AI Risk and Compliance release notes
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of AI Risk and Compliance release notes
The ServiceNow® AI Risk and Compliance application, updated in the Zurich release, enables organizations to ethically manage AI capabilities, mitigate AI risks, and maintain regulatory compliance. This release introduces enhanced data security, streamlined risk assessments, improved asset lifecycle management, and advanced reporting features to support continuous AI risk monitoring and governance.
Show less
Key Features
- Entity-Based Access Control: Limits AI asset data access to authorized users while maintaining visibility of core entities, enhancing data segregation and security.
- Bulk Risk Assessment Projects: Allows simultaneous assessment of multiple risks and controls for AI assets within a single project, improving efficiency and consistency.
- Unified Content Hub and Content Accelerator: Activate pre-configured regulatory content packs (e.g., EU AI Act, NIST AI Risk Management Framework) to streamline compliance efforts and maintain alignment with evolving frameworks.
- Automated AI Case and Inquiry Creation: Reporting via dedicated email automatically generates trackable AI Case or Inquiry records, eliminating manual entry and ensuring comprehensive incident capture.
- 360° AI Asset Relationship Visualization: Provides a visual interface to explore relationships between AI assets and related records (datasets, models, risks, controls, assessments) for better insight.
- AI Asset Offboarding Workflow: Structured processes manage AI asset retirement and changes, ensuring compliance, audit trails, and risk mitigation during lifecycle transitions.
- Risk Score Aggregation and Visualization: Embeds heatmaps and residual risk widgets in AI asset records for real-time, data-driven insights into cumulative system-level AI risks.
- Dedicated Risk and Compliance Views: Centralized interfaces for AI models and datasets to assess and manage risk and compliance attributes with updated questionnaires and templates.
- Role-Based Access and Lifecycle Tracking: Enforces secure access controls, enables employee-initiated AI asset requests, and maintains consistent tracking of AI asset states from development to retirement.
- AI Cases Tab: Centralizes monitoring and management of AI-related cases and inquiries with filtering and sorting to prioritize actions and maintain transparency.
- Risk Heatmap Filtering: Customize risk visualization by applying filters based on internal or regulatory risk assessment methodologies for targeted analysis.
- Grouped Control Attestations: Organizes attestations by control objectives, frameworks, or assessment cycles to reduce redundancy and improve compliance visibility.
- Regulatory Updates Scanning: Enables teams to stay informed about global regulatory changes, assess impact, and respond proactively to new compliance requirements.
- Customizable Compliance Reporting: Controls detail and cadence of compliance posture reports to align with regulatory and internal governance obligations.
- UI Enhancements: Introduction of the Coral theme as default with a dark mode option for improved user experience, plus enhanced AI Risk and Compliance homepage sections for risk and compliance overviews.
- Worknotes and Comments: Support for documenting decisions and communications within AI system records to improve collaboration and audit trails.
- Feature-Specific Administrator Role Enhancements: Allows feature admins to complete more tasks previously reserved for broader admin roles, simplifying management.
Activation and Integration
The AI Risk and Compliance application is available for installation via the ServiceNow Store. It integrates with the ServiceNow® AI Control Tower application, which helps oversee and manage AI asset lifecycles comprehensively.
Benefits for ServiceNow Customers
- Ensure ethical AI management by systematically assessing and mitigating risks across AI assets.
- Maintain compliance with global AI regulations through updated content packs and regulatory monitoring.
- Enhance security and governance with entity-based access controls and role-based permissions.
- Streamline operational workflows for AI asset lifecycle management, including retirement and offboarding.
- Gain real-time visibility into AI risk posture and compliance status through dashboards, heatmaps, and centralized case tracking.
- Improve collaboration and audit readiness with enhanced communication features and comprehensive documentation.
The ServiceNow® AI Risk and Compliance application helps you to manage your AI capabilities ethically, mitigate AI risks, and ensure compliance. AI Risk and Compliance was enhanced and updated in the Zurich release.
AI Risk and Compliance highlights for the Zurich release
- Use entity-based access to limit AI asset data access to authorized users, maintaining core entity visibility.
