NIST AI Risk Management Framework

The four NIST AI RMF functions

• GOVERN — establishes the organisational policies, accountability structures, and culture for responsible AI risk management
• MAP — identifies context, classifies AI risks, and maps potential harms to affected groups and systems
• MEASURE — analyses and quantifies AI risk using approved methods and produces decision-ready evidence
• MANAGE — applies risk treatments, monitors performance, and maintains ongoing oversight

Where deterministic governance fits

The NIST AI RMF recognises that AI systems with probabilistic outputs require deliberate controls to remain trustworthy. Glare•9 addresses the MANAGE and GOVERN layers directly — embedding policy enforcement, audit trails, and human oversight into the operational layer rather than treating governance as a post-deployment checklist.

• Policy-level guardrails map to GOVERN subcategories on AI risk policies and accountability
• Structured audit logs support MEASURE requirements for documentation and evidence generation
• Configurable override and escalation flows address MANAGE functions for risk response
• Traceable decision records reduce residual risk exposure across MEASURE and MAP functions

NIST AI RMF and regulatory alignment

The NIST AI RMF is referenced in legislative and procurement contexts globally, including alignment with EU AI Act obligations and ISO 42001 AI management system requirements. Organisations implementing the AI RMF gain reusable governance evidence that transfers across multiple compliance frameworks.

Related regulatory frameworks

EU AI Act Readiness | ISO 42001 AI Management System | NIS2 & Cyber Governance Readiness | View AI governance by industry