Voglio sapere a riguardo di…

Federal Register / Vol. 86, No. 143 / Thursday, July 29, 2021 / Notices
jbell on DSKJLSW7X2PROD with NOTICES

which minimize harms to individuals, groups, communities, and societies at large.
Defining trustworthiness in meaningful, actionable, and testable ways remains a work in progress. Inside and outside the United States there are diverse views about what that entails, including who is responsible for instilling trustworthiness during the stages of design, development,use, and evaluation. There also are different ideas about how to assure conformity with principles and characteristics of AI
trustworthiness.
NIST is among the institutions addressing these issues. NIST aims to cultivate the publics trust in the design, development, use, and evaluation of AI
technologies and systems in ways that enhance economic security, and improve quality of life. NIST focuses on improving measurement science, standards, technology, and related tools, including evaluation and data. NIST is developing forward-thinking approaches that support innovation and confidence in AI systems. The agencys work on an AI RMF is consistent with recommendations by the National Security Commission on Artificial Intelligence 1 and the Plan for Federal Engagement in Developing AI Technical Standards and Related Tools.2
Congress has directed NIST to collaborate with the private and public sectors to develop a voluntary AI RMF.3
The Framework is intended to help designers, developers, users and evaluators of AI systems better manage risks across the AI lifecycle. For purposes of this RFI, managing means: Identifying, assessing, responding to, and communicating AI
risks. Responding to AI risks means:
Avoiding, mitigating, sharing, transferring, or accepting risk.
Communicating AI risk means:
Disclosing and negotiating risk and sharing with connected systems and actors in the domain of design, deployment and use. Design, development, use, and evaluation of AI
systems includes procurement, 1 National Security Commission on Artificial Intelligence, Final Report, https www.nscai.gov/
wp-content/uploads/2021/03/Full-Report-Digital1.pdf.
2 Plan for Federal Engagement in Developing AI
Technical Standards and Related Tools, https
www.nist.gov/system/files/documents/2019/08/10/
ai_standards_fedengagement_plan_9aug2019.pdf.
3 H. Rept. 116455COMMERCE, JUSTICE, SCIENCE, AND RELATED AGENCIES
APPROPRIATIONS BILL, 2021, CRPT
116hrpt455.pdf congress.gov, and Section 5301 of the National Artificial Intelligence Initiative Act of 2020 Pub. L. 116283, https www.congress.gov/
116/bills/hr6395/BILLS-116hr6395enr.pdf.

VerDate Sep<11>2014

19:19 Jul 28, 2021

Jkt 253001

monitoring, or sustainment of AI
components and systems.
The Framework aims to foster the development of innovative approaches to address characteristics of trustworthiness including accuracy, explainability and interpretability, reliability, privacy, robustness, safety, security resilience, and mitigation of unintended and/or harmful bias, as well as of harmful uses. The Framework should consider and encompass principles such as transparency, fairness, and accountability during design, deployment, use, and evaluation of AI technologies and systems. With broad and complex uses of AI, the Framework should consider risks from unintentional, unanticipated, or harmful outcomes that arise from intended uses, secondary uses, and misuses of the AI.
These characteristics and principles are generally considered as contributing to the trustworthiness of AI technologies and systems, products, and services.
NIST is interested in whether stakeholders define or use other characteristics and principles.
Among other purposes, the AI RMF is intended to be a tool that would complement and assist with broader aspects of enterprise risk management which could affect individuals, groups, organizations, or society.
AI RMF Development and Attributes NIST is soliciting input from all interested stakeholders, seeking to understand how individuals, groups and organizations involved with designing, developing, using, or evaluating AI systems might be better able to address the full scope of AI risk and how a framework for managing AI
risks might be constructed. Stakeholders include but are not limited to industry, civil society groups, academic institutions, federal agencies, state, local, territorial, tribal, and foreign governments, standards developing organizations and researchers.
NIST intends the Framework to provide a prioritized, flexible, riskbased, outcome-focused, and costeffective approach that is useful to the community of AI designers, developers, users, evaluators, and other decision makers and is likely to be widely adopted. The Frameworks development process will involve several iterations to encourage robust and continuing engagement and collaboration with interested stakeholders. This will include open, public workshops, along with other forms of outreach and feedback. This RFI is an important part of that process.
NIST believes that the AI RMF should have the following attributes:

PO 00000

Frm 00010

Fmt 4703

Sfmt 4703

40811

1. Be consensus-driven and developed and regularly updated through an open, transparent process. All stakeholders should have the opportunity to contribute to the Frameworks development. NIST has a long track record of successfully and collaboratively working with a range of stakeholders to develop standards and guidelines. NIST will model its approach on the open, transparent, and collaborative approaches used to develop the Framework for Improving Critical Infrastructure Cybersecurity Cybersecurity Framework 4 as well as the Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management Privacy Framework.5
2. Provide common definitions. The Framework should provide definitions and characterizations for aspects of AI
risk and trustworthiness that are common and relevant across all sectors.
The Framework should establish common AI risk taxonomy, terminology, and agreed-upon definitions, including that of trust and trustworthiness.
3. Use plain language that is understandable by a broad audience, including senior executives and those who are not AI professionals, while still of sufficient technical depth to be useful to practitioners across many domains.
4. Be adaptable to many different organizations, AI technologies, lifecycle phases, sectors, and uses. The Framework should be scalable to organizations of all sizes, public or private, in any sector, and operating within or across domestic borders. It should be platformand technologyagnostic and customizable. It should meet the needs of AI designers, developers, users, and evaluators alike.
5. Be risk-based, outcome-focused, voluntary, and non-prescriptive. The Framework should focus on the value of trustworthiness and related needs, capabilities, and outcomes. It should provide a catalog of outcomes and approaches to be used voluntarily, rather than a set of one-size-fits-all requirements, in order to: Foster innovation in design, development, use and evaluation of trustworthy and responsible AI systems; inform education and workforce development;
and promote research on and adoption of effective solutions. The Framework should assist those designing, developing, using, and evaluating AI to 4 Framework for Improving Critical Infrastructure Cybersecurity Cybersecurity Framework, https www.nist.gov/cyberframework.
5 Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management Privacy Framework, https www.nist.gov/
privacy-framework/privacy-framework.

E:FRFM29JYN1.SGM

29JYN1