Overview
Severity: MEDIUM | Affected: U.S. Federal Government | Category: policy
The U.S. National Institute of Standards and Technology (NIST) has released the second version of its influential AI Risk Management Framework (AI RMF 2.0). This major update moves beyond voluntary guidance, introducing binding requirements for federal agencies procuring or deploying AI systems, particularly those in critical functions. Key changes include mandatory third-party auditing for high-risk AI systems, strict data provenance and documentation standards, and requirements for continuous monitoring of model performance and safety alignment post-deployment. The framework also introduces specific controls for mitigating threats like adversarial attacks and data poisoning. While aimed at the public sector, the AI RMF 2.0 is expected to become a de facto standard for the private sector, significantly raising the bar for AI safety and governance practices across the industry.