Title page

Contents

Foreword 2

Acknowledgements 3

Abstract 6

Resume 7

Ubersicht 8

Background and objectives 9

Executive summary 10

Synthese 12

Zusammenfassung 14

1. Mapping top-level interoperability between frameworks 16

1.1. OECD Due Diligence Guidance for Responsible Business Conduct (OECD DDG) 21

1.2. ISO 31000:2018 Risk Management - Guidelines (ISO 31000) and ISO/IEC 23894:2023 22

1.3. NIST AI Risk Management Framework (NIST AI RMF) 24

1.4. European Union proposal for a regulation laying down harmonised rules on AI (EU AIA) 26

1.5. Proposed Canada Artificial Intelligence and Data Act (AIDA) 28

1.6. Draft Council of Europe Human Rights, Democracy and the Rule of Law Risk and Impact Assessment (HUDERIA) 29

1.7. IEEE 7000-21 Standard Model Process for Addressing Ethical Concerns during System Design (IEEE 7000-21) 30

1.8. ISO/IEC Guide 51:2014 3rd edition (ISO/IEC Guide 51) 32

2. Conclusions 34

3. Next steps 35

Step 2. Analyse consistency, at both the conceptual and practical levels, of key concepts and terminology contained in different initiatives 35

Step 3. Translate analysis into good practice on due diligence for responsible business conduct in AI 35

Step 4. Research and analyse the alignment of certification schemes with OECD RBC and AI standards 35

Step 5. Develop an interactive online tool 36

Annex A. Presentations relevant to AI risk from the OECD.AI network of experts 37

Annex B. Discussions by OECD.AI Expert Group on risk assessment considerations 39

References 40

Notes 42

Table 1. High-level mapping of selected risk management frameworks for AI to the Interoperability Framework 20

Table 2. Mapping top-level steps of the OECD DDG to the Interoperability Framework 22

Table 3. Mapping top-level steps of ISO 31000 to the Interoperability Framework 24

Table 4. Mapping top-level steps of the NIST AI RMF to the Interoperability Framework 25

Table 5. Mapping top-level EU AIA requirements to the Interoperability Framework 28

Table 6. Mapping top-level AIDA requirements to the Interoperability Framework 29

Table 7. Mapping top-level steps of the HUDERIA to the Interoperability Framework 30

Table 8. Mapping top-level steps of the IEEE 7000-21 to the Interoperability Framework 31

Table 9. Mapping top-level steps of the ISO/IEC Guide 51 to the Interoperability Framework 33

Figure 1. High-level AI risk management interoperability framework 19

Figure 2. Graphical representation of the OECD Due Diligence Guidance for Responsible Business Conduct 21

Figure 3. Graphical representation of the ISO 31000:2018 Risk Management Guidelines 23

Figure 4. Graphical representation of NIST AI Risk Management Framework 25

Figure 5. Graphical representation of the proposed EU AI Act risk classification 26

Figure 6. ISO/IEC Guide 51 Risk Assessment and Reduction Process 32

Boxes

Box 1. What is trustworthy AI? 18

Annex Tables

Table A.1. OECD.AI expert presentations 37

Annex Figures

Figure B.1. Discussions by OECD.AI Expert Group on risk assessment considerations 39