The NIST AI Risk Management Framework (AI RMF 1.0, published January 2023, with the Generative AI Profile published July 2024) maps onto enterprise agentic AI deployment work across its four functions (Govern, Map, Measure, Manage) using the same artefacts an enterprise produces for EU AI Act Article 9. Specifically: NIST Govern maps to the Head of AI Governance role and the AI governance committee; NIST Map maps to the deployment inventory and the OWASP Agentic Top 10 walkthrough; NIST Measure maps to the 14-field Article 12 audit substrate plus the GAUGE governance dimensions; NIST Manage maps to the kill-criterion enforcement and the seven-control surface. An enterprise that has the EU AI Act preparation track running has substantially completed NIST AI RMF coverage and can document the mapping as a single cross-reference matrix. The reverse mapping (NIST → EU AI Act) requires more work because NIST is voluntary in posture and the EU AI Act is operational; an enterprise that started with NIST as the framework needs to extend audit substrate granularity and add the Article 73 incident-reporting workflow.

NIST AI RMF mapping. 90-day review cadence. Watches: (1) NIST AI RMF version updates (NIST has signalled an AI RMF 2.0 framework revision in development for late 2026), (2) Generative AI Profile updates (the July 2024 profile is the current authoritative addendum; further profiles for agentic systems specifically are expected), (3) U.S. federal procurement guidance that elevates NIST AI RMF from voluntary to operational (pending under the post-Executive Order 14110 successor framework), (4) NIST AI Safety Institute outputs that revise the technical risk taxonomy.