NIST AI Risk Management Framework Playbook

Identifying and managing AI risks and impacts are enhanced when a broad set of perspectives and actors across the AI lifecycle, including technical, legal, compliance, social science, and human factors expertise is engaged. AI actors include those who operate, use, or interact with AI systems for downstream tasks, or monitor AI system performance. Effective risk management efforts include:

• clear definitions and differentiation of the various human roles and responsibilities for AI system oversight and governance
• recognizing and clarifying differences between AI system overseers and those using or interacting with AI systems.

• Establish policies and procedures that define and differentiate the various human roles and responsibilities when using, interacting with, or monitoring AI systems.
• Establish procedures for capturing and tracking risk information related to human-AI configurations and associated outcomes.
• Establish policies for the development of proficiency standards for AI actors carrying out system operation tasks and system oversight tasks.
• Establish specified risk management training protocols for AI actors carrying out system operation tasks and system oversight tasks.
• Establish policies and procedures regarding AI actor roles, and responsibilities for human oversight of deployed systems.
• Establish policies and procedures defining human-AI configurations in relation to organizational risk tolerances, and associated documentation.
• Establish policies to enhance the explanation, interpretation, and overall transparency of AI systems.
• Establish policies for managing risks regarding known difficulties in human-AI configurations, human-AI teaming, and AI system user experience and user interactions (UI/UX).

Organizations can document the following:

• What type of information is accessible on the design, operations, and limitations of the AI system to external stakeholders, including end users, consumers, regulators, and individuals impacted by use of the AI system?
• To what extent has the entity documented the appropriate level of human involvement in AI-augmented decision-making?
• How will the accountable human(s) address changes in accuracy and precision due to either an adversary’s attempts to disrupt the AI or unrelated changes in operational/business environment, which may impact the accuracy of the AI?
• To what extent has the entity clarified the roles, responsibilities, and delegated authorities to relevant stakeholders?
• How does the entity assess whether personnel have the necessary skills, training, resources, and domain knowledge to fulfill their assigned responsibilities?

AI Transparency Resources:

• GAO-21-519SP: AI Accountability Framework for Federal Agencies & Other Entities. URL
• Intel.gov: AI Ethics Framework for Intelligence Community - 2020. URL
• WEF Companion to the Model AI Governance Framework- 2020. URL

Madeleine Clare Elish, “Moral Crumple Zones: Cautionary tales in human-robot interaction,” Engaging Science, Technology, and Society, Vol. 5, 2019. URL

“Human-AI Teaming: State-Of-The-Art and Research Needs,” National Academies of Sciences, Engineering, and Medicine, 2022. URL

Ben Green, “The Flaws Of Policies Requiring Human Oversight Of Government Algorithms,” Computer Law & Security Review 45 (2022). URL

David A. Broniatowski. 2021. Psychological Foundations of Explainability and Interpretability in Artificial Intelligence. National Institute of Standards and Technology (NIST) IR 8367. National Institute of Standards and Technology, Gaithersburg, MD. URL

Off. Comptroller Currency, Comptroller’s Handbook: Model Risk Management (Aug. 2021). URL