EAAPL-CMP006 — NIST AI Risk Management Framework Implementation
Status: Proven
Tags: nist-ai-rmf model-risk governance traceability high-complexity
Version: 1.2
Last Updated: 2026-06-12
Author: Enterprise AI Architecture Pattern Library
1. Executive Summary
The NIST AI Risk Management Framework 1.0 (NIST AI RMF, published January 2023) provides a voluntary, non-prescriptive framework for organisations to identify, assess, and manage risks throughout the AI lifecycle. Unlike ISO 42001 (certifiable) or the EU AI Act (legally binding), NIST AI RMF is a risk-based practice guide designed for broad adoption across industries and organisation sizes. Its four core functions—GOVERN, MAP, MEASURE, and MANAGE—provide a structured vocabulary and set of practices that complement any regulatory compliance programme.
This pattern provides an enterprise architecture for implementing all four NIST AI RMF core functions, mapping each function's actions (from GOVERN 1.1 through MANAGE 4.4) to specific architectural controls, governance processes, and technology components. It enables organisations to demonstrate structured AI risk management to US federal agencies, financial regulators (OCC Model Risk Management guidance aligns with RMF principles), and enterprise customers requiring evidence of AI governance maturity. The pattern is designed to integrate with ISO 42001 AIMS (where deployed) and to serve as a standalone governance framework where ISO 42001 is not pursued.
2. Problem Statement
Business Problem
US federal contractors and regulated entities (banks under OCC SR 11-7 Model Risk Management guidance, healthcare entities under FDA AI/ML guidance) face growing expectations from regulators and customers to demonstrate structured AI risk management. Without a recognised framework, organisations cannot demonstrate governance maturity, cannot respond coherently to regulatory inquiries, and cannot consistently identify and mitigate AI risks before they materialise as incidents.
Technical Problem
AI risk management in most organisations is fragmented: security teams assess cybersecurity risk, data scientists assess model performance risk, ethics committees assess fairness risk—but there is no unified framework that connects these assessments to a common risk taxonomy, aggregates findings into a consolidated risk view, and ensures that identified risks receive appropriate treatment with tracked accountability.
Symptoms
- AI risk assessments use different methodologies and risk taxonomies across business units
- AI risk findings are not tracked to closure with accountability
- There is no consolidated AI risk view available to senior management
- AI systems are deployed without formal risk treatment plans
- Residual AI risks are not documented or accepted by appropriate risk owners
Cost of Inaction
| Dimension |
Consequence |
| Regulatory |
US federal contract ineligibility (NIST AI RMF referenced in EO 14110); OCC enforcement for model risk management gaps |
| Commercial |
Loss of enterprise contracts requiring AI governance evidence; cyber insurance exclusions |
| Operational |
Unmanaged AI risks materialise as incidents—bias at scale, AI system failures, data breaches |
| Strategic |
Cannot participate in US federal AI programmes that reference NIST AI RMF (e.g., AI Safety Institute evaluations) |
3. Context
When to Apply
- Organisations serving the US federal government or seeking federal AI safety evaluation
- Financial services entities subject to OCC Model Risk Management guidance (SR 11-7 equivalent)
- Healthcare organisations seeking FDA AI/ML Software as a Medical Device alignment
- Any enterprise seeking a voluntary, internationally recognised AI risk management framework
- Organisations where ISO 42001 certification is not required but structured governance is
When NOT to Apply
- Where legally binding obligations (EU AI Act, APRA) require specific compliance architecture—NIST AI RMF complements but does not replace these obligations
- Organisations in early AI exploration with no production AI (too early for full framework adoption)
Prerequisites
| Prerequisite |
Description |
| AI Inventory |
Basic catalogue of AI systems and intended uses |
| Risk Appetite Statement |
Documented organisational risk tolerance that can be applied to AI risks |
| Executive Sponsorship |
Senior leadership commitment to AI risk management (GOVERN function) |
| Cross-Functional Team |
AI risk management requires collaboration between technology, legal, data science, ethics, and operations |
Industry Applicability
| Industry |
NIST AI RMF Relevance |
Key Alignment |
| US Federal Contractors |
Mandatory reference (EO 14110) |
All four functions; AI Safety evaluations |
| Financial Services |
High — OCC, Fed, FDIC model risk expectations |
GOVERN + MAP: model risk inventory; MEASURE: performance validation |
| Healthcare / Life Sciences |
High — FDA AI/ML SaMD guidance |
MAP: intended use documentation; MEASURE: clinical performance; MANAGE: adverse event |
| Defence / National Security |
High — DoD AI ethical principles |
GOVERN: AI ethics programme; MAP: mission risk context |
| Technology / AI Developers |
Medium-High |
All functions; AI product liability risk management |
| Higher Education and Research |
Medium |
GOVERN and MAP for AI research governance |
4. Architecture Overview
The NIST AI RMF Implementation Architecture mirrors the framework's four core functions, each with a distinct architectural layer that operationalises the function's actions into enterprise processes and technical controls.
