Conducting an AI Risk Assessment

Artificial intelligence (AI) can provide a great benefit to society, but it also carries risks. For this reason, AI guidance and regulations, such as the National Institute of Standards and Technology (NIST) AI Risk Management Framework and the proposed EU Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (EU AI Act) (including information about the final text of the EU AI Act from the European Commission's Artificial Intelligence – Questions and Answers), focus on management of risk as part of AI governance. To conduct a risk assessment, an organization's AI governance team should first identify and rank the risks as unacceptable (prohibited), high, limited, or minimal, evaluate the probability of harm, implement mitigation measures to reduce or eliminate risks, and document the risk assessment to demonstrate accountability.