Organizations racing to embed AI into business operations are realizing that the risk management frameworks they’ve relied on for decades aren’t built for the behaviors, failure modes, and ethical complexities AI systems introduce.

Fortunately, a new generation of AI-specific frameworks has emerged to give organizations a structured way to identify where AI can go wrong, what controls to put in place, and how to demonstrate responsible AI use to regulators, customers, and investors. Not all of these emerging frameworks address the same problem. Some focus on governance and organizational accountability, others on technical security controls, threat modeling, or regulatory compliance. Choosing the right one for your organization depends on where your most pressing gaps reside.

The frameworks are complementary, not competing, because they have different intents, priorities, and objectives, says Nicole Carignan, CISO at Darktrace.

“There is overlap across these frameworks, but that overlap is helpful,” Carignan points out. “It reinforces the core practices organizations need to get right: governance, data integrity, security, accountability, oversight, testing, and continuous improvement.”

Here are five frameworks worth considering for your AI risk management needs.

ISO/IEC 42001 Artificial Intelligence Management System

ISO/IEC 42001:2023 is the first internationally recognized formal standard for AI management. Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in December 2023, ISO/IEC 42001 follows a similar structure to management system standards such as ISO 27001. The framework gives organizations a structured methodology for establishing policies, processes, operational controls, and accountability mechanisms to ensure responsible development and use of AI.

ISO/IEC 42001 requires companies to document how they design, monitor, validate, and control AI systems, while also requiring them to conduct AI impact assessments to evaluate potential legal, ethical, and societal impacts. The standard covers governance structures, third-party supplier oversight, data management, transparency obligations, and lifecycle management.

ISO/IEC 42001 is a voluntary but certifiable standard that applies across sectors and organization sizes. A growing number of organizations have begun using it to demonstrate adherence to responsible AI practice and alignment with regulations such as the EU AI Act. The ISO/IEC have described the framework as helping organizations align their AI practices with legal and regulatory requirements; demonstrate responsible AI governance; manage risks tied to bias, safety, and security; and enhance stakeholder trust.

ISO 42001 is a great option for organizations just getting started with AI risk management, says Nicole Carignan, senior vice president for security and AI strategy and field CISO at Darktrace.

“It provides the strongest foundation for building an AI risk management program, rather than addressing individual AI risks in isolation,” she explains. “From a program-building standpoint, ISO 42001 is the right place to start because it forces organizations to think holistically about ownership, governance, oversight, data integrity, security risk mitigation, accountability, and continuous improvement.”

One downside Carignan is that the framework is resource-intensive to implement, and the full standard is not publicly available. Both challenges can be formidable for organizations that are very early in their AI governance journey, she says.

NIST AI Risk Management Framework (AI RMF)

Released by the US National Institute of Standards and Technology (NIST) in January 2023, the AI Risk Management Framework (AI RMF) is a voluntary framework designed to help organizations of all sizes and across all sectors identify, assess, and manage risks associated with AI systems across their entire lifecycle.

The framework consists of two parts. The first offers guidance on how organizations should think about AI risks and the characteristics of trustworthy AI systems, such as validity, safety, security, transparency, explainability, privacy, and fairness. The second part is structured around four interconnected functions:

• Govern focuses on what organizations need to do to build internal culture, policies, and accountability structures for AI use.
• Map involves understanding the broader context and potential risks of specific AI systems.
• Measure focuses on how organizations must evaluate and track those risks using both qualitative and quantitative methods.
• Manage provides guidance on risk prioritization and appropriate responses such as mitigation, transfer, or acceptance.

NIST AI RMF includes a separate Playbook that provides practical implementation steps to help organizations implement each of these functions effectively.

For organizations that are not ready to pursue ISO 42001 formally, the NIST AI RMF can serve as a more flexible and accessible starting point, Carignan says.

“It is public and gives organizations a common language for understanding and mitigating AI risk,” she adds. “But if the goal is to build a durable AI risk program, ISO 42001 is the strongest foundation.”

Ram Varadarajan, CEO at Acalvio recommends NIST AI RMF as a good place for organization to get started on AI risk governance, “because it’s built around maturity rather than pass/fail audits.” Its gives organizations starting from zero an opportunity to discover where they stand rather than immediately handing out a failing grade.

“More importantly, it forces the three conversations that have to happen first: who owns AI risk, what AI is actually running, and who gets hurt if something goes wrong,” Vardarajan says.

While researchers at Forrester described NIST AI RMF as a step in the right direction soon after its launch, they also expressed concern over conflicts of interest among the multiple stakeholders that helped draft the framework, the absence of an explicit role for data governance, and the fact that the framework was “still descriptive and not prescriptive.”