GOVERN Function — AI Risk Governance Structures
The GOVERN function is the foundation for all other functions. It establishes the organisational policies, processes, and accountabilities that enable MAP, MEASURE, and MANAGE to operate consistently. Architecturally, GOVERN requires: an AI Risk Governance Framework document approved by senior leadership that defines risk appetite, escalation paths, and accountability structures (GOVERN 1.1); a cross-functional AI Risk Committee or equivalent governance body (GOVERN 1.2); AI risk management policies and procedures integrated into the organisation's risk management framework (GOVERN 1.3); established processes for teams to raise AI risks without fear of retaliation (GOVERN 1.4); documented organisational roles with AI risk responsibilities (GOVERN 2.1–2.2); mechanisms to understand the sociotechnical context in which AI operates (GOVERN 3.1–3.2); team practices that support diverse perspectives in AI risk identification (GOVERN 4.1–4.2); and accountability for AI risk outcomes at the organisational level (GOVERN 5.1–5.2) and at the supply chain level (GOVERN 6.1–6.2).
MAP Function — Context Establishment and Risk Identification
The MAP function operationalises risk identification: before risks can be measured or managed, they must be discovered and characterised. MAP requires: establishing the context of the AI system's intended use and deployment environment (MAP 1.1–1.6); categorising AI risks using the RMF's taxonomy of trustworthiness characteristics (valid/reliable, safe, secure/resilient, explainable, privacy-enhanced, fair with managed bias, accountable/transparent) (MAP 2.1–2.3); identifying potential impacts on individuals, communities, and organisations from AI system failures or misuse (MAP 3.1–3.5); characterising the data and technical risks in the AI system's inputs, model, and outputs (MAP 4.1–4.2); and identifying the AI risks in the context of interdependencies with other systems and processes (MAP 5.1–5.2). Architecturally, MAP is operationalised through a structured AI Risk Identification process that produces an AI Risk Profile for each system, using the RMF's Trustworthiness Characteristics as the risk taxonomy.
MEASURE Function — Risk Analysis and Benchmarking
The MEASURE function operationalises risk quantification and tracking. For each identified risk, MEASURE requires: defining appropriate metrics and methodologies for measuring the risk (MEASURE 1.1–1.3); applying measurement methods and documenting results (MEASURE 2.1–2.13); tracking changes in AI risks over time through continuous monitoring (MEASURE 3.1–3.3); and assessing plans and progress towards AI risk management goals (MEASURE 4.1). Architecturally, MEASURE requires an AI Model Monitoring and Evaluation Infrastructure: automated performance tracking dashboards measuring each AI system against its defined trustworthiness metrics; bias and fairness evaluation pipelines; robustness testing programmes; explainability assessments; and risk scoring models that aggregate metrics into a risk index per AI system.
MANAGE Function — Risk Response and Treatment
The MANAGE function operationalises risk treatment: for each characterised and measured risk, MANAGE requires: allocating risk response resources and implementing treatment plans (MANAGE 1.1–1.4); identifying and managing residual risks and trade-offs (MANAGE 2.1–2.4); monitoring effectiveness of risk responses and updating treatment plans (MANAGE 3.1–3.2); and managing AI incidents and near-misses with lessons-learned integration (MANAGE 4.1–4.4). Architecturally, MANAGE requires a Risk Treatment Registry linking each identified risk to its treatment plan, responsible owner, implementation status, and residual risk acceptance record; an AI Incident Management process with RMF-aligned severity classification; and a feedback loop from incident findings to MAP (updating risk identification based on what was discovered in production).