- Perform assessment on multiple risks for an AI asset by creating a risk assessment project.
- Activate and manage pre-configured content packs using the unified content hub.
- Report AI cases or raise AI inquiries by emailing a dedicated address, which automatically creates a new, trackable record in the system.
- Retire and replace AI assets with structured workflows that prevent compliance gaps and security risks.
- Aggregate system-level AI risk scores by embedding heatmaps and residual score widgets within your AI asset overview records. You get visibility into your cumulative risk across the AI inventory and support for continuous risk monitoring.
- Get the dedicated AI risk and compliance views for your AI models and dataset records. With these views, you have a centralized interface where you can assess, monitor, and manage the risk and compliance attributes that are specific to your AI assets.
- Enforce role-based access controls, enable employee-initiated AI asset requests, and maintain consistent life-cycle state tracking across all your AI assets and dashboards. This capability helps you to ensure security, transparency, and governance throughout the asset life-cycle.
- View and manage your AI asset's risk and compliance cases more efficiently by accessing the new AI cases tab on the AI Risk and Compliance home page.
- Monitor and track the risk and compliance posture of your AI assets to ensure that your organization aligns with organizational and regulatory standards. You can also gain real-time insights into the emerging risks and compliance gaps across your AI portfolio.
See AI Risk and Compliance for more information.
Important:
AI Risk and Compliance is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.
New in the AI Risk and Compliance release
- Assess multiple risks and controls for AI assets simultaneously
- Create a risk assessment project to perform bulk assessments on multiple risks for an AI asset, enabling assessors to evaluate them in a single project. This approach reduces time and effort, confirms consistency across
multiple assessments, and provides a more comprehensive view of risks and controls within the same project. You can scope multiple risks related to the assessable entity within the project and perform assessments.
AI Risk and Compliance team can determine inherent risks, control effectiveness, residual risks, and target risks in the risk assessment project. They can also reassess completed assessments or reassign in-progress assessment projects to another assessor.
- AI asset data segregation with entity based access
- Enhance data segregation and security to ensure that only authorized users can access sensitive AI Risk and Compliance data while maintaining visibility into core entities. AI Risk and Compliance managers can control access risks, controls, related entities, issues, indicators, AI asset tasks, risk assessments, attestations, and AI assets data through entity-based access. Entities themselves stay visible to all users, while visibility of linked records is limited to authorized users.
- AI Risk and Compliance content accelerator
- Use the AI Risk and Compliance content accelerator icon on the AI Risk and Compliance workspace to activate the pre-configured content packs. Content Accelerator includes regulatory packs such as the EU Artificial Intelligence Act and NIST AI Risk Management Framework, offering citations, control objectives, and risk statements. The unified content hub helps to streamline scoping, reduce manual navigation between frameworks, and promote consistent use of regulatory content accelerator packs. This feature supports AI Risk and Compliance team in meeting relevant business requirements, maintaining team consistency, and speeding up the activation and management of global regulatory frameworks.
- Automatic creation of AI cases and inquiries from inbound email
- Report AI cases or raise AI inquiries by sending an email to a dedicated email address. Your email automatically creates a new AI Case or AI Inquiry record in the system. This feature remove manual work and scattered reporting methods, ensuring every case or inquiry is automatically captured, categorized, and tracked.
- 360° Relationship Visualization of an AI asset
- Use the 360° AI asset view in the AI Control Tower to explore the relationship between your AI assets and all its associated records in a distinctive visualization. This visualization provides valuable insights into how these objects interact and relate to each other within the AI asset. You can view related records such as, datasets, AI model, risks, controls, and assessments.
- AI asset offboarding workflow
- Manage AI asset changes and retirements through structured workflows that ensure compliance and reduce operational risk. Track and approve modifications to models, datasets, and systems while automatically identifying impacts on dependent assets. Initiate formal offboarding processes that remove access, close documentation, and update related controls when retiring underperforming or deprecated AI assets. Maintain complete audit trails integrated with your policy and risk frameworks to demonstrate governance continuity during lifecycle transitions.
