Exploring AI Risk and Compliance

  • Release version: Zurich
  • Updated March 12, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring AI Risk and Compliance

    The AI Risk and Compliance application enables organizations to ethically manage and monitor their artificial intelligence (AI) capabilities, ensuring adherence to legal, regulatory, and ethical standards. It supports the identification, assessment, and mitigation of AI-related risks throughout the AI lifecycle—from initial use case creation to deployment and ongoing monitoring. This solution helps organizations implement responsible AI governance and maintain compliance with industry standards.

    Show full answer Show less

    Key Users and Roles

    • AI Product Owner, Business User, IT Asset Owner, AI Practitioner: Initiate AI use cases, monitor AI system performance, ensure compliance, and drive continuous improvements.
    • AI Steward: Oversees ethical AI principles such as fairness and transparency, conducts risk assessments, monitors AI lifecycle, and manages policy and compliance adherence.
    • Chief Risk Officer: Establishes frameworks for responsible AI use and manages AI strategy execution.
    • AI Risk and Compliance Analyst: Manages compliance inventories, risk statements, and dashboards, and performs risk assessments.
    • AI Risk and Compliance Admin: Configures risk and impact assessment methodologies, automates assessments, defines case types, and designs reporting templates.

    AI Risk and Compliance Workflow

    The application supports a structured process for AI asset management:

    • Submission of new AI use cases via Employee Center or AI Control Tower workspace.
    • Review and inventory addition by the AI Center of Excellence (COE) team.
    • Initiation and completion of AI impact or conformity assessments to identify risks and controls.
    • Approval of assessments followed by development and build of the AI solution.
    • Formal review including conformity assessment, issue resolution, and risk reassessment.
    • Deployment of the AI system into production after approval and ongoing monitoring for compliance and performance.

    Benefits for ServiceNow Customers

    • Centralized AI Governance: Provides a unified platform for managing AI assets and collaboration among stakeholders.
    • Responsible AI Practices: Establishes guidelines and frameworks to ensure ethical AI use, fairness, transparency, and accountability.
    • Comprehensive Risk Assessments: Automates and structures risk and impact assessments for AI systems to identify and mitigate potential issues early.
    • Scalable Monitoring: Facilitates continuous tracking of AI performance and emerging risks like privacy concerns, enabling proactive management.
    • Compliance-Ready AI Inventory: Builds and maintains an AI asset inventory aligned with regulatory requirements, enhancing audit readiness and control attestations.

    Practical Application

    ServiceNow customers can use this application to integrate AI governance into their existing workflows, ensuring that AI initiatives align with organizational goals and compliance mandates. The application supports responsible AI deployment by providing role-based access, structured assessments, issue tracking, and ongoing monitoring, thus reducing ethical and operational risks associated with AI.

    Learn how you can use the AI Risk and Compliance application to manage your artificial intelligence (AI) capabilities ethically, mitigate AI risks, and ensure compliance.

    AI Risk and Compliance overview

    The AI risk and compliance team is responsible for identifying and assessing risks associated with AI. This includes evaluating legal, regulatory, and ethical considerations to ensure that the AI capabilities are implemented responsibly. Their role is to establish guidelines and frameworks that enable the organization to adopt AI solutions while maintaining compliance with industry standards and ethical principles. The AI Risk and Compliance application enables the risk and compliance team of an organization to manage their AI capabilities and assets.

    AI Risk and Compliance users

    The users listed in the following table represent generic roles. Each of these roles may be identified by different titles and names in various organizations. For specific roles within the AI Risk and Compliance application, refer to Roles installed with AI Risk and Compliance.