5. Architecture Diagram
flowchart TD
subgraph Govern["GOVERN"]
A[AI Policy and Roles]
end
subgraph Map["MAP"]
B[AI Risk Profile]
C[Impact Identification]
end
subgraph Measure["MEASURE"]
D[Evaluation Pipeline]
E[Risk Score Index]
end
subgraph Manage["MANAGE"]
F[Risk Treatment Plans]
G[Incident Management]
end
A --> B
B --> C
C --> D
D --> E
E --> F
F --> G
G -->|feedback| B
E -->|dashboard| A
style A fill:#dbeafe,stroke:#3b82f6
style B fill:#f0fdf4,stroke:#22c55e
style C fill:#f0fdf4,stroke:#22c55e
style D fill:#f0fdf4,stroke:#22c55e
style E fill:#fef9c3,stroke:#eab308
style F fill:#d1fae5,stroke:#10b981
style G fill:#fee2e2,stroke:#ef4444
6. Components
| Component |
Type |
Responsibility |
Technology Options |
Criticality |
| AI Risk Governance Framework |
Governance |
Define risk appetite, escalation, accountability for AI risk |
Policy document in DMS; Confluence; SharePoint |
Critical |
| AI Risk Committee |
Governance |
Cross-functional governance body for AI risk decisions |
Standing committee with charter; meeting cadence |
Critical |
| AI Risk Register |
Governance |
Catalogue all identified AI risks with RMF taxonomy; track treatment |
Archer, Resolver, Jira, custom |
Critical |
| AI Risk Profile Builder |
Governance |
Structured intake tool for MAP function: context + trustworthiness risk categorisation |
Custom form + workflow; OneTrust; Credo AI |
High |
| Metrics Definition Library |
Governance |
Per-trustworthiness-characteristic metric catalogue |
Internal wiki; Confluence; custom |
High |
| Bias and Fairness Evaluation |
Engineering |
Automated bias detection across demographic groups |
Fairlearn, AI Fairness 360, Aequitas, SageMaker Clarify |
High |
| Robustness Testing Pipeline |
Engineering |
Adversarial testing; out-of-distribution detection; model stability assessment |
TextAttack, CleverHans, IBM Adversarial Robustness Toolbox |
High |
| Explainability Engine |
Engineering |
SHAP/LIME explanations; feature importance; counterfactual explanations |
SHAP, LIME, Captum, Alibi, interpret-community |
High |
| Continuous Monitoring Platform |
Engineering |
Real-time AI performance tracking; drift detection; alert on metric breach |
Evidently AI, Fiddler, WhyLabs, SageMaker Monitor |
High |
| Risk Scoring Engine |
Governance |
Aggregate metrics into risk index per AI system; flag high-risk systems |
Custom scoring model; Credo AI; OneTrust |
Medium |
| Risk Treatment Registry |
Governance |
Link risks to treatment plans; track implementation status; document residual risk acceptance |
Archer, Jira, ServiceNow, custom |
Critical |
| AI Incident Manager |
Operations |
Classify, investigate, and close AI incidents; extract lessons learned |
PagerDuty, ServiceNow, Jira |
High |
| Executive AI Risk Dashboard |
Reporting |
Consolidated AI risk view across all systems; RMF function completion; trend |
Power BI, Tableau, Grafana, Looker |
High |
7. Data Flow
Primary Flow (Full RMF Cycle for a New AI System)
| Step |
Actor |
Function |
Action |
Output |
| 1 |
AI Project Team |
GOVERN |
Register new AI system; assign risk owner |
AI system record in Risk Register |
| 2 |
AI Risk Function |
MAP |
Conduct context establishment: document intended use, deployment environment, affected users |
Context document |
| 3 |
AI Risk Function |
MAP |
Categorise risks using trustworthiness characteristics (valid/reliable, safe, fair, explainable, etc.) |
AI Risk Profile with categorised risks |
| 4 |
AI Risk Function |
MAP |
Identify potential impacts on individuals, communities, organisation |
Impact register for this AI system |
| 5 |
Data Science / MLOps |
MEASURE |
Define metrics for each identified risk category |
Metrics definition document |
