Glossary term
Glossary term
Governance and Compliance
A structured process to identify, analyze, and evaluate AI risks. It considers intended use, foreseeable misuse, affected stakeholders, data, model behavior, security, legal obligations, and operational controls. A mature assessment produces a decision-ready record: context, risk rating, assumptions, control requirements, residual risk, approvals, monitoring obligations, and reassessment triggers.
The NIST AI RMF Map function and ISO/IEC 23894:2023 provide complementary risk assessment guidance, with NIST mapping each Map function to ISO 23894 sub-clauses.
The EU AI Act Article 9 requires providers of high-risk AI to establish a risk management system across the entire lifecycle, including assessment of reasonably foreseeable misuse.
Canada's Algorithmic Impact Assessment Tool is a mandatory risk questionnaire scoring federal AI systems on 4 impact levels, published openly on the Open Government Portal.