Skip to main content
v2026.1714 entries · CC-BY 4.0
CiteLicenceEN-GB
CASRAI

AI governance · 19 pages

AI governance & standards

Answer-first explainers for the frameworks and standards that govern AI — NIST AI RMF, ISO/IEC 42001, AI audit, risk management and responsible-AI practice — written as a neutral standards reference, not legal advice.

Browse the topic

All 19 ai governance & standards pages

Definition

AI governance

AI governance is the frameworks, policies, roles and processes by which an organisation directs and controls the development and use of artificial intelligence so that it is safe, ethical, lawful and accountable. It operationalises principles such as fairness, transparency and human oversight into concrete controls, assigning responsibility for AI risk across the system lifecycle. Recognised reference points include the NIST AI Risk Management Framework, ISO/IEC 42001 and the OECD AI Principles.

Definition

AI governance framework

An AI governance framework is a structured set of principles, controls and processes that an organisation uses to manage AI risks consistently across the AI lifecycle. Established examples include the NIST AI Risk Management Framework, ISO/IEC 42001 and the OECD AI Principles. A framework gives common vocabulary, defined functions or clauses, and repeatable steps so that risk assessment, documentation and oversight are applied the same way to every AI system rather than improvised case by case.

Definition

NIST AI RMF

The NIST AI RMF is the US National Institute of Standards and Technology’s AI Risk Management Framework 1.0, released in January 2023. It is voluntary and organised around four functions — Govern, Map, Measure and Manage — that help organisations identify, assess and address risks to individuals, organisations and society across the AI lifecycle. A companion Generative AI Profile (NIST AI 600-1, 2024) extends the framework to generative AI risks. It is descriptive guidance, not a certifiable standard.

Definition

ISO/IEC 42001

ISO/IEC 42001 is the international standard, published in December 2023, that specifies requirements for establishing, implementing, maintaining and continually improving an artificial intelligence management system (AIMS) within an organisation. It is a certifiable, risk-based management-system standard following the Plan-Do-Check-Act cycle, much as ISO 9001 does for quality. Organisations can be independently audited and certified against it, demonstrating a systematic approach to responsible AI development and use.

Definition

AI audit

An AI audit is an independent, structured assessment of an AI system against defined criteria — typically covering bias and fairness, performance and reliability, governance and documentation, and alignment with applicable regulation or standards. It produces evidence of how a system behaves and how it is controlled, supporting accountability to leadership, customers and regulators. Audits may be internal or third-party, conducted before deployment or periodically, and can target the model, the data, or the management system around it.

Definition

AI compliance

AI compliance is the practice of aligning AI systems and the processes that surround them with applicable laws, regulations and recognised standards, such as the EU AI Act, the NIST AI Risk Management Framework and ISO/IEC 42001. It involves identifying which obligations apply, mapping them to controls, and producing evidence that those controls are in place. Compliance is one outcome of AI governance: governance builds the operating model, while compliance demonstrates that it meets external requirements.

Definition

AI bias

AI bias is a systematic and unfair skew in an AI system’s outputs that arises from biased data, model design choices or the way a system is deployed. It can cause one group to be advantaged or disadvantaged relative to others in ways that are not justified. Recognised categories include data and sampling bias, algorithmic bias, human or label bias, and deployment bias. Mitigation spans the lifecycle — from representative data and careful design to testing and ongoing monitoring.

Definition

AI risk management

AI risk management is the systematic process of identifying, assessing and mitigating risks that AI systems pose to individuals, organisations and society across the AI lifecycle. It covers risks such as bias, security weaknesses, unsafe automation, privacy harm and unreliable performance. The NIST AI Risk Management Framework structures this work through its Map, Measure and Manage functions, set within an overarching Govern function. The aim is to make AI risks visible, prioritised and treated, not eliminated, since risk cannot be reduced to zero.

Definition

AI red teaming

AI red teaming is structured adversarial testing in which people deliberately probe an AI system to find flaws, harmful behaviours and vulnerabilities before they cause real-world damage. Adapted from cybersecurity, it is especially associated with generative AI, where testers attempt to elicit unsafe, biased or policy-violating outputs and to bypass safeguards. Red teaming is increasingly expected within AI governance, referenced by the NIST Generative AI Profile and emerging regulation, as evidence that a system has been stress-tested against misuse.

Definition

AI ethics

AI ethics is the field and set of principles concerned with the responsible design, development and use of artificial intelligence. Core principles commonly include fairness, accountability, transparency, privacy, safety and human oversight, with respect for human rights and human dignity at their foundation. Influential statements include the OECD AI Principles and the UNESCO Recommendation on the Ethics of AI (2021). AI ethics supplies the values that governance frameworks then translate into concrete, enforceable controls.

