Two of the most-referenced AI governance frameworks — one is a voluntary US framework, the other an international standard that can be certified. Most mature programs use both.
Last updated April 21, 2026 · Every fact traceable to a public source
NIST AI RMF 1.0 (January 2023) is a voluntary framework from the US National Institute of Standards and Technology, organized around four functions: Govern, Map, Measure, Manage. ISO/IEC 42001:2023 is a formal international management-system standard. They overlap substantially in intent but differ in structure, scope, and whether certification is possible.
Largely yes. The NIST AI RMF Playbook explicitly maps many of its actions to ISO/IEC 42001 controls. A single governance program with AI policy, risk assessments, impact assessments, and ongoing monitoring will satisfy most core requirements of both. The main extra work for ISO 42001 is formal documentation that meets the management-system structure expected by certification auditors.
If you need external attestation (for customers, regulators, or procurement), prioritize ISO/IEC 42001 — it is certifiable. If you want a practical internal framework with concrete action items and no certification overhead, start with NIST AI RMF. Many organizations run AI RMF internally and pursue ISO 42001 when they need a certificate.
Neither is a legal substitute for the EU AI Act. Both can significantly help demonstrate conformity with the Act's risk-management, governance, and transparency obligations — especially for high-risk systems. The Act also references forthcoming harmonized standards; ISO/IEC 42001 is widely expected to be referenced or aligned with some of them.
Yes. The framework, the companion Generative AI Profile (July 2024), and the Playbook are all free downloads from nist.gov. ISO/IEC 42001 is a paid standard (individual license, a few hundred Swiss francs).
This FAQ is editorial. No vendor can pay to be included, highlighted, or ranked in answers. Paid listing tiers affect profile depth only — never rankings or commentary. Read our methodology for details.