The NIST AI Risk Management Framework (AI RMF 1.0) provides a voluntary, rights-preserving, non-sector-specific, and use-case-agnostic approach to managing risks from AI. It is org
Last updated April 22, 2026 · Every fact traceable to a public source
The NIST AI Risk Management Framework (AI RMF 1.0) provides a voluntary, rights-preserving, non-sector-specific, and use-case-agnostic approach to managing risks from AI. It is organized around four core functions — Govern, Map, Measure, and Manage — and is widely adopted by US federal agencies and enterprises as the de facto governance baseline.
Key obligations include: Govern: establish a culture of risk management; Map: identify context and categorize AI risks; Measure: assess, analyze, and track risks; Manage: prioritize risks and act on them; Generative AI Profile (NIST AI 600-1) — July 2024.
NIST AI RMF is voluntary in US. Scope attaches based on jurisdiction and the role a company plays in the AI supply chain. See /frameworks/nist-ai-rmf for the full scope note and source links.
The primary enforcement date is 2023-01-26. Some provisions may phase in earlier or later — see the framework brief for the full timeline.
Maximum penalties: Voluntary framework; no statutory penalties. Enforcement is carried out by the designated authorities in the jurisdiction.
In our directory, the following vendors reference NIST AI RMF in their compliance coverage: Credo AI, Holistic AI, Fiddler AI, Arthur, Robust Intelligence, Monitaur, Trustible, FairNow, Fairly AI, Saidot, LatticeFlow AI, Lakera. Each profile links to the public source for the claim.
This FAQ is editorial. No vendor can pay to be included, highlighted, or ranked in answers. Paid listing tiers affect profile depth only — never rankings or commentary. Read our methodology for details.