# Measurement is part of responsible AI governance

> The NIST AI Risk Management Framework places measurement inside an ongoing cycle of governing, mapping, measuring, and managing AI risk.

*Published 2026-06-13 · canonical: https://promptleash.com/research/measurement-is-part-of-responsible-ai-governance*

_Evidence status: a PromptLeash review of external research, not original PromptLeash research or a customer benchmark._

## What the evidence indicates
- Responsible AI risk management is an ongoing organisational activity, not a one-time compliance exercise.
- NIST organises the work into Govern, Map, Measure, and Manage functions.
- Measurement needs to connect technical evidence, context, impact, and accountable decisions.

## Implications for transformation leaders
- Make governance evidence usable by both technical teams and organisational leaders.
- Track whether controls and capabilities improve as AI use changes.
- Use measurement to decide what to manage next, rather than treating reporting as the endpoint.

## Limitations
- The AI RMF is voluntary guidance and does not replace applicable legal or regulatory obligations.
- NIST does not prescribe a single maturity score or implementation sequence.
- PromptLeash methodology is informed by, but is not endorsed or certified by, NIST.

## Original sources
- [Artificial Intelligence Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework) — National Institute of Standards and Technology (2023-01-26)
- [NIST AI RMF Playbook](https://airc.nist.gov/airmf-resources/playbook/) — National Institute of Standards and Technology (2023-01-26)