NIST has published a concept note for a new AI Risk Management Framework Profile focused on trustworthy AI in critical infrastructure. The profile is intended to help operators in sectors such as energy, transport, water, telecommunications and healthcare manage the unique risks that AI introduces when safety, security and continuity are paramount.
Why critical infrastructure needs its own profile
The existing NIST AI RMF is sector-agnostic. That is a strength for general adoption, but it leaves room for interpretation in high-stakes environments. A power grid operator, a hospital network and a consumer app company all use AI, but the consequences of failure are not comparable.
The proposed profile aims to close that gap by identifying sector-specific risks, control objectives and implementation guidance. It is not a separate framework; it is a specialisation of the AI RMF for organisations where AI failures can affect public safety, national security or economic stability.
What the concept note covers
The concept note outlines the rationale for the profile and invites feedback on scope, structure and use cases. It signals that NIST is particularly interested in:
- Safety and reliability. AI systems that control or advise on physical processes must be robust against failures, adversarial attacks and unexpected inputs.
- Security. Critical infrastructure is a high-value target. AI systems can introduce new attack surfaces, from training-data poisoning to model extraction.
- Resilience. Operators need to maintain services during AI system degradation or failure. That requires fallback procedures, human override and graceful degradation.
- Supply chain risk. Many AI components come from third-party vendors. The profile is likely to emphasise visibility and assurance across the AI supply chain.
- Workforce and governance. Operators need staff who understand both AI and operational technology, and governance structures that bridge the two.
What operators should review
Even at the concept-note stage, the profile gives operators a useful preview of where NIST is heading. Three areas deserve early attention.
Convergence of IT and operational technology. AI is increasingly deployed at the boundary between enterprise IT and industrial control systems. Security and risk models that work for one do not always transfer to the other. Review your architecture for gaps.
Human-machine teaming. In critical infrastructure, the human operator remains the last line of defence. Make sure AI systems support human decision-making rather than bypassing it, and that operators have the training and authority to intervene.
Incident response. Traditional incident response plans may not cover AI-specific failures such as model drift, adversarial inputs or cascading automated decisions. Update runbooks and exercise them.
How to engage
NIST is seeking input as it develops the profile. Operators, trade associations and standards bodies should participate. The profile will shape not only US practice but also international expectations, because critical infrastructure standards tend to travel.
Even without waiting for the final profile, organisations can begin mapping their AI use against the draft themes. The firms that do this early will influence the standard and be ready to comply with it.
The bottom line
The critical-infrastructure AI risk profile is a sign that AI governance is becoming sector-specific and safety-critical. Operators should treat the concept note as a draft compliance map and start aligning their risk management programmes with its themes before the final version is published.