Draft AI Risk Framework Published by Partnership on AI

Boards get a draft map for AI risk.

The Partnership on AI has published a draft Corporate AI Risk Assessment Framework to help companies turn governance theory into practical action as AI becomes embedded in every function. The move comes amid a rapid and uneven ascent of AI in business: a recent survey shows 88 percent of leaders already use AI in at least one function, with nearly half of firms earning at least five billion dollars reporting that AI use has moved beyond pilots, and 10 percent saying AI is fully scaled. Yet the same research highlights a concrete tension: more than half of respondents say AI deployments have produced at least one negative outcome.

The framework arrives as a reminder that the upside of AI is matched by real, diverse risks. The authors point to familiar but stubborn failure modes: models that hallucinate key data, leak proprietary information, or give customers incorrect guidance. These problems are not abstract theoretical risks but concrete operational hazards that can upend trust, damage reputations, and create regulatory or financial liabilities. And they are not only internal threats; external deployments by suppliers, partners, or competitors can ripple back to affect a company’s risk picture. The draft underscores that governance must be exercised across the entire lifecycle of an AI system, not just at the moment of deployment.

The framing from the Partnership on AI is anchored by a blunt assessment from the field: governance matters now more than ever. The organization notes that while AI can unlock productivity, innovation, and new value, it also creates a moving target for risk management. Rebecca Finlay, the partnership’s chief executive, has been clear that corporate AI governance needs to move from high level talk to concrete, auditable practices. The draft framework is positioned as a tool to guide boards, executives, and risk officers in mapping responsibilities, defining risk appetite, and establishing practical controls around model development, data governance, vendor risk, and deployment oversight.

For compliance officers and technology leaders, the document is a nudge to confront the realities of AI in the boardroom. The numbers tell a story of uneven adoption and mismatch between pilot success and scale. A governance framework that helps translate risk into repeatable processes could help prevent the kind of missteps that lead to costly rehires after layoffs driven by overconfident, overreliant AI systems. It also signals that governance, to be effective, must be embedded in cross-functional teams rather than siloed in compliance or IT alone. The drafting party emphasizes practical steps: clear accountability, ongoing risk assessments, documentation of decisions, and mechanisms that enable timely remediation when issues surface.

Two practitioner takeaways stand out. First, there is a clear tradeoff between speed and control. Organizations that accelerate AI deployment risk underinvesting in governance; those that overcorrect on process may slow innovation and erode competitive edge. Second, the draft highlights the need for end-to-end risk visibility. This means not only monitoring models in production but ensuring data provenance, data quality controls, and vendor risk assessments are integrated into enterprise risk management. As AI tools become core operating assets, the framework could become a common reference point for audits, regulatory conversations, and vendor oversight.

What to watch next: how the final version of the Corporate AI Risk Assessment Framework will translate from draft to enterprise standard, and whether follow-on guidance will tighten expectations for governance, testing, and post-deployment monitoring. Compliance and technology leaders should stay alert for how the framework links to real-world controls, vendor risk criteria, and cross-functional oversight that spans data stewardship, model governance, and operational risk.