Hael
Sign inRequest a demo
NIST AI RMF · Introduction

What is the NIST AI Risk Management Framework?

Updated 30 June 2026 · 6 min read
Key takeaway
The NIST AI Risk Management Framework (AI RMF) is a voluntary framework, published by the US National Institute of Standards and Technology, that helps organisations identify and manage the risks of artificial intelligence. It is not a law and carries no penalties. Instead, it offers a structured, widely respected method for building and using AI responsibly, organised around four core functions: Govern, Map, Measure, and Manage.
  • The NIST AI RMF is a voluntary US framework for managing AI risk, with no penalties.
  • It is built around four functions: Govern, Map, Measure, and Manage.
  • It frames good practice around characteristics of trustworthy AI.
  • It pairs well with binding laws like the EU AI Act, serving as the method that helps you meet them.
  • Current as of June 2026. This is general information, not legal advice.

Where it came from and why

NIST released version 1.0 of the AI RMF in January 2023, developed openly with industry, academia, and government. The goal was to give organisations a common, practical way to address AI risk and to promote trustworthy AI, without prescribing a rigid checklist. Because NIST frameworks are well regarded and vendor-neutral, the AI RMF has become a reference point for AI risk management well beyond the United States.

The four functions

The framework is built around four functions that work together:

  • Govern: Establish the culture, policies, roles, and accountability for managing AI risk across the organisation. Govern runs through the other three functions.
  • Map: Understand the context, identify the AI system's purpose and the risks it could create, given how and where it is used.
  • Measure: Assess, analyse, and track the identified risks using appropriate methods and metrics.
  • Manage: Prioritise and act on the risks, allocating resources to treat, monitor, and respond to them over time.

What "trustworthy AI" means here

The AI RMF frames good AI risk management around characteristics of trustworthy AI, including that systems should be valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful bias managed. These characteristics give organisations a vocabulary for what they are trying to achieve.

Who uses it and why

The framework is used by organisations that build or deploy AI and want a credible, structured way to manage the associated risk. Because it is voluntary and flexible, it suits organisations of different sizes and sectors. It is also increasingly referenced in procurement: US enterprise buyers ask vendors whether they align with the NIST AI RMF, which makes familiarity with it useful even for organisations that adopt it mainly to answer customers.

How it relates to laws like the EU AI Act

The AI RMF is a method, not a mandate. It pairs naturally with binding regulations such as the EU AI Act: an organisation can use the NIST functions as the operating engine that produces the risk management and documentation a law requires. Adopting NIST does not, on its own, make you compliant with any law, but it gives you a strong foundation for meeting one.

Key terms

NIST AI RMF
The US National Institute of Standards and Technology AI Risk Management Framework, a voluntary guide to managing AI risk.
Govern, Map, Measure, Manage
The four functions of the NIST AI RMF that structure how organisations manage AI risk.
Voluntary framework
Guidance an organisation chooses to adopt; not legally binding and not enforced by penalties.
Trustworthy AI
AI that is valid, reliable, safe, secure, accountable, transparent, explainable, privacy-enhanced, and fair.

References

Related guides

Keep reading on NIST AI RMF.

Free check

See where you stand on NIST AI RMF, free.

Answer a few questions and get an indicative view of what NIST AI RMF expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
NIST AI RMF · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to NIST AI RMF~ 5 MIN