Cheat sheetAII-04

AI Governance & Responsible AI

AI Intelligence / AI Governance & Responsible AI

Governance is an enabler, not just a brake. Anchor on NIST AI RMF and ISO/IEC 42001, tier controls to risk and impact, and keep human oversight, transparency, and accountability.

1
NIST AI RMFVoluntary, risk-based; functions Govern, Map, Measure, Manage across the lifecycle.
2
ISO/IEC 42001Certifiable standard for an AI management system (AIMS); auditable and repeatable.
3
Responsible-AI pillarsRisk tiering, human oversight, transparency, accountability.
4
EU AI ActRisk-based regulation; stricter for high-risk, some uses prohibited; can apply extraterritorially.

Tier each use case by impact, attach proportionate controls (oversight, explanations, logging, named owner), and map the whole to NIST AI RMF or an ISO/IEC 42001-style management system.

High impactCredit-decision AI: bias evaluation, human override, applicant notice, audit logging, accountable owner.
Low impactInternal note summariser: lightweight controls proportionate to minimal risk.
NIST AI RMF = voluntary risk framework; ISO/IEC 42001 = certifiable standard; EU AI Act = regulation.
Controls must be proportionate to impact, not uniform.
Higher-autonomy agents are higher-risk systems needing stronger oversight.
governanceresponsible-ainist-ai-rmfiso-42001eu-ai-actrisk-tiering
review in 6d