Before managing AI risks you have to be able to name them. Four tools, all public and free, offer as many perspectives: NIST’s management framework, MIT’s taxonomic repository with over 1,700 catalogued risks, the Cloud Security Alliance’s controls matrix and ENISA’s cybersecurity framework. A reasoned map for those building AI governance.
Anyone setting out to build a system of AI governance — by regulatory obligation or organisational choice — soon meets a preliminary difficulty: which risks are we talking about? A survey of the main public reference tools is useful, with the caveat that these are voluntary tools, which do not replace the AI Act obligations but can feed their implementation: from risk management under Article 9 to the impact assessments imposed by the binding European framework.
NIST AI RMF: the management framework
The first reference is American: the AI Risk Management Framework of the National Institute of Standards and Technology (NIST), published in January 2023. Its vocation is stated: “the NIST AI Risk Management Framework (AI RMF) is intended for voluntary use and to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems”. Its operational heart is the Core, articulated in four functions: “the Core is composed of four functions: govern, map, measure, and manage”. GOVERN oversees culture and organisational set-up; MAP contextualises the system and identifies its risks; MEASURE analyses and quantifies them; MANAGE treats them.
MIT AI Risk Repository: the living taxonomy
Of a different nature is the AI Risk Repository of MIT: not a management framework, but “a comprehensive living database of over 1700 AI risks categorized by their cause and risk domain”. The database “captures 1700+ risks extracted from 74 existing frameworks and classifications of AI risks”, organised according to a causal taxonomy and a domain taxonomy classifying risks into seven domains and twenty-four subdomains. Its practical utility is notable: anyone conducting a risk assessment can use the repository as a completeness checklist, verifying that they have not overlooked entire risk domains — from disinformation to system security, from discrimination to loss of control.
CSA AI Controls Matrix: from risks to controls
The step from risk to control is the terrain of the AI Controls Matrix (AICM) of the Cloud Security Alliance, released in July 2025: “the AICM contains 243 control objectives distributed across 18 security domains. It maps to leading standards, including ISO 42001, ISO 27001, NIST AI RMF 1.0, and BSI AIC4”. The cross-mapping is its greatest merit: an organisation that has adopted an AI management system, or is preparing for the AI Act obligations, can use the matrix to translate high-level requirements into verifiable control objectives, in a language familiar to those coming from information security.
ENISA: the cybersecurity perspective
The survey closes with the Multilayer Framework for Good Cybersecurity Practices for AI of ENISA, of June 2023: “the framework consists of three layers (cybersecurity foundations, AI-specific cybersecurity and sector-specific cybersecurity for AI) and aims to provide a step-by-step approach on following good cybersecurity practices”. The layered logic is precious: it recalls that AI security rests on the foundations of general cybersecurity, specialises on the risks proper to learning systems, and is finally declined by sector.
How to use the map
Four tools, four complementary functions: NIST offers the process, MIT the taxonomy, CSA the controls, ENISA the security perspective. For a European organisation, the value lies not in adopting them all, but in using them as sources feeding its own obligations: the taxonomy so as not to forget risks, the process to govern them, the controls to implement them — all within the binding frame of the AI Act and, where adopted, its own management system. With the usual caveat: none of these tools generates presumptions of conformity, and their use must be documented as a methodological choice, not exhibited as a licence.
Conclusions
The proliferation of frameworks and taxonomies is, at once, a richness and a risk: a richness, because the public stock of knowledge on AI risks has never been so vast; a risk, because the multiplication of tools can fuel a façade compliance, made of juxtaposed and never-integrated mappings. In the light of the above, one wonders whether organisations will move from collecting frameworks to a genuinely integrated risk management, one that does not exhaust itself in the juxtaposition of matrices and taxonomies but is able to intercept the risks to people, who are the ultimate reason for every framework.