Definition

Responsible AI

Responsible AI is the practice of designing, building and deploying artificial intelligence in a way that is ethical, transparent and accountable. It is the operational umbrella that turns ethical principles into everyday engineering and organisational behaviour, drawing on fairness, safety, privacy, explainability and human oversight. Whereas AI ethics supplies the principles and AI governance supplies the formal machinery, responsible AI describes the resulting practice — how teams actually develop and run AI systems so that good intentions become consistent, demonstrable outcomes.

Definition

AI governance tools

AI governance tools are software platforms and components that help organisations operationalise AI governance at scale. Typical capabilities include maintaining a model inventory, conducting and recording risk and impact assessments, generating documentation such as model cards and datasheets, monitoring models in production for drift and bias, and supporting audit and reporting. They turn governance policy into trackable, evidenced workflows. The category is broad and fast-moving; tools support governance but do not replace the frameworks, roles and judgement that direct it.

Comparison

NIST AI RMF vs ISO/IEC 42001

The difference is one of type and level. The NIST AI RMF is a voluntary, non-certifiable US framework structured around four functions (Govern, Map, Measure, Manage) that guides how an organisation manages AI risk. ISO/IEC 42001 is a certifiable international standard specifying requirements for an AI management system (AIMS) following the Plan-Do-Check-Act cycle. The RMF describes good risk practice; ISO/IEC 42001 lets an organisation be audited and certified. They are complementary — the RMF’s functions can populate practice inside a certified AIMS.

Definition

AI transparency

AI transparency is the meaningful disclosure of how an AI system works, what data and methods it uses, and its limitations, so that affected people, users and overseers can understand and scrutinise it. It spans informing people they are interacting with AI, documenting a system’s purpose and performance, and being open about known weaknesses. Transparency is a core trustworthiness characteristic in the NIST AI RMF and a recurring duty in AI regulation, and it underpins accountability and informed oversight.

Definition

AI accountability

AI accountability is clear, demonstrable responsibility and answerability for the outcomes of an AI system, located with identifiable people and organisations rather than diffused or attributed to the technology itself. It is realised through defined governance roles, audit trails, documentation and oversight that show who decided, who acted, and how harms are remediated. Accountability is a core trustworthiness characteristic in the NIST AI RMF and a foundational principle in the OECD AI Principles, and it depends on transparency to be exercisable.

Definition

Algorithmic impact assessment

An algorithmic impact assessment (AIA) is a structured evaluation of the potential risks and impacts of an automated decision system, conducted before deployment to determine the level of oversight, mitigation and review it requires. It typically scores factors such as the system’s reach, the reversibility and severity of its decisions, and the sensitivity of its data. The best-known example is the Government of Canada’s mandatory AIA for federal automated decision-making, and the model has influenced public-sector AI governance internationally.

Definition

Model card

A model card is a short, standardised document that describes a machine learning model’s intended use, its performance across different conditions and groups, its limitations, and relevant ethical considerations. Proposed by Mitchell and colleagues in 2019, model cards accompany a model so that developers, deployers and reviewers can judge whether it is appropriate for a given context. They are a practical transparency and documentation artefact, widely used to support responsible AI, audit and the disclosure expectations of governance frameworks.

Definition

Human in the loop

Human in the loop (HITL) is a design in which a person reviews, approves or can override an AI system’s decisions, so that meaningful human judgement remains part of the process. It contrasts with human-on-the-loop, where a person supervises and can intervene in an otherwise automated system, and human-out-of-the-loop, where the system acts autonomously. HITL is a key mechanism for human oversight, a principle embedded in AI ethics and required by regulation for many high-impact or high-risk uses.

Definition

AI explainability

AI explainability, often abbreviated XAI, is the degree to which an AI system’s outputs and behaviour can be understood and explained in human terms, including why a particular decision or prediction was produced. It is closely related to interpretability — how far the internal workings of a model can be understood directly — but focuses on producing meaningful, audience-appropriate explanations of outputs. Explainability is a recognised trustworthiness characteristic in the NIST AI RMF and underpins meaningful human oversight, contestability and trust.

Referenced across the research world

University of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logoUniversity of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logo
  • University of Cambridge logo
  • Columbia University logo
  • University of Edinburgh logo
  • Harvard University logo
  • University of Oxford logo
  • Princeton University logo
  • Stanford School of Medicine logo
  • University College London logo
  • ORCID logo
  • Crossref logo

View CASRAI adoption →