| 6 |
Data Science / MLOps |
MEASURE |
Execute evaluation pipeline (bias, robustness, explainability, performance) |
Evaluation report with metric values |
| 7 |
Risk Scoring Engine |
MEASURE |
Aggregate metrics into risk index; classify system risk level |
Risk score; risk tier (Low/Medium/High/Critical) |
| 8 |
AI Risk Function |
MANAGE |
For each risk above threshold: define treatment plan |
Risk Treatment Plans |
| 9 |
Responsible Owner |
MANAGE |
Implement treatment plans; document residual risk |
Treatment implementation evidence; residual risk acceptance |
| 10 |
Continuous Monitor |
MEASURE |
Monitor production performance; alert on metric breach |
Monitoring alerts; updated risk scores |
| 11 |
AI Incident Manager |
MANAGE |
On incident: classify severity; investigate; extract lessons |
Incident report; lessons learned |
| 12 |
AI Risk Function |
MAP |
Update AI Risk Profile based on incident lessons |
Updated Risk Profile |
Error Flow
| Step |
Failure |
Detection |
Recovery |
| MAP Context Insufficient |
Key use-case context missing; risks not identified |
Evaluation finds unexpected bias; incident in production |
Retroactive MAP; update Risk Profile; implement missed risk treatment |
| MEASURE Metric Not Defined |
Risk identified but no metric defined to measure it |
Audit of Metrics Definition Library; risk score gap |
Define metric; execute evaluation; update risk score |
| Treatment Plan Not Implemented |
Risk identified and planned but treatment not executed |
Risk register currency check; audit |
Escalate to AI Risk Committee; implement or formally accept residual risk |
| Monitoring Alert Not Actioned |
Production metric breach alert generated but not investigated |
SLO breach escalation; post-incident review |
Formal incident; root cause; update monitoring response process |
8. Security Considerations
RMF-Aligned Security Controls
| GOVERN Action |
Security Control |
Implementation |
| GOVERN 1.1 |
AI Risk Governance Framework includes AI security risk as a risk category |
Security represented on AI Risk Committee |
| GOVERN 6.1 |
Supply chain AI risk governance covers security of third-party AI components |
Vendor security assessment; SBOM for AI |
| MAP 4.1 |
Technical risks in AI inputs, model, and outputs include security threats |
Security threat modelling integrated into MAP |
| MEASURE 2.7 |
AI system security properties assessed against benchmarks |
Penetration testing; red-teaming; adversarial robustness testing |
| MANAGE 2.2 |
Security incidents treated as AI risk events under MANAGE function |
AI Incident Manager covers security incidents |
OWASP LLM Top 10 — NIST AI RMF Function Mapping
| OWASP LLM Risk |
RMF Function |
Actions |
Control |
| LLM01 Prompt Injection |
MAP + MEASURE |
MAP 2.2 (risk categorisation: security/resilience); MEASURE 2.7 (security assessment) |
Adversarial input testing; WAF deployment |
| LLM02 Insecure Output Handling |
MAP + MANAGE |
MAP 2.3 (impact identification); MANAGE 1.3 (treatment: output validation) |
Output validation controls; content filtering |
| LLM03 Training Data Poisoning |
MAP + MEASURE |
MAP 4.1 (data risks); MEASURE 2.5 (data quality assessment) |
Training data provenance; integrity verification |
| LLM04 Model Denial of Service |
MEASURE + MANAGE |
MEASURE 3.1 (tracking changes in AI risks); MANAGE 3.1 (monitoring effectiveness) |
Availability monitoring; rate limiting; DR |
| LLM05 Supply Chain Vulnerabilities |
GOVERN + MAP |
GOVERN 6.1–6.2 (supply chain governance); MAP 5.1 (interdependency risks) |
SBOM; vendor risk assessment; component integrity |
| LLM06 Sensitive Information Disclosure |
MAP + MANAGE |
MAP 3.1 (impact on individuals: privacy); MANAGE 1.2 (treatment: PII controls) |
