AI Governance and Risk Management Cheat Sheet

Updated 2026-05-18

Next Topic: AI Hardware and Inference Optimization Cheat Sheet

AI governance and risk management frameworks provide structured approaches for organizations to develop, deploy, and monitor artificial intelligence systems responsibly while meeting regulatory obligations. As AI moves from experimentation into production-critical systems in 2026, the convergence of NIST guidance, EU legislation, and state-level US regulations creates enforceable accountability across the entire AI lifecycle. Understanding risk classification tiers, implementing continuous monitoring infrastructure, and establishing cross-functional governance bodies are no longer optional—they are foundational requirements for any organization using AI in high-stakes domains such as hiring, healthcare, law enforcement, and financial services.

What This Cheat Sheet Covers

This topic spans 30 focused tables and 189 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Core Governance FrameworksTable 2: NIST AI RMF Four FunctionsTable 3: EU AI Act Risk Classification TiersTable 4: High-Risk AI System ObligationsTable 5: Algorithmic Impact Assessment (AIA)Table 6: Model Auditing and Testing TechniquesTable 7: AI Bias Detection and MitigationTable 8: AI Transparency and ExplainabilityTable 9: AI Governance Committee StructureTable 10: AI Risk Management and MitigationTable 11: Third-Party AI Risk ManagementTable 12: AI Monitoring and ObservabilityTable 13: AI Red Teaming and Adversarial TestingTable 14: AI Documentation StandardsTable 15: AI Privacy and Data ProtectionTable 16: AI Security and Adversarial DefenseTable 17: AI Ethics PrinciplesTable 18: AI Compliance and Regulatory ToolsTable 19: AI Procurement and Vendor ManagementTable 20: AI Governance KPIs and MetricsTable 21: US State-Level AI RegulationsTable 22: General Purpose AI (GPAI) ObligationsTable 23: Human Oversight RequirementsTable 24: Post-Market Monitoring and SurveillanceTable 25: AI Conformity Assessment and CertificationTable 26: AI Penalties and EnforcementTable 27: AI for Specific Use CasesTable 28: AI Governance Maturity LevelsTable 29: AI Workforce Training and AwarenessTable 30: AI Governance RACI Matrix

Table 1: Core Governance Frameworks

Organizations align their AI programs to established frameworks that provide structured guidance for risk identification, assessment, and mitigation across the AI lifecycle.

Framework	Example	Description
NIST AI Risk Management Framework (AI RMF)	Four functions: Govern, Map, Measure, Manage	Voluntary US framework organizing AI risk activities into four interconnected functions; widely adopted across sectors and designed to improve AI trustworthiness without mandating specific technical solutions.
EU AI Act	Risk-based tiers: Unacceptable, High, Limited, Minimal	World's first comprehensive AI law classifying systems into risk categories with corresponding obligations; enforceable from August 2, 2026, with fines up to €35M or 7% of global turnover for prohibited practices.
ISO/IEC 42001:2023	AI management system standard	First internationally certifiable standard for AI management systems; defines requirements for establishing, implementing, and maintaining AI governance aligned with risk-based principles and continuous improvement.
OECD AI Principles	Five values-based principles	Foundational principles promoting innovative, trustworthy AI that respects human rights and democratic values; adopted globally and referenced by multiple national frameworks.

Table 1: Core Governance Frameworks

Organizations align their AI programs to established frameworks that provide structured guidance for risk identification, assessment, and mitigation across the AI lifecycle.

Framework	Example	Description
NIST AI Risk Management Framework (AI RMF)	Four functions: Govern, Map, Measure, Manage	Voluntary US framework organizing AI risk activities into four interconnected functions; widely adopted across sectors and designed to improve AI trustworthiness without mandating specific technical solutions.
EU AI Act	Risk-based tiers: Unacceptable, High, Limited, Minimal	World's first comprehensive AI law classifying systems into risk categories with corresponding obligations; enforceable from August 2, 2026, with fines up to €35M or 7% of global turnover for prohibited practices.
ISO/IEC 42001:2023	AI management system standard	First internationally certifiable standard for AI management systems; defines requirements for establishing, implementing, and maintaining AI governance aligned with risk-based principles and continuous improvement.
OECD AI Principles	Five values-based principles	Foundational principles promoting innovative, trustworthy AI that respects human rights and democratic values; adopted globally and referenced by multiple national frameworks.