As a result, “Chief data officers and heads of data science need to navigate this framework wisely to interpret and apply it to their AI governance efforts,” the analyst firm advised.

ENISA Framework for AI Cybersecurity Practices

ENISA, the European Union Agency for Cybersecurity, developed its Framework for AI Cybersecurity Practices (FAICP) in anticipation of the EU AI Act. Published in June 2023, the framework gives EU organizations structured, AI-specific cybersecurity guidance for enhancing the trustworthiness of their AI activities.

FAICP is organized around three progressive layers. The first covers foundational information and communications technology cybersecurity practices that AI systems inherit by running on standard software infrastructure. The second addresses AI-specific risks, including adversarial attacks, model tampering, data pipeline integrity, and supply chain security. The third provides sector-specific guidance for regulated industries such as energy, healthcare, and telecommunications.

According to the European Parliament, FAICP’s layered nature provides organizations with “a gradual approach” to enhancing the trustworthiness of their AI activities.

FAICP is voluntary, but its close alignment with the EU AI Act and the NIS2 Directive, which is the EU’s primary cybersecurity law, means that EU regulators consider the framework as a baseline for AI governance practices at all organizations doing business within the EU.

FAICP is important because “Europe’s AI Act will likely become the global reference point, the same way Europe’s data privacy law became the de facto standard for companies worldwide regardless of where they’re headquartered,” Vardarajan predicts.

“Within two to three years, expect two frameworks to dominate: the EU AI Act setting the legal floor, and NIST AI RMF providing the operational playbook for meeting it,” Vardarajan says.

ISO/IEC 23894:2023 Information Technology — Artificial Intelligence — Guidance on Risk Management

The ISO/IEC 23894:2923 framework provides organizations with specific guidance on managing risks associated with artificial intelligence. Released jointly by ISO and IEC in February 2023, the framework builds on and adapts the ISO 31000 general risk management standard to address AI-specific risks such as those tied to algorithmic bias, model drift, unpredictable behavior, and lack of transparency in decision-making. It provides organizations a way to evaluate the likelihood and potential consequences of these risks throughout the full AI system lifecycle.

The ISO has described the standard as a “companion to ISO 31000 (Risk Management) and ISO/IEC 42001 (AI Management Systems).” The main difference between ISO/IEC 42001 and ISO/IEC 23894 is that the former is a certifiable management system. It provides organizations with the full requirements for establishing, implementing, and maintaining an AI management system. ISO/IEC 23894:2023 on the other hand is a guidance-only standard focused on how to identify, assess, and manage AI-specific risks.

“Notably, ISO/IEC 23894 offers concrete examples of effective risk management implementation and integration throughout the AI development lifecycle and provides detailed information on AI-specific risk sources,” according to UK-backed AI Standards Hub. “A key benefit of this standard is that application of the guidance can be customized to any organization and its business context.”

Google Secure AI Framework (SAIF)

Google Secure AI Framework (SAIF) is Google’s practical guide for helping organizations develop and run AI systems with strong built-in protections against digital threats. Launched in 2023, it focuses on weaving security and privacy considerations directly into every stage of an AI project’s life cycle, from design through deployment and ongoing operation.

Its main goal is to tackle the unique vulnerabilities that come with AI technologies such as attacks that tamper with training data, trick models through engineered prompts, or steal sensitive information. SAIF draws on Google’s own experiences developing and deploying large scale AI systems and therefore is more engineering-heavy than other frameworks. SAIF is largely focused on helping organizations make their AI systems more resistant to cyberattacks and cyber adversaries and covers areas like data handling, underlying infrastructure, the AI models themselves, user-facing applications and verification processes. It offers organizations practical guidance on implementation controls, shared responsibility, and defending against technical attacks.

Technology consultancy Thoughtworks has assessed SAIF as a framework that helps organizations systematically address “common threats such as data poisoning and prompt injection through a clear risk map, component analysis, and practical mitigation strategies.” According to the firm, SAIF’s “focus on the evolving risks of building agentic systems especially timely and valuable. SAIF offers a concise, actionable playbook that teams can use to strengthen security practices for LLM usage and AI-driven applications.”

David Brumley, chief AI and science officer at Bugcrowd, says that for organizations that want to adopt a framework, the question is not really “which AI risk framework is best?” but “which framework helps [the] organization safely build, deploy, and learn from AI in the real world?”

While most of the currently available AI risk frameworks have their use, most are still focused on preventing bad outcomes rather than helping organizations pave safe roads for a technology that is already inevitable.

“That distinction matters,” Brumley says. “AI adoption is not waiting for perfect governance, and those who focus on a [risk management framework] could inadvertently create a shadow AI problem in their organization.”