Output PII filtering; training data governance |
| LLM07 Insecure Plugin Design |
MAP + MEASURE |
MAP 4.2 (technical risks: tool/plugin design); MEASURE 2.7 (security properties) |
Tool least-privilege; call whitelisting |
| LLM08 Excessive Agency |
GOVERN + MAP |
GOVERN 2.1 (accountability); MAP 1.5 (context: level of automation and autonomy) |
Scope limits; human approval gates |
| LLM09 Overreliance |
MAP + MEASURE |
MAP 1.6 (context: human oversight); MEASURE 2.9 (explainability assessment) |
Confidence scoring; explanation display; user education |
| LLM10 Model Theft |
GOVERN + MANAGE |
GOVERN 1.3 (policies: IP protection); MANAGE 2.3 (residual risk: model access control) |
Model weight access control; DLP; egress monitoring |
9. Governance Considerations
RMF Function Governance
| Function |
Governance Requirement |
Owner |
Cadence |
| GOVERN |
AI Risk Governance Framework maintained; AI Risk Committee operating; accountability RACI current |
Chief Risk Officer / AI Officer |
Annual review; event-driven update |
| MAP |
AI Risk Profile completed for each AI system before deployment; updated on material change |
AI Risk Function + Business Unit AI Owner |
At intake; on material change; annual refresh |
| MEASURE |
Metrics defined and measured for all production AI systems; risk scores current |
MLOps / AI Engineering |
Continuous (automated); quarterly review |
| MANAGE |
Risk Treatment Plans in place for all risks above risk appetite; residual risks formally accepted |
AI Risk Owner per system |
On risk identification; continuous monitoring |
Governance Artefacts
| Artefact |
Description |
RMF Action |
Retention |
| AI Risk Governance Framework |
Policy + structure for AI risk management organisation-wide |
GOVERN 1.1, 1.3 |
Current + 10 years |
| AI Risk Committee Charter and Minutes |
Mandate, membership, cadence, and decisions of AI Risk Committee |
GOVERN 1.2 |
10 years |
| AI Risk Profiles |
Per-system MAP output: context, risk categorisation, impact identification |
MAP 1–5 |
Lifetime of system + 7 years |
| Metrics Definition Library |
Approved metrics for each trustworthiness characteristic category |
MEASURE 1.1 |
Current + 7 years |
| Evaluation Reports |
MEASURE pipeline results per system per evaluation cycle |
MEASURE 2.1–2.13 |
7 years |
| Risk Treatment Plans |
Treatment plan per risk above appetite; implementation evidence |
MANAGE 1.1–1.4 |
7 years |
| Residual Risk Acceptance Records |
Formally approved acceptance of residual risk by appropriate risk owner |
MANAGE 2.4 |
10 years |
| AI Incident Reports |
Incident classification, investigation, root cause, and lessons learned |
MANAGE 4.1–4.4 |
10 years |
10. Operational Considerations
Monitoring and SLOs
| SLO |
Target |
RMF Action |
Breach Action |
| AI Risk Profile Coverage |
100% of production AI systems with current Risk Profile |
MAP (all actions) |
Block new deployments; retroactive profiling for existing systems |
| Metrics Measurement Frequency |
All high-risk AI systems measured at least monthly; medium quarterly |
MEASURE 2.1–2.13 |
Alert MLOps; escalate to AI Risk Committee |
| Risk Score Currency |
All production AI systems with risk score updated within 90 days |
MEASURE 3.1 |
Automated re-evaluation trigger |
| Treatment Plan Completion |
>90% of risk treatments implemented within planned timeline |
MANAGE 1.1 |
Escalate to AI Risk Committee; formal extension or risk acceptance |
| Incident to Lessons Learned |
100% of AI incidents have lessons learned integrated into MAP within 60 days |
MANAGE 4.4 → MAP |
Audit; escalate to AI Officer |
Disaster Recovery
| Scenario |
Impact |
Recovery |
| AI Risk Register Data Loss |
Loss of risk identification records; governance blindspot |
Restore from backup; conduct emergency risk review for P0 systems |
| Continuous Monitor Outage |
MEASURE 3.x tracking gap; risk changes not detected |
Alert AI Risk Committee; manual monitoring for critical systems; restore within 24 hours |
| AI Risk Committee Quorum Failure |
MANAGE decisions cannot be made |
Deputy decision-makers designated in charter; asynchronous decision process |
11. Cost Considerations
Cost Drivers
| Cost Driver |
Indicative Cost |
Notes |
| AI Risk Governance Platform |
USD 30,000–100,000/year |
Commercial (Credo AI, OneTrust) or build on Jira/Confluence |
| Bias and Fairness Evaluation Tooling |
USD 10,000–50,000/year |
Commercial (Fiddler, Credo AI) or open source (Fairlearn) |
| Robustness and Adversarial Testing |
USD 20,000–80,000/year |
Commercial tools; red-team exercises |
| Continuous Monitoring Platform |
USD 20,000–80,000/year |
Evidently AI, WhyLabs, Fiddler |
| AI Risk Management FTE |
USD 300,000–700,000/year |
1–3 FTE dedicated to RMF programme |
| NIST AI RMF Training |
USD 5,000–20,000/year |
NIST AI RMF workshops; Playbook training |
Indicative Cost Range
| Organisation |
Annual NIST AI RMF Implementation Cost |
Notes |
| Small (<10 AI systems) |
USD 200,000–500,000 |
Lean programme; open-source tooling; 1 FTE |
| Mid-size (10–30 AI systems) |
USD 600,000–1,500,000 |
Commercial platform; dedicated team |
| Large (30+ systems, enterprise) |
USD 2,000,000–6,000,000 |
Enterprise-grade tooling; large team; integrated with existing ERM |
12. Trade-Off Analysis
Implementation Approach Options
| Option |
Description |
Pros |
Cons |
Recommended For |
| Option A: Full GOVERN + MAP + MEASURE + MANAGE |
Implement all four functions with all actions for all AI systems |
Most comprehensive; strongest evidence for regulators |
Highest cost and complexity; risk of AIMS becoming a paperwork burden |
Large enterprises; US federal contractors; regulated industries |
| Option B: Risk-Tiered Implementation |
Full implementation for high-risk AI; lighter-weight for low-risk |
Proportionate; reduces overhead for non-critical AI |
Requires consistent risk tiering methodology |
Most organisations; start here and expand |
| Option C: GOVERN + MAP First (Phase 1) |
Implement governance and risk identification before measurement and management |
Builds foundation; immediate value; lower initial cost |
Delayed measurement and treatment capability |
Organisations starting their AI risk management programme |
Architectural Tensions
| Tension |
Trade-Off |
Resolution |
| RMF Completeness vs Velocity |
Thorough MAP + MEASURE can add weeks to AI deployment timelines |
Proportionate process: lighter MAP for low-risk AI; full process for high-risk |
| Quantitative vs Qualitative Measurement |
MEASURE function ideally uses quantitative metrics; some AI risks resist quantification |
Hybrid approach: quantitative where metrics exist; qualitative structured assessment where not |
| Centralised vs Distributed Risk Ownership |
GOVERN centralises AI risk management; MANAGE requires local risk owners |
Central AI Risk Function for framework; distributed AI Risk Owners for system-level accountability |
| RMF as Regulatory Compliance vs Risk Management |
Some organisations treat RMF as a compliance tick-box |
GOVERN 1.4: establish culture of genuine risk identification; reward surfacing risks |
13. Failure Modes
| Failure |
Likelihood |
Impact |
Detection |
Recovery |
| GOVERN Not Implemented — MAP/MEASURE/MANAGE Operate Without Governance |
High |
Critical — no accountability for risk decisions; inconsistent implementation |
Audit; regulator review |
Establish GOVERN before other functions; retroactively assign accountability |
