EveryAILaw.com

NIST AI Risk Management Framework

Jurisdiction:
United States
 voluntary
Effective:
Jan 26, 2023
Authority:
National Institute of Standards and Technology
 Official text Verified Mar 25, 2026

Obligations Covered

Risk Assessment

Regulatory Crosswalk

Binding regulations that require the same obligations this standard addresses. Implementing this standard can help satisfy these regulatory requirements.

RegulationJurisdictionShared Obligations
Work Health and Safety Amendment (Digital Work Systems) Act 2026 New South Wales 1
Privacy Act 1988 — Automated Decision-Making Reforms Australia 1
Brazil AI Bill (PL 2338/2023) Brazil 1
California CCPA ADMT Regulations California 1
Provisions on the Management of Algorithmic Recommendations China 1
Interim Measures for Generative AI Services China 1
Framework Convention on AI, Human Rights, Democracy and Rule of Law (CETS 225) Council of Europe 1
Colorado Privacy Act Rules (4 CCR 904-3) Colorado 1
Colorado Protecting Consumers from Unfair Discrimination in Insurance Practices Colorado 1
EU AI Act European Union 1
Digital Operational Resilience Act (DORA) European Union 1
AI Promotion Act Japan 1
AI Basic Act South Korea 1
Law on Artificial Intelligence Kazakhstan 1
Artificial Intelligence Regulations 2025 Malta 1
New York RAISE Act New York 1
QCB Artificial Intelligence Guideline Qatar 1
Law for the Promotion of Artificial Intelligence and Technologies El Salvador 1
Artificial Intelligence Basic Act Taiwan 1
UK Online Safety Act 2023 United Kingdom 1
EO 14319 — Preventing Woke AI in the Federal Government United States 1
Executive Order on AI State Law Preemption United States 1
Law on Artificial Intelligence Vietnam 1

Provisions (1)

Risk Management Framework #

Obligation:
Risk Assessment
 voluntary
Effective:
Jan 26, 2023
Risk tier:
all
Scope:
providers, deployers

Requirements

RequirementDetails
GovernEstablish AI risk governance
MapIdentify and categorize AI risks
MeasureAssess and track risks
ManagePrioritize and mitigate risks

Penalties

ViolationFine
N/AVoluntary framework; no penalties. Used as safe harbor reference by state laws.