Welcome to the Q4 Store Release for ServiceNow Risk and Resilience! This release brings a wave of innovation across risk, resilience, privacy, ESG, and AI governance, empowering organizations to manage complexity, strengthen compliance, and drive operational excellence. Whether you’re a risk manager, compliance officer, privacy professional, sustainability leader, or driving AI initiatives for your organization, you’ll find new capabilities designed to streamline workflows, improve visibility, and accelerate decision-making. Below, we highlight some of the major features that make this release a must-explore for forward-thinking teams.
For further details on each area, be sure to register for our Live on ServiceNow online sessions to get the full details and demos across the entire Risk Portfolio. You can also see short demos on our Q4 25 Risk demos page in Community. Now for the highlights!
AI Control Tower
More Visibility. More Control. More Confidence.
According to MIT, 95% of enterprises say they have received no value from AI, despite spending $30-40 billion. These value gaps point to the lack of governance and alignment. This quarter, AI Control Tower introduces new capabilities that make it easier to realize value from any AI asset, govern any connection, and secure any AI system, no matter where it runs.
AI discovery and inventory
We’ve expanded AI discovery and Inventory so enterprises can finally view their entire AI estate in one place. With new integrations for Copilot Studio and Google Cloud Platform, building on AWS Bedrock and Azure AI Foundry, you now get a unified picture of any model, agent, and service. Discovery automatically creates new configuration items and reconciles duplicates, keeping your registry accurate without manual cleanup. We’ve also added MCP server discovery so you can map and manage the ServiceNow AI Agents that power cross-platform workflows.
AI Gateway
To support the rise of agent-to-agent interoperability, AI Gateway now provides a trusted way to connect ServiceNow AI Agents to remote MCP servers across clouds and third-party platforms. It centralizes all MCP connections with a governed registry, approval process, and activity monitoring, so you know exactly which agents are talking to each other, what they’re doing, and whether the traffic is secure. As more teams experiment with cross-platform AI, AI Gateway ensures every connection is safe, authenticated, and fully observable.
Change management and off-boarding workflows
We’re also introducing guided change and offboarding workflows to help teams manage updates and retirements of AI systems without creating risk. Most AI changes happen without complete visibility into dependencies or required approvals, leading to compliance issues and unexpected breakage. With structured workflows, impact checks, and automatic notifications to AI owners, every update and retirement now follows a consistent, governed path, even as AI grows more complex across the enterprise.
Security and privacy
Finally, we’ve strengthened the security and privacy layer for enterprise AI. AI Control Tower now provides visibility into the security posture for both ServiceNow AI and AWS Bedrock. Enhanced data privacy controls prevent leaks and enforce anonymization for sensitive information, while prompt-injection monitoring detects unsafe inputs before they cause harm. Automated tasks flag dormant or privileged agents so teams can take timely action and reduce exposure.
Business Continuity Management
Visualizing Risk and Recovery
Operational resilience is at the heart of effective risk management. The new Critical Business Service mapping and visualization (“Nexus Map”) provides a configurable, hierarchical view of business services, processes, applications, and dependencies. This helps organizations identify vulnerabilities, trace impact paths, and prioritize resources for resilience planning.
Gantt Chart Visualization
Complementing this, the Gantt chart visualization for recovery tasks enables business continuity and disaster recovery teams to coordinate, reorder, and de-duplicate tasks across multiple plans and events, improving response coordination and eliminating inefficiencies.
Mobile Experience in BCM
With a new mobile experience for business continuity and disaster recovery, teams can access and download plans as PDFs directly from their devices, ensuring critical information is available even during connectivity disruptions. These features collectively empower organizations to act quickly and confidently during crises, improving resilience and operational readiness.
ESG Management
AI-Driven Carbon Calculations
Sustainability teams face the complex challenge of calculating Scope 3 emissions, which spans a company’s entire value chain. The new Carbon Calculations Agent leverages AI to automate metric recommendations, validate emission factors, and apply best-practice calculation methods. This dramatically reduces manual effort, improves accuracy, and delivers actionable insights for strategic initiatives. By expediting emissions calculations and supporting consistent, reliable reporting, the Carbon Calculations Agent helps organizations scale their sustainability efforts and focus on what matters most.
