AI Risk Assessment: What the NIST AI RMF and EU AI Act Require
A practical breakdown of AI risk assessment under the NIST AI Risk Management Framework and EU AI Act — what organizations must evaluate, how to structure the process, and what a GRC team should do this quarter.
An ai risk assessment is no longer an optional governance exercise. Two regulatory frameworks now set explicit expectations — the NIST AI Risk Management Framework in the United States and Article 9 of the EU AI Act in Europe — and organizations deploying AI in employment, credit, healthcare, or critical infrastructure are already in scope. What follows is a practitioner-level breakdown of what each framework requires, how they differ, and what a concrete assessment process looks like.
What the Frameworks Require
NIST AI RMF
The NIST AI Risk Management Framework 1.0 ↗, published in January 2023, organizes AI risk management into four functions: GOVERN, MAP, MEASURE, and MANAGE. These are not sequential steps; NIST is explicit that they operate in parallel throughout the AI lifecycle.
- GOVERN establishes accountability structures: who owns AI risk, what the organization’s risk tolerance is, how oversight flows from the board to the product team.
- MAP identifies the operational context of each AI system — its purpose, its intended users, the populations it affects, and the failure modes that could cause harm.
- MEASURE defines how risks are quantified and evaluated, including bias metrics, accuracy degradation thresholds, and security exposure.
- MANAGE covers response: prioritizing identified risks, allocating resources to address them, and maintaining recovery plans.
Risk assessment sits primarily within the MAP and MEASURE functions. MAP asks teams to characterize what could go wrong; MEASURE asks them to quantify how likely and severe that harm would be. The framework does not prescribe specific metrics or pass/fail thresholds — those are left to organizations to define based on their context.
In July 2024, NIST released NIST.AI.600-1 ↗, a generative AI profile that extends the RMF to LLM-specific risks: data poisoning, model inversion, hallucination at scale, and agentic system failures. Teams deploying generative AI should treat this profile as a required supplement, not an optional one.
EU AI Act Article 9
The EU AI Act takes a narrower but more legally binding approach. Article 9 ↗ mandates that providers of high-risk AI systems maintain a continuous risk management system throughout the system’s lifecycle. Key obligations:
- Identify and analyze “known and reasonably foreseeable risks” to health, safety, or fundamental rights, covering both intended use and foreseeable misuse.
- Estimate and evaluate those risks after incorporating post-market monitoring data.
- Eliminate or reduce risks through design where technically feasible; implement mitigation controls for residual risks.
- Test systems against defined metrics and thresholds before market placement, and again prior to any significant modification.
The Act defines high-risk systems specifically — AI used in biometric identification, credit scoring, employment decisions, educational assessment, law enforcement, and critical infrastructure, among others. Providers who believe their system is not high-risk must document that assessment before deployment and register the determination.
Prohibited practices (unacceptable risk) entered application in February 2025. Full compliance for high-risk systems in most sectors is required by August 2026, with biometrics, law enforcement, and border control requirements deferred to December 2027.
Structuring a Practical AI Risk Assessment
Both frameworks converge on a common workflow. The specific documentation and thresholds differ, but the analytical logic is the same.
Step 1 — System inventory and scoping. List every AI system in production and development. For each, determine whether it falls under EU AI Act Annex III (high-risk categories) or involves decisions that affect legally protected attributes like race, sex, or national origin. This scoping determines which assessments are required and at what rigor.
Step 2 — Risk identification. For each in-scope system, document the failure modes. These break into three clusters:
- Performance risks: the model is inaccurate, biased, or degrades in deployment.
- Security risks: the model is vulnerable to adversarial inputs, data poisoning, or model extraction. For a deeper catalog of ML-specific attack surfaces, adversarialml.dev ↗ tracks current research on evasion, poisoning, and extraction attacks.
- Systemic risks: the model produces harms at scale — discriminatory outcomes, privacy violations, feedback loops that amplify error.
Step 3 — Risk evaluation. Assign likelihood and severity to each identified risk. NIST encourages using multiple evaluation methods — quantitative metrics where data supports it, structured expert review where it does not. For fairness evaluation, document the demographic groups at risk and the specific performance gap being measured.
