The US Department of Commerce's National Institute of Standards and Technology (NIST) has released the first version of its new AI Risk Management Framework (AI RMF 1.0), a guidance document for organizations designing, developing, deploying or using AI systems to help manage the many risks of AI technologies. This is a very timely framework as AI goes mainstream with the viral ChatGPT solution from OpenAI.
The AI RMF is accompanied by a companion playbook that suggests ways to navigate and use the framework to incorporate trustworthiness considerations in the design, development, deployment, and use of AI systems. The framework is divided into two parts, first discussing how organizations can frame the risks related to AI and outlines the characteristics of trustworthy AI systems. The second part, the core of the framework, describes four specific functions — govern, map, measure and manage — to help organizations address the risks of AI systems in practice.

Brad Fisher, CEO, Lumenova AI, shared support for the framework and outlined the challenges ahead of the AI industry: “The NIST AI RMF is comprehensive and balanced – very high quality. While other frameworks exist, the NIST framework will likely become the de facto standard followed in the US and, to a large extent, globally. The challenge will come in implementation because many of the objectives that it raises are not easily answered and will require thorough evaluation by business leaders, AI leaders and AI practitioners to evaluate the complexities from a policy perspective, recognizing the implications on various stakeholders, such as customers, employees, and others. This won’t be quick and it won’t be easy.
Another challenge is the fact that the AI RMF is intended for voluntary use. As in many things that are voluntary, early adopters that use this guidance are likely the ones who are better able to comply with its provisions, whereas those who choose not to adopt it may be those with more problematic situations – in other words, those that really need it. Since the creation of this RMF is based on a Congressional action, a follow-on Congressional action is necessary to make sure that all companies meeting a certain threshold are required to comply with this guidance.”
###