• qa_deck_100#slide 93 · Standards and policy interoperability

RAIDT connects to the NIST AI RMF as an operational evidence layer rather than as a rival framework. In the policy-pathways paper, the NIST AI RMF is described as a practical, voluntary structure for identifying, assessing, treating, and governing AI risk, while RAIDT translates those expectations into inspectable artefacts for one configured generative AI use. RAIDT therefore takes what NIST asks organisations to do at framework level and expresses it through the run as the unit of governance, a run-level evidence pack, and a score profile. This is important because the papers argue that contemporary governance instruments create strong expectations around documentation, oversight, monitoring, and review, yet they do not by themselves standardise the evidentiary unit needed to reconstruct a specific use event.

The connection is clearest when the NIST functions are mapped onto RAIDT's five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability). Responsibility supports Map and Govern by recording purpose, role allocation, constraints, and oversight. Auditability and Traceability make Measure concrete through logs, provenance, retrieval snapshots, hashes, and version identifiers. Dependability supports Manage through repeat-run testing, monitoring of variance or drift, and clear failure thresholds. Interpretability strengthens Govern because outputs, limits, and uncertainty must be intelligible across stakeholder groups. The resulting score profile, using anchors 1=missing / 3=partial / 5=audit-ready, gives NIST-style risk management a repeatable evidential basis. In RAIDT terms, NIST provides the governance logic, while RAIDT supplies the reusable proof object that lets audit, procurement, and challenge operate on actual runs rather than policy assertions alone.

A public-service team uses generative AI to interpret eligibility rules for a welfare query. Under the NIST AI RMF, the organisation first maps the risk of giving incorrect or contestable advice, then measures whether the system can justify the rule interpretation, manages the risk through controls, and governs the process through oversight. RAIDT operationalises this by storing a run-level evidence pack for the interaction: prompt version, model version, retrieved rule passages, document identifiers, hashes, staff role, and review steps.

If the retrieval snapshot is missing, the run may still look persuasive, but the score profile will expose weak Auditability or Traceability. That creates a concrete management response: the service can require retrieval logging, set a minimum threshold before use in frontline advice, and treat retrieval augmentation and structured prompting as influence methods as governance interventions. In this way, RAIDT connects NIST's broad risk functions to evidence that an auditor, manager, or complaint handler can actually inspect.

• 10-RAIDT_Policy_Pathways_M_V50
• 14-RAIDT-Policy-Motivation_M_v11