| MAP Treats All AI as Low-Risk |
High |
High — high-risk systems escape rigorous evaluation |
MEASURE finds unexpected issues; incident |
Re-classify using objective risk tiering criteria; retroactive MAP for upgraded systems |
| MEASURE Metrics Are Vanity Metrics |
Medium |
High — metrics show good results but miss real risks |
Incident exposes unmeasured risk |
Review metrics against risk taxonomy; add materially relevant metrics |
| Treatment Plans Not Funded |
Medium |
High — risks identified but not treated |
Risk Treatment Registry currency check |
Escalate funding requirement to AI Risk Committee; risk acceptance if unfunded |
| Incident Lessons Not Fed Back to MAP |
High |
High — same risks recur; MAP remains static |
Repeat incidents of same type; audit |
Enforce MANAGE 4.4 → MAP feedback loop; process gate |
Cascading Failure Scenario
An organisation implements MEASURE before GOVERN. Individual model teams define their own metrics (accuracy, AUC) without reference to the RMF trustworthiness characteristics. No fairness or explainability metrics are defined because these were not in the initial MEASURE scope. High-risk AI systems in credit decisioning and HR are deployed with strong performance metrics but no bias assessment. A regulatory review triggered by a customer complaint discovers systematic demographic bias in credit decisions. Because there is no AI Risk Register (MAP not implemented), the organisation cannot demonstrate that bias was identified as a risk. Because GOVERN was not implemented, there is no accountability structure—no one is responsible. The absence of GOVERN means there is no policy requiring bias assessment. The regulators find negligence in the governance structure, not just a technical failure.
14. Regulatory Considerations
| Regulation |
NIST AI RMF Alignment |
Architectural Control |
Reference |
| EO 14110 (US) — Safe, Secure, Trustworthy AI |
Directs federal agencies to adopt NIST AI RMF; requires AI risk management for federal contractors |
All four functions; GOVERN 1.1 |
EO 14110 Section 4.1 |
| OCC SR 11-7 Model Risk Management |
GOVERN + MAP = model risk identification; MEASURE = model validation; MANAGE = model risk response |
Model risk classification; validation programme |
OCC SR 11-7 |
| EU AI Act Article 9 — Risk Management |
MAP function = risk identification obligation; MEASURE = monitoring; MANAGE = risk treatment |
AI Risk Profile; Risk Treatment Plans |
EU AI Act Article 9 |
| ISO/IEC 42001:2023 |
GOVERN ≈ Clauses 5+6; MAP ≈ Clause 6.1; MEASURE ≈ Clause 9.1; MANAGE ≈ Clause 10 |
Integration architecture: AIMS + RMF |
ISO/IEC 42001:2023 Clause 6 |
| APRA CPG 234 |
GOVERN + MAP cover AI information security risk identification |
AI Risk Profile includes security risks |
APRA CPG 234 |
| FDA AI/ML Software as a Medical Device |
MANAGE 4.x incident monitoring aligns with FDA post-market safety reporting obligations |
AI Incident Manager with FDA report generation |
FDA AI/ML SaMD Action Plan |
| NIST Cybersecurity Framework |
RMF MAP aligns with CSF Identify; MEASURE with Detect; MANAGE with Respond/Recover |
Integration with existing CSF programme |
NIST CSF 2.0 |
15. Reference Implementations
AWS
| Component |
AWS Service / Tool |
| AI Risk Register |
Jira on AWS; ServiceNow SaaS |
| Context and Risk Profiling |
Custom intake form on AWS Amplify |
| Bias and Fairness Evaluation |
Amazon SageMaker Clarify |
| Robustness Testing |
AWS SageMaker + custom adversarial test scripts |
| Explainability |
Amazon SageMaker Clarify (SHAP) |
| Continuous Monitoring |
Amazon SageMaker Model Monitor + CloudWatch |
| Risk Dashboard |
Amazon QuickSight |
| Incident Management |