    Table 1. Users
    User Description
    AI product owner, Business user, IT asset owner, AI practitioner
    • Initiates requests to create AI use cases, models, and datasets through the workspace or the Employee Center.
    • Monitors AI system performance drives continuous improvements, and assesses business impact.
    • Maintains compliance with governance, ethical, and legal standards throughout the AI product life cycle.
    • Actively engages in responsible AI practices at key development and administration points, and accesses approved AI Assets for discovery and reuse.
    AI steward
    • Ensures that the AI systems adhere to ethical principles like fairness, transparency, accountability, and non-discrimination, and regularly reviews models and outputs to help prevent harm and bias.
    • Promotes fairness in AI decision-making by identifying and addressing biases in training data, algorithms, and outcomes, and conducts periodic impact and risk assessments.
    • Oversees the entire life cycle of AI models, from ideation to retirement, and acts as a liaison between teams to integrate governance across departments, ensuring compliance with data privacy, security, and intellectual property protection.
    • Identifies and mitigates potential risks, such as privacy concerns and technological malfunctions, through regular testing, monitoring, and updates, and quickly adapts to changes in policies and regulations through workflow updates and issue management.
    Chief risk officer
    • Establishes frameworks for responsible AI use, ensuring adherence to ethical guidelines, industry regulations, and risk management policies.
    • Manages the AI strategy implementation.
    AI risk and compliance analyst Views and manages compliance and risk inventories, for example, authority documents, risk statements, policies, and controls, as well as accesses the Advanced Risk dashboards.
    AI risk and compliance admin
    • Sets up risk and impact assessment frameworks by configuring risk assessment methodologies, contribution factors, and impact templates, for example, conformity assessments.
    • Sets up automation rules for impact assessments to identify applicable AI risks and controls.
    • Defines AI case types, applies business rules for form fields and assignments, and designs reporting templates to meet business needs.

    AI Risk and Compliance workflow

    The following section describes the steps involved when an AI asset is created in the AI Control Tower application and the risks for the assets are assessed in the AI Risk and Compliance application until the asset is deployed and moves to being monitored.

    When a new AI system is introduced or enhanced, it undergoes a risk assessment and an AI impact assessment. These assessments yield scores that denote the risk levels for the AI systems. After the approval is obtained from the relevant stakeholders, the development or build phase begins. During development, controls are attested, issues are tracked and managed, and policy exceptions are raised as needed from a risk and compliance perspective. Following development, the AI system is reviewed to ensure:
    • Completion of conformity assessment
    • Review and resolution of open issues and policy exceptions
    • Reassessment of risks
    Based on these evaluations, the AI system is either approved or rejected for deployment.
    The workflow for an AI asset creation and deployment is the following:
    1. Business users use the Employee Center or the AI Control Tower workspace and submit a new AI use case.
    2. A new inventory record is automatically created in the workspace.
    3. The AI Center of Excellence (COE) team reviews the submitted use case.
    4. Relevant assets are added to the inventory to help determine if the use case should proceed to the next stage.
    5. In the AI Risk and Compliance workspace, either an AI impact assessment or an AI conformity assessment is initiated.
    6. The assigned business user completes the assessment in the workspace.
    7. Based on the assessment results, potential risks and necessary controls are identified and mapped.
    8. After the assessment is approved, the AI use case is built by the appropriate teams.
    9. The completed solution undergoes a formal review process.
    10. Ongoing monitoring is performed to ensure compliance and performance.
    11. After successful review, the solution is deployed to production.

    AI Risk and Compliance benefits

    The AI Risk and Compliance application addresses the following challenges faced by any organization that uses AI:
    • Lack of AI strategy: No commonly agreed-upon AI strategy or alignment with corporate goals.
    • No centralized management: No single platform for all stakeholders and for the Chief AI officer to collaborate and manage AI use.
    • No responsible AI guidelines: Absence of guidelines for ethical and responsible AI use.
    • No risk assessment process: No process to evaluate risks for in-house and third-party AI.
    • Scalability and monitoring issues: Challenges in scaling AI deployment, tracking performance, and continuously monitoring for emerging risks like privacy.
    The following table lists the benefits of using the AI Risk and Compliance application.
    Benefits Feature Role
    Manage AI systems, models, and datasets across their entire life-cycle with consistent governance for better visibility, control, and compliance. AI asset lifecycle AI steward
    Perform impact assessments for AI systems, models, and datasets to identify high-risk AI assets. Perform impact assessment on an AI use case The roles required are as follows:
    • AI Control Tower: AI Asset Owner
    • AI Risk and Compliance: AI Risk and Compliance User
    Perform risk assessments on AI system and individual risks associated with an AI asset based on additional information and testing. Perform risk assessments on AI systemsInitiate risk assessment on AI asset's risks AI Risk and Compliance Analyst
    Manage and oversee AI-related cases and issues through a structured case management process.

    Create an AI case in the AI Risk and Compliance workspace

    Create an AI issue in the AI Risk and Compliance workspace

    		 The roles required are as follows:
    • AI case: AI Case Analyst and AI Case Manager
    • AI issue: AI Risk and Compliance Manager and AI Risk and Compliance Analyst
    Build a compliance-ready AI asset inventory aligned with regulatory requirements using the AI framework content pack. AI Risk and Compliance Analyst

    What to explore next

    To learn more about configuring and using AI Risk and Compliance, see: