AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← All news

Topic

NIST AI RMF

The NIST AI Risk Management Framework is a comprehensive guidance document released by the National Institute of Standards and Technology that provides organizations with systematic approaches to identifying, measuring, and managing risks throughout the AI lifecycle. It offers flexible, non-prescriptive recommendations across four functions (Map, Measure, Manage, and Govern) that help enterprises integrate AI risk management into their existing governance structures and compliance programs. For organizations seeking to establish credible, standards-based AI governance, the NIST AI RMF has become an essential reference point that informs regulatory expectations and demonstrates reasonable due diligence to stakeholders and regulators.

5 items

ResearchUS2026-06-13

Practitioner Scorecard Maps Enterprise AI Governance Controls to NIST AI RMF and ISO 42001, Filling a Board Reporting Gap

CCG Catalyst has published a practitioner guide structuring enterprise AI governance programs around policy content, human-in-the-loop standards, validation, monitoring, roles, and committee reporting. The guide provides a board-style scorecard approach and explicitly maps control expectations to the NIST AI Risk Management Framework and ISO/IEC 42001. It is designed for compliance, risk, and audit teams that need operating metrics rather than high-level principles.

NIST AI RMFISO 42001board reportingAI governance programcompliance controls
ResearchUK2026-06-11

Holistic AI's Enterprise Governance Blueprint Maps Red Teaming and Human Oversight to NIST AI RMF and EU AI Act Requirements

TechUK has published a case study detailing how Holistic AI's governance platform operationalizes enterprise AI risk management by combining benchmarking, red teaming, fine tuning, human oversight, and assurance mapping to frameworks including the NIST AI RMF and the EU AI Act. The study provides a reference implementation for compliance teams building model evaluation gates, continuous monitoring programs, and multi-framework regulatory readiness processes. It is positioned as a practitioner blueprint for enterprises deploying or scaling large language models.

red-teamingLLM-riskNIST-AI-RMFEU-AI-Actmodel-evaluation
ResearchGlobal2026-05-06

AI Governance Requires Integrated Privacy, Cybersecurity, and Legal Functions, ISACA Article Argues

ISACA published "Collaboration and the New Triad of AI Governance," an industry article arguing that effective AI governance requires the formal integration of privacy, cybersecurity, and legal functions across the full AI life cycle. The article references the EU AI Act, the NIST AI Risk Management Framework, and recent U.S. executive orders as converging frameworks that make siloed governance approaches inadequate. It calls on organizations to establish cross-functional accountability structures to address overlapping AI risks.

AI governanceEU AI ActNIST AI RMFUnited StatesEUrisk managementaccountabilitycybersecurityprivacyExecutive Order 14110
Corporate PolicyGlobal2026-05-04

Claude Opus 4.7 ships with reduced cyber capabilities and new safety evaluations, Anthropic confirms

Anthropic has released Claude Opus 4.7, a general-availability model focused on advanced software engineering tasks including complex long-running workflows, precise instruction following, and self-verification. The release includes documented safety evaluations and a deliberate reduction in cyber capabilities compared to the earlier Mythos Preview model, with Anthropic stating those safeguards were tested on less capable models before deployment. Anthropic has publicly disclosed these capability constraints as part of its corporate safety policy, specifically targeting high-risk application areas such as cybersecurity. For enterprise compliance teams, the release is notable because it demonstrates a voluntary, documented model-level risk mitigation practice that aligns with emerging expectations under frameworks such as the EU AI Act and NIST AI RMF for transparency and pre-deployment safety assessment. Organizations deploying Claude Opus 4.7 in security-sensitive or software development contexts should review Anthropic's published safety evaluations to support their own internal risk documentation and vendor due diligence obligations.

AnthropicClaudeEU AI ActNIST AI RMFcybersecuritymodel evaluationtransparencyrisk managementsoftware engineeringpre-deployment safety
ResearchGlobal2026-04-25

Multi-Jurisdictional AI Governance Gaps Threaten Enterprise Compliance, arXiv Study Finds

A research preprint published on arXiv analyzes overlapping and conflicting regulatory requirements across multiple jurisdictions in AI governance, identifying critical implementation gaps organizations encounter when translating legal obligations into operational practice. The study covers frameworks spanning regions including the United States, European Union, and Asia-Pacific, cataloging where requirements converge and where they create conflicting compliance burdens. The research does not carry binding legal force but offers practitioners a structured comparison of control requirements across major regulatory regimes. For enterprise compliance teams operating across borders, the analysis highlights the practical challenge of designing unified AI governance programs that satisfy divergent local mandates simultaneously. Organizations managing AI systems under frameworks such as the EU AI Act, NIST AI RMF, and various state-level or national regulations may find the gap analysis useful for prioritizing remediation efforts and assessing where existing controls fall short.

EU AI ActNIST AI RMFEUUnited StatesAsia-Pacificmulti-jurisdictional complianceAI governanceregulatory gap analysisrisk managemententerprise compliance