Step 4 — Mitigation and residual risk acceptance. Document the controls applied to each identified risk. Under Article 9, eliminating risk through design is preferred over layering controls on top of a risky design. Residual risks — those that controls reduce but do not eliminate — must be accepted by an accountable owner. Note them explicitly; do not let them disappear from the record.
Step 5 — Continuous monitoring and update. Risk assessments are not point-in-time documents. Both frameworks require updates when the model changes, when deployment context shifts, or when post-market monitoring surfaces new failure modes. sentryml.com ↗ covers drift detection and production monitoring approaches that feed directly into this update cycle.
The Risk Triage Problem
One underappreciated challenge in AI risk assessment is scope creep. Organizations with dozens of deployed models cannot apply Article 9-level rigor to every system. MIT Sloan’s framework for AI risk offers a useful triage heuristic: sort use cases into red (prohibit), yellow (high-risk, apply controls), and green (low-risk, standard governance). The full framework ↗ identifies roughly 140 use cases that fall into the high-risk yellow category — a useful reference for teams building their initial inventory.
The practical implication: apply deep assessment to systems that make consequential decisions about individuals, and apply lighter-touch reviews to internal-facing or low-stakes tools. The EU AI Act’s tiered structure formalizes this logic; the NIST RMF leaves it to organizational discretion.
For teams that want to track where assessed AI systems have caused actual harm — and calibrate their risk estimates accordingly — aiincidents.org ↗ maintains a database of documented AI failures across sectors.
What to Do This Quarter
If you are a provider of AI systems in the EU: Confirm whether your systems qualify as high-risk under Annex III. If they do, you need a documented risk management system that satisfies Article 9 before August 2026. If they do not, you need a written determination on file. Neither outcome is optional.
If you are a US organization using AI in consequential decisions: The NIST AI RMF is voluntary at the federal level, but OMB M-24-10 made it mandatory for federal agencies. State AI legislation in Colorado, California, and New York is moving toward comparable requirements for private sector deployers. Building an RMF-aligned program now reduces the cost of compliance as those rules finalize.
For both: Assign ownership. The most common failure mode in AI risk assessment is a completed document with no accountable owner and no update schedule. The frameworks require continuous processes; a one-time audit is not sufficient.
Sources
-
NIST AI Risk Management Framework 1.0 ↗ — The primary US federal framework for AI risk management. Published January 2023 by the National Institute of Standards and Technology. Voluntary for most private-sector organizations; mandatory for federal agencies under OMB M-24-10.
-
EU AI Act Article 9: Risk Management System ↗ — The statutory risk management requirement for providers of high-risk AI systems under Regulation (EU) 2024/1689. Enforceable from August 2026 for most high-risk categories.
-
MIT Sloan: A Framework for Assessing AI Risk ↗ — A practitioner-oriented triage framework using red/yellow/green categorization for AI use cases, developed by MIT Sloan Management Review contributors.
-
NIST Generative AI Profile (NIST.AI.600-1) ↗ — NIST’s July 2024 extension of the AI RMF to generative AI and LLM-specific risks. Essential supplement for teams deploying foundation models or agentic systems.
Sources
NeuralWatch — in your inbox
AI policy and ethics watchdog — regulation, accountability, governance. — delivered when there's something worth your inbox.
No spam. Unsubscribe anytime.
Related
AI Governance: What It Is, What It Requires, and How to Build It
AI governance defines the policies, controls, and oversight structures that determine how AI systems are approved, deployed, and monitored. Here is what the term actually means operationally — and what regulators now require.
NIST AI RMF: What It Is, What It Requires, and How to Use It
The NIST AI Risk Management Framework (AI RMF 1.0) is the U.S. benchmark for trustworthy AI. This guide covers all four core functions, the GenAI profile, and practical steps for GRC teams implementing it in 2026.
AI Compliance: What the Frameworks Require and How to Build It
AI compliance now means enforceable obligations under the EU AI Act, FTC enforcement authority, and the NIST AI RMF as a U.S. baseline. Here is what each demands and how to operationalize them.