RMF as bridge, Digital Omnibus status
- Colorado High-Risk AI Classifier (interactive tool) — test your AI system against SB 24-205 in six questions
- Illinois AI Employment Law 2026: AIVICA + HB 3773 — disparate-impact standard with private right of action via IHRA
- NYC Local Law 144: AI Bias Audit Guide — first US mandatory bias audit; DCWP enforcement now active
- FDA AI Medical Devices: PCCP + EU AI Act Comparison — 1,451+ AI devices authorized; PCCP framework for adaptive AI
EU Comparison:
- EU AI Act Conformity Assessment — The mandatory equivalent of NIST’s voluntary risk management
- EU AI Act Annex III Explained — How the EU classifies high-risk AI vs. NIST’s organization-defined approach
Sources
Primary Sources
- NIST, “AI Risk Management Framework (AI RMF 1.0),” NIST AI 100-1, January 26, 2023 (PDF)
- NIST, “Generative AI Profile,” NIST AI 600-1, July 26, 2024 (PDF)
- NIST, “AI RMF Playbook” (airc.nist.gov)
- NIST, “AI RMF to ISO/IEC 42001 Crosswalk” (PDF)
- NIST, “Cybersecurity Framework Profile for AI,” IR 8596, December 2025 (CSRC)
- Colorado SB 24-205, Colorado AI Act (leg.colorado.gov)
- OMB M-25-21, “Accelerating Federal Use of AI,” April 3, 2025
- OMB M-25-22, “Driving Efficient Acquisition of AI in Government,” April 3, 2025
Analysis
- Brookings, “New OMB memos signal continuity in federal AI policy” (brookings.edu)
- CSET Georgetown, “The Executive Order on Removing Barriers to American Leadership in AI”
This article provides general information about AI regulation and does not constitute legal advice. Laws and policies change frequently. Consult qualified legal counsel for compliance decisions specific to your organization.