HomeLegal DirectoryNIST AI RMF (voluntary AI risk framework)

In effect Limited protection

NIST AI Risk Management Framework (AI RMF 1.0 and Generative AI Profile)

United States · NIST AI 100-1 (AI RMF 1.0); NIST AI 600-1

A voluntary federal framework that helps organizations identify, measure, and manage risks from AI systems — including bias, safety, and security issues. It creates no legal rights for individuals, but it has become the de facto standard referenced by regulators, several state AI laws, and federal contractors.

Technical detail

NIST AI RMF 1.0 (Jan. 26, 2023) is a voluntary risk framework, supplemented by the Generative AI Profile (NIST AI 600-1, July 2024) and ongoing 2025–2026 profile work; compliance is non-mandatory but referenced in state statutes (e.g., TRAIGA safe harbors) and procurement expectations.

Who is protected: Indirectly: individuals affected by AI systems whose developers/deployers adopt the framework

Who must comply: Voluntary for all organizations; effectively expected of federal contractors and referenced by regulators

Key facts

JurisdictionUnited States
LevelFederal
StatusIn effect
Protection strengthLimited protection
Effective date2023-01-26
CitationNIST AI 100-1 (AI RMF 1.0); NIST AI 600-1
Enforced byNone (voluntary; NIST is non-regulatory)
Private right of actionNo — agency enforcement only
TopicsAI disclosure and transparency · automated decision-making · government use of AI · consumer protection
Last verified2026-06-10
Official sourceAI Risk Management Framework | NIST ↗

More AI rules in United States

Related AI disclosure and transparency rules elsewhere

See something wrong or out of date? Submit a correction — every entry must carry a verifiable official source.