AWS Systems Manager Incident Manager |
Azure
| Component |
Azure Service / Tool |
| AI Risk Register |
Azure DevOps Boards; ServiceNow |
| Bias and Fairness Evaluation |
Azure Machine Learning Responsible AI Dashboard (Fairlearn) |
| Explainability |
Azure ML Interpretability (InterpretML) |
| Continuous Monitoring |
Azure ML Data Drift Monitor |
| Risk Dashboard |
Power BI + Azure Monitor |
| Incident Management |
Azure DevOps; PagerDuty |
GCP
| Component |
GCP Service / Tool |
| AI Risk Register |
Jira; Credo AI SaaS |
| Bias and Fairness Evaluation |
Vertex AI Explainable AI + What-If Tool |
| Continuous Monitoring |
Vertex AI Model Monitoring |
| Risk Dashboard |
Looker + Cloud Monitoring |
| Incident Management |
Cloud Ops + PagerDuty |
On-Premises
| Component |
Technology |
| AI Risk Register |
Archer; Resolver; custom PostgreSQL |
| Bias and Fairness Evaluation |
AI Fairness 360 (IBM open source); Fairlearn; Aequitas |
| Robustness Testing |
Adversarial Robustness Toolbox (IBM); TextAttack |
| Explainability |
SHAP; LIME; Alibi; Captum |
| Continuous Monitoring |
Evidently AI; WhyLabs; Grafana + Prometheus |
| Risk Dashboard |
Grafana; Metabase |
| Pattern ID |
Pattern Name |
Relationship |
Notes |
| EAAPL-CMP005 |
ISO 42001 Implementation |
COMPLEMENTARY |
ISO 42001 is the certifiable management system; NIST AI RMF provides detailed operational guidance; deploy together |
| EAAPL-CMP003 |
EU AI Act Compliance |
COMPLEMENTARY |
MAP function satisfies EU AI Act Article 9 risk assessment; MEASURE satisfies Article 61 monitoring |
| EAAPL-CMP002 |
APRA CPS234 AI Security |
COMPLEMENTARY |
GOVERN + MAP cover AI security risk; CPS234 provides additional security-specific obligations |
| EAAPL-CMP004 |
Privacy-Preserving AI |
COMPLEMENTARY |
MAP 3.1 impact on individuals includes privacy impacts; NIST AI RMF and Privacy Act both apply |
| EAAPL-AGT003 |
Human-in-the-Loop Oversight |
EXTENSION |
MANAGE 2.1 includes human oversight as a risk treatment; HITL pattern provides implementation |
| EAAPL-PLT007 |
AI Observability Platform |
PREREQUISITE |
MEASURE function requires operational AI monitoring infrastructure |
17. Maturity Assessment
Overall Maturity Label: Proven
| Dimension |
Level 1 |
Level 2 |
Level 3 |
Level 4 |
Level 5 |
Current Level |
| GOVERN |
No governance |
Informal governance |
AI Risk Committee; documented policy; RACI |
GOVERN actions 1.1–6.2 fully implemented |
Governance continuously improved; AI risk culture embedded |
Level 3 |
| MAP |
No risk identification |
Ad-hoc risk identification |
Systematic MAP for all high-risk AI; Risk Profiles documented |
MAP integrated into AI project intake for all systems |
Real-time risk identification via automated context monitoring |
Level 3 |
| MEASURE |
Performance metrics only |
Partial trustworthiness metrics |
All RMF trustworthiness characteristics measured |
Continuous automated measurement; risk scoring |
Predictive risk scoring; early warning system |
Level 3 |
| MANAGE |
Reactive incident response |
Informal treatment plans |
Risk Treatment Plans for all risks above appetite; residual risk formally accepted |
Treatment effectiveness measured; feedback loop operational |
AI risk management continuously optimised via RMF profile |
Level 3 |
18. Revision History
| Version |
Date |
Author |
Changes |
| 1.0 |
2025-03-15 |
EAAPL Working Group |
Initial draft aligned to NIST AI RMF 1.0 (January 2023) |
| 1.1 |
2025-09-01 |
EAAPL Working Group |
Added EO 14110 regulatory alignment; expanded MEASURE components |
| 1.2 |
2026-06-12 |
EAAPL Working Group |
Added cascading failure scenario; updated reference implementations; aligned with NIST AI RMF Playbook v1.0 guidance |