The NIST AI Risk Management Framework (AI RMF) is a voluntary framework published by the United States’ National Institute of Standards and Technology to help organisations manage risks associated with artificial intelligence. In 2024 NIST added a companion Generative AI Profile, catalogued as NIST AI 600-1, tailoring the framework to generative systems. This article explains what they are and how organisations use them. It is informational and not legal advice.
What the AI RMF is
Released in its first version in January 2023, the AI RMF is a non-binding, sector-agnostic resource. Rather than prescribing controls, it offers a structured way to think about trustworthy AI. NIST describes characteristics of trustworthy AI systems — including that they should be valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful bias managed. The framework’s authoritative materials are published on nist.gov. For a fuller treatment see our pillar page on the NIST AI RMF.
The four core functions
The heart of the framework is its Core, organised into four functions that operate continuously rather than as a one-off checklist:
- Govern — cultivating a culture of risk management, with policies, roles and accountability that cut across the other functions.
- Map — establishing context and identifying risks associated with an AI system and its intended use.
- Measure — analysing, assessing and tracking identified risks using quantitative and qualitative methods.
- Manage — prioritising and acting on risks, allocating resources and monitoring over time.
These functions are intended to be revisited iteratively across an AI system’s lifecycle.
The Generative AI Profile (AI 600-1)
The Generative AI Profile responds to risks that are distinctive to, or amplified by, generative models. It identifies a set of risk areas — for example, the potential for systems to produce false or misleading content commonly described as confabulation, the lowering of barriers to certain harmful information, data-privacy concerns, intellectual-property issues, and risks relating to harmful or biased outputs. Crucially, AI 600-1 is structured as a profile: it maps suggested actions back to the Govern, Map, Measure and Manage functions, so organisations already using the AI RMF can extend their existing practice rather than adopt a separate scheme. Questions of disclosing AI-generated content connect to our wider coverage of generative-AI disclosure.
How organisations actually use it
Because the framework is voluntary, adoption patterns vary. Common uses include structuring an internal AI governance programme around the four functions, using the trustworthiness characteristics as a vocabulary for cross-functional discussion, and using the Generative AI Profile’s action items as a starting catalogue when assessing a new generative deployment. Some organisations also use the framework as a communication tool, mapping their existing controls onto its functions to explain their governance to boards, customers or partners in a recognised vocabulary. Others treat it as a maturity guide, revisiting the Measure and Manage functions periodically as systems and risks evolve. Organisations frequently pair the AI RMF with a certifiable management-system standard such as ISO/IEC 42001: the framework provides risk-management substance while the standard provides an auditable management structure.
Voluntary, not regulatory
An important distinction is that the AI RMF does not impose legal obligations. It does not certify products, and using it does not by itself demonstrate compliance with any law. That said, it is widely referenced. Some organisations align with it to support their own assurance narratives, and it is frequently cited as a touchstone in policy discussions about responsible AI in the United States. Where binding rules apply — such as the EU AI Act for systems used in the Union — the framework can inform practice but does not replace legal requirements.
The Profile structure and why it matters
NIST’s choice to publish AI 600-1 as a profile rather than a separate framework is a deliberate design decision with practical consequences. A profile, in NIST’s terminology, is an implementation of the framework tailored to a particular context — here, generative AI. Because each suggested action in the Generative AI Profile is tied back to one of the four core functions, an organisation does not have to reconcile two competing schemes. Instead it extends the practices it already runs, adding generative-specific considerations to its existing Govern, Map, Measure and Manage activities. This continuity lowers the adoption cost for organisations that had already begun using the AI RMF before generative systems became central to their work.
The companion playbook and resources
The AI RMF is accompanied by supporting resources, including a companion playbook that offers suggested actions, references and documentation prompts mapped to the framework’s subcategories. These resources are intended to be used selectively rather than wholesale: an organisation chooses the elements relevant to its context and maturity. NIST has also supported a community around the framework, reflecting its intention that the resource evolve with practice rather than remain a static document. This living-resource posture distinguishes it from a fixed compliance checklist.
Terminology and accessibility
NIST deliberately wrote the framework to be usable across sectors and organisation sizes, including those without dedicated AI-risk teams. Terms such as risk mapping, model lifecycle and trustworthiness characteristics recur throughout; readers new to them may find plain-language entries in our dictionary helpful when working through the documentation.
In summary
The NIST AI RMF offers a voluntary, function-based approach to managing AI risk, and the Generative AI Profile (AI 600-1) extends it to the specific risks of generative systems. Neither is a law or a certification, but both are widely used to structure governance and to provide shared vocabulary. The authoritative documents remain those published by NIST; this article is a neutral summary rather than advice.