When does the NIST AI RMF take effect?

The NIST AI Risk Management Framework 1.0 took effect on January 26, 2023.

What are the key requirements of the NIST AI RMF?

Govern: establish organizational policies, roles, and culture for AI risk management Map: identify and categorize AI risks in context of deployment Measure: analyze and track identified AI risks

AI Policy Desk

US Federal·In Effect·Effective January 26, 2023

NIST AI Risk Management Framework 1.0

A voluntary framework from the National Institute of Standards and Technology helping organizations manage AI risks. Organized around four functions: Govern, Map, Measure, and Manage. Widely adopted as the de facto AI governance standard in the US and referenced in multiple state AI laws.

What this means for your team

The NIST AI RMF is voluntary — there is no legal penalty for not following it. But it provides the most practical, detailed guidance available for building an AI governance program from scratch. Its four-function structure (Govern, Map, Measure, Manage) maps well to the governance activities small teams can actually implement: documenting AI use, assessing risks, tracking incidents, and improving over time. Several US state laws offer compliance safe harbors to organizations that follow the NIST AI RMF.

Key requirements

Govern: establish organizational policies, roles, and culture for AI risk management
Map: identify and categorize AI risks in context of deployment
Measure: analyze and track identified AI risks
Manage: implement risk response actions and monitor effectiveness
Profile: create organization-specific risk management targets

Key terms

AI Governance AI Risk Assessment AI Audit AI Inventory Human Oversight

NIST AI Risk Management Framework 1.0

What this means for your team

Key requirements

Key terms

Further reading

NIST AI Risk Management Framework 1.0

What this means for your team

Key requirements

Key terms

Further reading