Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

NIST Releases New Draft of Artificial Intelligence Risk Management Framework for Comment

Share

The National Institute of Standards and Technology (NIST) has released the second draft of its Artificial Intelligence (AI) Risk Management Framework (RMF) for comment. Comments are due by September 29, 2022.

NIST, part of the U.S. Department of Commerce, helps individuals and businesses of all sizes better understand, manage and reduce their respective “risk footprint.”  Although the NIST AI RMF is a voluntary framework, it has the potential to impact legislation. NIST frameworks have previously served as basis for state and federal regulations, like the 2017 New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500).

The AI RMF was designed and is intended for voluntary use to address potential risks in “the design, development, use and evaluation of AI products, services and systems.” NIST envisions the AI RMF to be a “living document” that will be updated regularly as technology and approaches to AI reliability to evolve and change over time.

According to the proposed AI RMF, the specific focus of this new framework is an AI system engineered on a machine-based system that can, “for a given set of human-defined objectives, generate outputs such as predictions, recommendations or decisions influencing real or virtual environments.”

Amidst the growth of artificial intelligence, the AI RMF provides guidance on how to use AI in a respectful and responsible manner. Cybersecurity frameworks are designed to secure and protect data, and the AI RMF draft appears to complement that goal.

One of the many objectives of the AI RMF is to better clarify and design NIST’s “AI Lifecycle.” The current AI Lifecycle focuses on overall risk management issues. The main audience for this framework, as drafted, are those with responsibilities to commission or fund an AI system as well as those who are part of the “enterprise management structure” that work to govern the AI Lifecycle.

For example, as part of the proposed AI RMF, NIST has defined “stages” for the new AI Lifecycle model. These elements include:

  1. Plan & Design
  2. Collect & Process Data
  3. Build & Use Model
  4. Verify & Validate
  5. Deploy
  6. Operate & Monitor
  7. Use or Impacted By

AI will impact many critical aspects of society over the next few years including  the way we live and work. According to the World Economic Forum, up to 97 million new AI jobs could be created by the end of 2025. As AI continues to grow, it is critical to have a viable risk management framework in place.

A companion NIST AI RMF Playbook (Playbook) was published in conjunction with the second draft of the AI RMF. The Playbook is an online resource and “…includes suggested actions, references, and documentation guidance for stakeholders” to implement the recommendations in the AI RMF.

NIST will be holding a third and final virtual workshop on October 18-19, 2022, with leading AI experts and interested parties and expects the final AI RMF and Playbook to be published in January 2023.

We will continue to follow these developments and advise about updates as relevant.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Jason G. Weiss

Jason G. Weiss leverages a past career as a cybersecurity and computer forensics Supervisory Special Agent with more than 22 years of decorated service at the FBI to guide clients through the complex and high-stakes issues associated with cybersecurity incident preparedness and response and compliance. View Jason's full bio on the Faegre Drinker website.

About the Author: Christopher P. Cullen

Receive Email Alerts to New Articles

SUBSCRIBE

September 8, 2022
Written by: Jason G. Weiss and Christopher P. Cullen
Category: Cybersecurity, Data Strategy, NIST, Privacy
Tags: artificial intelligence, Risk Management Framework

Post navigation

Previous Previous post: Court of Justice of the European Union Recognizes Inferred Special Categories of Personal Data
Next Next post: Sephora Settles with California AG for $1.2M for Alleged CCPA Violations Relating to Third-Party Cookies and User-Enabled Opt-Out Signals

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT