Overview
Severity: MEDIUM | Affected: NIST | Category: policy
The U.S. National Institute of Standards and Technology (NIST) has released version 2.0 of its influential AI Risk Management Framework (AI RMF). This major update introduces legally binding requirements for organizations deploying AI in sectors deemed 'high-risk', such as healthcare, finance, and critical infrastructure. The most significant change is the mandate for continuous, automated auditing and real-time monitoring of these AI systems throughout their operational lifecycle. This replaces the previous guidance which focused more on pre-deployment risk assessment. Organizations will now be required to implement systems that can detect and report on model drift, data poisoning attempts, and adversarial attacks in near real-time. The framework provides a 12-month grace period for affected entities to achieve compliance. This policy shift is expected to catalyze the market for AI security tools and drive a more mature, proactive approach to managing the risks of advanced AI.