Skip to main content
NIST AI RMF organises risk management around four functions: Govern, Map, Measure, Manage. Observatory maps 16 of the framework’s high-impact subcategories to operational controls.

The four functions

A healthy AI RMF posture closes the loop: governance decisions feed mapping, mapping feeds measurement, measurement feeds management, and management updates governance.

Mapped subcategories

Govern (4 mapped)

Map (4 mapped)

Measure (4 mapped)

Manage (4 mapped)


Overlap with EU AI Act

Several NIST subcategories overlap directly with EU AI Act requirements: Closing one usually closes both. The gap analysis prioritises remediation by cross-framework impact.

Producing the audit pack

Same shape as EU AI Act: a ZIP with per-subcategory evidence and the framework score.

EU AI Act

Sister framework with significant overlap.

Risk Dashboard

Where Manage 1.1 (prioritise risks) is operationalised.
Last modified on June 3, 2026