- Deliver system-level AI risk score aggregation and visualization
- Aggregate AI system-level risk scores by integrating heatmaps and residual risk score widgets directly within your AI asset overview records. These visual tools help you to see the cumulative risk exposure and track the residual risks across the entire AI asset inventory. With this feature, you get clear, data-driven insights into the overall AI system risk posture.
- Enable AI risk and compliance views with updated content packs
- Get the dedicated AI risk and compliance views for your AI models and dataset records. With these views, you get a structured and comprehensive overview of the related risks, controls, and compliance obligations, including the refreshed content packs that feature the updated assessment questionnaires and templates that align with the latest governance frameworks and regulatory standards. Your organization can perform accurate and timely risk assessments while maintaining compliance with evolving AI governance requirements.
- Implement robust access control and AI asset management capabilities
- Apply role-based access controls across AI assets and dashboards to ensure that data access is based on user roles. You can enable employees to request access to AI assets through a governed process and enforce consistent tracking of life-cycle states (such as development, deployment, monitoring, and retirement) across all AI assets.
- Use the AI cases tab to monitor and manage AI case activity
- Gain a centralized overview of all your AI asset cases and inquiries by using the AI cases tab in the AI Risk and Compliance workspace. On this tab, you see a list of records that include the case details such as the status, priority, owner, and timeline of your AI cases. You can monitor the progression of a case, stay informed about ongoing investigations, follow up on pending actions, and ensure timely resolutions. On the tab, you can also find filtering and sorting options that help you to prioritize cases that require immediate attention.
- Filter the risk heatmap by Risk Assessment Methodology for targeted risk analysis
- Apply the Risk Assessment Methodology filter to customize the display of the risk heatmap that is based on the specific risk evaluation frameworks from the AI risk and compliance home page. You can segment and analyze the AI risks according to the risk assessment models that your organization adopts, such as the internal standards, regulatory frameworks, or industry benchmarks, so that you can understand how different risk factors are identified, scored, and distributed.
- Group control attestations
- Group control attestations by such predefined criteria as the control objectives, frameworks, or assessment cycles so that you can more efficiently manage and review attestations, reduce redundancy, and improve your visibility into the compliance status across related controls for the AI Risk and Compliance team.
- Scan and analyze updates from global regulators
- Enable the AI Risk and Compliance team to scan and interpret regulatory updates that are issued by global authorities. Your organization can stay informed about emerging compliance requirements, assess their potential impact, and take timely action.
- Manage reporting compliance posture insights on key regulations or policies
- Control the reporting of compliance posture insights that are related to key regulations and internal policies by using a setting to determine which insights are shared, their level of detail, and the reporting cadence. Your organization can align reporting outputs with regulatory obligations and internal governance requirements.
UI changes
- Coral theme
- Coral is now the default theme for new portal, web, and mobile experiences with Next Experience or Core UI enabled. This theme provides a fresh look and feel, featuring brand-neutral illustrations to enhance your user experience. A dark theme option is available for web and mobile experiences.
Changed in this release
- AI risk and compliance home page
-
The Risk and compliance tab now features dedicated Risk overview and Compliance overview sections that enable you to continuously monitor the risk and compliance posture of your AI assets.
The Risk overview section is a filtered view of your AI assets that are based on inherent and residual risk levels so that you can make informed risk evaluations. The Compliance overview section displays the regulatory risk classification of AI systems, models, and datasets through donut charts. Additionally, you can see the compliance status of your AI assets in relation to applicable authority documents and internal policies.
- Worknotes and comments in AI system records
- The AI system record now supports worknotes and comments. You can now document decisions, share updates, and provide context throughout the AI risk and compliance life-cycle. Worknotes and comments help improve the communication among stakeholders and ensure a comprehensive audit trail.
- Feature-specific administrator role enhancements
- Starting with version 21.1.1, if you have a feature admin role you can now complete tasks that were initially reserved for users with the broader administrator role.
Activation information
Install AI Risk and Compliance by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Accessibility information
- Dark theme
- The new Coral theme includes a dark theme option for web and mobile experiences. This option is commonly used to alleviate eye strain and improve readability.