NIST Releases Generative AI Profile: A De Facto Standard?

nist standards governance August 12, 2024 · by Eleanor Hartwell

The National Institute of Standards and Technology has released NIST AI 600-1, formally titled "Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile." It is, on its face, a voluntary technical document. Treat it that way at your peril.

The Profile is best understood as a use-case-specific overlay on the underlying AI RMF (NIST AI 100-1, released in January 2023). The RMF gives you a generic governance scaffolding — Govern, Map, Measure, Manage. The Profile takes that scaffolding and asks: what does it look like when applied specifically to generative AI? The answer runs to about 60 pages.

What's in the Profile

The document organizes around twelve risks specific to or amplified by generative AI: CBRN information misuse, confabulation, dangerous or violent content, data privacy, environmental impact, harmful bias, human-AI configuration risks, information integrity, IP infringement, obscene/harmful synthetic content, intellectual property, value chain risks, and information security. For each, it cross-references the AI RMF's four functions and lists suggested actions.

What is notably new compared to the underlying RMF:

• An explicit treatment of CBRN risk for the first time in a NIST AI document.
• Treatment of supply-chain risks for foundation models, including third-party data, third-party pre-trained components, and third-party fine-tuning services.
• Specific guidance on red-teaming and adversarial evaluation, which the underlying RMF mentions only in passing.
• An attempt at structured guidance for human-AI configuration — the design choices around when to involve a human in the loop, how to display AI outputs, how to handle handoffs.

None of this is groundbreaking. The Profile is mostly a careful synthesis of best practices that AI governance practitioners have been discussing in industry forums for two years. What is new is the imprimatur.

Why "voluntary" doesn't mean what it used to

The AI RMF and now the Profile are formally non-binding. NIST has no rulemaking authority in this space. The documents repeat, in their own text, that they are voluntary frameworks intended to support flexible adoption. Read them at face value and you would not think they were doing much law-making.

Look at where they actually appear, though, and the picture changes:

• The Biden Executive Order on AI (October 2023) directs federal agencies to use the AI RMF in their procurement and use of AI systems. That covers virtually every federal agency engagement with vendors.
• Colorado SB 24-205 creates an affirmative defense for entities that adhere to a "nationally or internationally recognized risk management framework." NIST AI RMF is the one everyone has in mind.
• The OMB M-24-10 memo, governing federal agency AI use, explicitly cross-references the AI RMF in its risk management requirements.
• Several state procurement RFPs we have seen now require NIST AI RMF alignment as a contractual condition.
• Insurance carriers writing tech-E&O coverage with AI riders are increasingly using AI RMF compliance as an underwriting input.

The pattern is familiar from the cybersecurity world. The NIST Cybersecurity Framework (CSF) was also "voluntary" — until it became a baseline expectation in vendor contracts, a reference point for negligence litigation, and the explicit anchor of multiple state breach laws. The AI RMF and its companion Profiles are tracking the same path.

What this means for compliance programs

If you are advising a client building or deploying generative AI systems, the practical posture is now: assume the Profile is a baseline, document deviations.

The "document deviations" part is doing real work. The Profile is risk-tiered and explicitly contemplates that not every action is appropriate for every organization or use case. But silence is the worst posture. If you choose not to implement a Profile-suggested control, the right move is to record why — what risk does not apply, what compensating control is in place, what cost-benefit reasoning drove the choice. This is the documentation that will eventually be discoverable in litigation or regulatory inquiry.

Open questions

Three to watch over the next year:

1. Will Colorado's AG list the Profile by name? The affirmative defense in SB 24-205 turns on adherence to a "recognized framework." If the Colorado AG specifies the AI RMF (and presumably the Profile), it will accelerate U.S. de facto adoption considerably.
2. How will federal courts treat it in tort cases? When a generative AI system causes harm and the question is whether the developer or deployer used reasonable care, plaintiffs will point to the Profile's recommendations. The first appellate decision applying the Profile as a benchmark for due care will be a watershed.
3. How will it interact with EU AI Act conformity? The EU is developing harmonized standards through CEN-CENELEC. To the extent those standards diverge from the Profile in material ways, multinational compliance will require dual mapping — a familiar but painful exercise.

Bottom line

Treat the GAI Profile the way you would treat a NIST cybersecurity publication. Voluntary in form, expectation-setting in fact, and reachable in litigation. Build it into your governance program now, and document the deviations carefully.