Regulatory Alert : The Nist Artificial Intelligence Risk Management Framework (AI RMF 1.0)

• Published date: 27 March 2024
• Subject Matter: Technology, New Technology
• Law Firm: Anggraeni and Partners
• Author: Ms Setyawati Fitrianggraeni, Sri Purnama and Jericho Xavier

BACKGROUND

On 26 January 2023, the United States National Institute of Standards and Technology (NIST)¹ released the AI Risk Management Framework (AI RMF 1.0).² The NIST AI RMF 1.0 provides a comprehensive framework for managing risks associated with AI technologies. It emphasises the need to balance harnessing AI's potential benefits and mitigating its inherent risks.

AI RMF 1.0 was created in response to a directive from Congress to develop a framework to manage AI risks and to promote trustworthy and responsible development of AI systems.³ AI RMF 1.0 as a framework⁴ could be a lex informatica⁵ and universally applicable digital international practices.⁶

KEY REQUIREMENTS

1. Risk Management: AI RMF 1.0 offers a structured approach to assessing, documenting, and managing AI-related risks and impacts.⁷
2. Trustworthiness: The framework identifies key characteristics of trustworthy AI, including validity, reliability, safety security, accountability, transparency, explainability, privacy and fairness.⁸
3. Core Functions: It delineates four core functions for risk management: Govern, Map, Measure, and Manage, each broken down into specific actions and outcomes.⁹
4. Audience and Engagement: The framework targets diverse AI actors across the AI lifecycle, encouraging inclusive and multidisciplinary perspectives.¹⁰

IMPLICATION

Organisations employing AI technologies must adopt a holistic risk management approach, addressing technical, societal, legal, and ethical standards. Implementing AI RMF 1.0 will involve significant organisational commitment, including adjustments in governance, transparency, and accountability practices.

CONSIDER

1. AI technologies' dynamic and evolving nature necessitates a flexible and continuous risk management approach.
2. Organisations should integrate the AI RMF into their broader enterprise risk management strategies, aligning AI risk management with organisational principles and policies.
3. Collaboration and engagement with various stakeholders including policymakers, AI developers, and civil society, are essential for effective implementation.

CONCLUSION

The NIST AI RMF 1.0 represents a critical step towards responsible AI usage, offering a structured approach to managing AI risks and enhancing trustworthiness. Its comprehensive and flexible nature allows organisations across various sectors to adapt and implement its guidelines, fostering a safer and more ethical AI ecosystem.

* Setyawati Fitrianggraeni holds the position of Managing...