Integrated Risk Management
Model Risk Management
Organizations increasingly rely on complex models for strategic decisions, but without robust oversight, they risk model failures, regulatory non-compliance, and flawed decision-making. The new Model Risk Management capabilities provide a centralized system for managing model inventory, risk assessments, validation, and monitoring. With structured workflows, checklist-based validation, and continuous monitoring, governance teams can confidently identify, assess, and mitigate model risks, reducing compliance vulnerabilities and strengthening regulatory assurance. This solution is essential for risk professionals seeking to drive consistency, transparency, and agility across the model lifecycle.
AI-Powered Regulatory Alert Analysis
Regulatory environments are dynamic and fragmented, inundating compliance teams with alerts from multiple jurisdictions and industry bodies. The new AI-powered regulatory alert analysis automates enrichment, classification, and prioritization of alerts, linking regulatory requirements directly to internal policies, controls, and risks. By leveraging AI agents for enrichment and impact scanning, organizations gain complete, contextual, and prioritized alerts, reducing manual overhead and minimizing the risk of missed or delayed responses. This capability empowers compliance professionals, legal teams, and risk managers to manage obligations with greater agility, consistency, and confidence.
Control Objective Change Management
Maintaining alignment between regulatory citations and control objectives is a constant challenge. With Control Objective Change Management, AI drives the impact analysis to automate updates, ensuring that changes to citations are quickly reflected in control objectives. This reduces compliance risk, improves operational efficiency, and minimizes manual effort. Compliance managers can review, approve, and update objectives seamlessly, maintaining continuous compliance and audit readiness.
Risk Identification and Issue Submission AI Agents
Traditional risk identification and issue submission processes are slow, fragmented, and prone to errors. Our new AI-powered assistants for risk identification and issue submission guide users through smart, conversational workflows, pulling context from internal and external sources to surface critical insights and recommendations. This ensures comprehensive, consistent, and up-to-date risk coverage, while streamlining issue reporting and resolution. Organizations benefit from faster, smarter decision-making and improved operational efficiency.
Privacy Management
External-facing Personal Data Rights request form
This new form lets individuals outside of the company securely submit data subject requests. The new form also verifies the subject's identity via a one-time passcode, which ensures compliance from the start.
Access control by legal entity
New access control capabilities allow privacy teams to enforce jurisdictional access and quickly route privacy requests to the correct regional teams. It also allows for aligning access controls with local regulations to strengthen compliance and improve accountability.
Now Assist for Privacy Management
This release brings GenAI capabilities to Privacy Management that auto-summarizes risk assessments and issues, recommends control consolidation opportunities, and suggests common control objectives. These new AI skills cut hours of manual work down to minutes, so privacy teams can focus on managing privacy risk, not documenting it. This makes privacy operations faster, more secure, and ready to scale.
Third-party Risk Management
Document Management, Extended Risk Areas, and AI Skills
Managing third-party risk is streamlined with a centralized document repository, enabling upload, management, and reuse of documents across the third-party lifecycle. Self-service document submissions through the portal accelerate collection and improve compliance alignment. We have extended risk areas for internal risk questionnaires to create parity between internal and external assessments, supporting consistent risk ratings and holistic risk management. We’ve added AI-driven issue summarization and smart document Q&A (including voice assist) to automate documentation, improve accuracy, and deliver instant, context-rich answers—to empower third-party risk managers to make faster, more informed decisions.
Now that’s a lot! But this blog post only covers some of the features, enhancements, and upgrades we’ve made. If you are ready to see these new features in action and learn about more, join our “What’s New” product release webinars to get live demos, expert insights, and answers to your questions.
To reserve your spot and stay ahead with the latest innovations—visit the Live on ServiceNow for GRC events page for upcoming sessions. Don’t miss out—discover how ServiceNow can help you reinvent your organization’s approach to today’s business challenges.
