AI Risk and Compliance release notes

  • Release version: Yokohama
  • Updated March 26, 2025
  • 3 minutes to read

    • The ServiceNow® AI Risk and Compliance application to manage your artificial intelligence (AI) capabilities ethically, mitigate AI risks, and ensure compliance. AI Risk and Compliance is a new application in the Yokohama release.

    AI Risk and Compliance highlights for the Yokohama release

    • Manage AI systems, models, and datasets across their entire life-cycle with consistent governance for better visibility, control, and compliance.
    • Perform impact assessments for AI systems, models, and datasets to identify high-risk AI assets.
    • Perform risk assessments on individual risks associated with an AI asset based on additional information and testing.
    • Manage and oversee AI-related cases and incidents through a structured case management process.
    • Build a compliance-ready AI asset inventory aligned with regulatory requirements using the AI framework content pack.

    See for more information.

    Important:
    AI Risk and Compliance is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    AI Risk and Compliance features

    AI asset lifecycle management
    Manage the complete life-cycle of AI assets, from selecting appropriate AI systems to developing, deploying, and monitoring AI models and datasets. This feature helps maintain a centralized inventory, confirms consistent governance practices, and improves traceability and oversight across all stages of AI development and usage.
    Perform impact assessments to identify how AI systems, models, and datasets affect fundamental rights. This feature detects potential risks, such as copyright issues, algorithmic bias, privacy breaches, misinformation, and surveillance concerns, to support better oversight and risk management.
    AI asset inventory risk management
    Identify individual and specific risks associated with AI assets, such as AI systems, models, and datasets. Perform risk assessments on each identified risk separately.
    AI case management
    Manage and track cases or incidents related to AI use cases across the organization. This feature provides a structured approach to documenting, investigating, and resolving AI-related issues and cases, supporting consistent oversight and accountability.
    AI framework content pack
    Use the default AI framework content pack to prepare a compliance-ready inventory of AI assets. The content pack provides mappings to key AI regulations and standards, such as the European Union AI Act and the National Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF). This feature helps organizations to align AI governance activities with regulatory requirements.
    See a comprehensive overview of all your AI inventory-related information in the AI Risk and Compliance workspace. The AI Risk and Compliance workspace enables you to:
    • Identify the risk classification of AI asset inventory.
    • Identify the compliant and noncompliant controls for authority documents and policies.
    • View AI systems based on state and department.
    • View the AI assessments and risk assessments information.
    • View information related to the control attestation, indicators, AI issues, AI cases, and policy exceptions.
    • Generate report to help leaders identify, assess, and mitigate risks.
    360° Relationship Visualization of AI assets
    Explore the relationships between critical AI assets that impact your business, including controls, risks, and issues.
    Collaborate with internal users
    Collaborate with internal users by starting chats focused on the ethical, transparency, and accountability aspects of AI assets. Use discussions to document considerations, share feedback, and drive informed decision-making throughout the AI asset life-cycle.
    The following roles related to AI Risk and Compliance for managing AI systems across the enterprise were added:
    • AI Risk and Compliance Admin [sn_grc_ai_gov.ai_risk_and_compliance_admin]: Configure AI Risk and Compliance and delete AI systems.
    • AI Risk and Compliance Manager [sn_grc_ai_gov.ai_risk_and_compliance_manager]: Initiate impact assessment, risk assessment, and control attestations. Manage the life cycle of the AI system.
    • AI Risk and Compliance Analyst [sn_grc_ai_gov.ai_risk_and_compliance_analyst]: Initiate impact assessment, risk assessment, and control attestations. Manage the life cycle of the AI system.
      Note:
      AI Risk and Compliance Analyst can perform these actions only on the records assigned to them.
    • AI Risk and Compliance User [sn_grc_ai_gov.ai_risk_and_compliance_business_user]: Create an AI case on the Employee Center and work on the assigned tasks. Perform control attestations.
    • AI Risk and Compliance Reader [sn_grc_ai_gov.ai_risk_and_compliance_reader]: Read the AI systems and AI impact assessments.

    Activation information

    Install AI Risk and Compliance by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Related ServiceNow applications and features

    Use the AI Control Tower application with AI Risk and Compliance to manage AI asset inventory life cycle.