AI Risk Management
Why risk structure matters
AI systems fail in specific, predictable ways. Different frameworks categorise those failures differently. IQ:NS normalises them into seven dimensions drawn from the major standards, so risk concepts map consistently across every framework you care about.
The seven dimensions
1. Fairness & Bias
Models discriminate against protected groups in high-impact decisions. Covered by EU AI Act, ECOA, Fair Lending Act, NIST Measure 2.6, ISO 24027.
2. Safety
AI causes or contributes to physical harm, financial loss, or misdiagnosis. Covered by EU AI Act Annex III, NIST, ISO 42001, sector standards.
3. Security
Adversarial attacks, model theft, data poisoning, prompt injection. Covered by OWASP LLM Top 10, MITRE ATLAS, Google SAIF, NIST AI 100-1.
4. Privacy
Processing personal data without valid legal basis, violating minimisation principles, automated decisions without safeguards. Covered by GDPR Articles 22/35/36, EU AI Act.
5. Transparency & Explainability
Users don’t know they’re interacting with AI. Decisions can’t be explained. Covered by EU AI Act Chapter IV, NIST Govern 4.1, ISO A.8.3.
6. Accountability & Oversight
No one owns AI decisions. Approval processes don’t exist or get bypassed. Covered by all major frameworks.
7. Reliability & Robustness
Models drift, degrade, or behave unpredictably. Covered by ISO 24029, NIST, monitoring requirements across frameworks.
How IQ:NS manages risk
Each risk dimension maps to specific obligations across every applicable framework. The ontologies capture:
- Which frameworks define this risk category
- Where the definitions align and where they diverge
- What controls each framework requires
- How concepts relate across standards
This means a single query can show you every obligation related to, say, fairness — across EU AI Act, NIST, ISO, and sector-specific rules — in one structured view.