NIST AI RMF: plain-English guides for the people who operate it.
The NIST AI Risk Management Framework, explained. The NIST AI RMF is a voluntary framework, published by the US National Institute of Standards and Technology, that helps organisations identify and manage the risks of artificial intelligence. It is not a law and there are no penalties for ignoring it. Instead it offers a structured, widely respected method for building and using AI responsibly, organised around four core functions: Govern, Map, Measure, and Manage. It is used by AI builders who want disciplined risk thinking, by deployers managing the risk they inherit from third-party tools, and by vendors answering the NIST-alignment questions that increasingly appear in US procurement and security reviews. It is also a natural operating method for organisations subject to binding laws such as the EU AI Act, because the work it asks you to do, governance, context-mapping, measurement, and active management, is the same work those laws expect. These guides are written for the people who have to put the framework to work, not for the people who debate it. Each one leads with the answer, explains what it means in practice, and points to the official NIST sources so you can cross-check. They are kept current as the framework, the Playbook, and the surrounding regulatory landscape evolve, and they are designed to sit alongside our EU AI Act, GDPR, and ISO 42001 hubs, so a team can govern its AI once and answer the questions buyers and regulators ask on either side of the Atlantic.
What to read first.
See where you stand on NIST AI RMF, free.
Answer a few questions and get an indicative view of what NIST AI RMF expects of your AI systems and where you stand today — no sign-up to see your result.