AI Risk and Compliance Management release notes

  • Release version: Store
  • Updated June 11, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AI Risk and Compliance Management release notes

    The AI Risk and Compliance Management application on the ServiceNow Store provides a strategic framework to identify, assess, and mitigate risks associated with AI technologies. It supports compliance with global regulations such as GDPR and the EU AI Act by enabling ethical, transparent, and responsible AI development. The application continuously evolves through regular updates that enhance risk assessment, control management, and compliance monitoring capabilities.

    Show full answer Show less

    Key Features

    • Smart Assessment Template Versioning: Manage versions of assessment templates to ensure consistent governance across AI risk evaluations.
    • Entity-Based Access Control (EBA): Granular access control by mapping entities to users or groups, minimizing unnecessary data exposure.
    • Bulk Risk Assessment: Consolidate risk assessments for multiple AI use cases based on shared characteristics, streamlining regulatory and operational risk evaluation.
    • Automated Risk Classification: Classify AI assets automatically, supporting both managed and unmanaged assets for comprehensive risk coverage.
    • AI System-Level Risk Visualization: Aggregate risk scores and visualize them via heatmaps and residual risk widgets directly on AI asset records for proactive risk management.
    • Filterable Risk Heatmaps: Customize risk views by Risk Assessment Methodologies to analyze AI risks according to internal or regulatory frameworks.
    • Control Attestation Grouping: Organize attestations by control objectives or frameworks to enhance compliance oversight.
    • Integration with Unified Content Accelerator: Stepwise content import and review process for AI risk and compliance content.
    • Automated Impact Assessment: Triggered automatically when AI Datasets are created, enhancing risk evaluation workflows.
    • Security and Access Enhancements: Standardized query range ACLs applied platform-wide for consistent secure access, with automated upgrade support and post-upgrade review recommendations.
    • Additional AI Regulatory Frameworks: Access to authority documents, agency mappings, and citations enriches the compliance content pack.

    Key Outcomes

    • Improved Governance: Versioned templates and bulk assessments improve consistency and efficiency in AI risk evaluation.
    • Enhanced Security: Entity-based access controls and standardized ACLs reduce data exposure risks and align with least privilege principles.
    • Efficient Risk Monitoring: Aggregated risk visualizations and filtered heatmaps enable targeted, data-driven decision-making.
    • Regulatory Compliance: Support for multiple AI regulatory frameworks aids customers in meeting evolving global compliance requirements.
    • Operational Continuity: Automated upgrade scripts and fixes ensure smooth transitions and consistent functionality post updates.

    Practical Considerations for ServiceNow Customers

    Customers should review and leverage the new assessment template versioning to maintain governance consistency. The entity-based access control feature allows precise permission management, minimizing data risks. Bulk risk assessments and automated impact assessments streamline workflows, especially for organizations managing numerous AI use cases. Post-upgrade reviews are recommended when customized ACLs exist to verify security alignment. The enhanced visualization tools and integration capabilities support ongoing compliance monitoring and risk mitigation efforts effectively.

    Version history for the AI Risk and Compliance Management application on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 22.3.5 - June 2026 (Australia)
    • New:
      • Manage Smart Assessment  templates with versioning support. Create, publish, and delete template versions to support consistent assessment governance.
      • View the entity, risk, and control for each assessment directly in task and work queue lists, without opening individual records.
      • Access authority documents, agency mappings, and citations for additional AI regulatory frameworks in the AI Risk and Compliance content pack.
    • Changed:
      • Added automated impact assessment flow whenever an AI Dataset is created.
      • Standardized query range security ACLs are now applied across all tables, ensuring consistent query access for authenticated users with appropriate read permissions throughout the platform. These ACL rules are installed automatically during upgrade with no administrator action required — automated upgrade scripts handle the full transition, including detection and processing of previously customized ACLs to ensure existing configurations continue to function without interruption. If your instance includes administrator-modified query range ACLs, a post-upgrade review is recommended to confirm alignment with your intended access policies.
    • Fixed:
      • Localization & Performance issues are fixed.
      • Fixed issue w.r.t to retired controls. Retired controls are excluded from the control based widgets.
      • Fixed issue related to synchronization of AI asset life cycle tasks between AI Risk and Compliance and AICT workspace.
      • Fixed functional domain issue w.r.t indicators feature on AI asset record page.
    Version 22.2.2 - May 2026 (Australia)
    • New: Added new API logic to support AICT AINPX product changes.
    • Fixed: Fixed AI asset intake related changes.
    Version 22.1.2 - April 2026
    • New:
      • Implemented Intake form enhancements to support only ServiceNow AI for non AICT product tier product offerings.
      • Restricted the Intake form support for Enterprise AI for non AICT product tier product offerings.
    Version 22.0.3 - March 2026
    • New:
      • New Automated risk classification feature for assets.
      • Support for managed and unmanaged assets feature.
      • Handled control objective workflow changes.
      • Entity class restriction feature to support only AI asset types.
    • Changed: Adopted smart assessment template category changes.
    • Fixed: Fixed security and localisation issues.
    Version 21.1.1 - December 2025 (Zurich)
    • New:
      • Entity-based access control
        • Implemented the Entity-based Access Control feature, which facilitates object access through entities. You can map entities to specific users or user groups, enabling a granular level of access control.
        • Administrators can grant access to an entity’s related records by adding users, user groups, entity user fields, or entity user group fields, minimizing the risk of unnecessary data exposure.
        • You can now configure any user or user group field on a record to provide additional access beyond what is defined in the EBA configuration.
      • Bulk Risk Assessment
        • The Bulk Risk Assessment feature enables product owners to assess the regulatory and operational risks of multiple AI use cases in a unified workflow. Instead of reviewing and responding to risk questionnaires one by one, the system groups AI use cases with similar characteristics (such as model type, data sensitivity, and business impact) and presents a consolidated risk assessment form.
      • Integration with unified content accelerator
        • A new unified content interface shows the sequence of steps for importing related content and reviewing the selected content. This provides a step-by-step process for importing content into the product.
    • Changed:
      • Introduced an 'Active flag' in the GRC Choice table; updates to these flags are now reflected in the AI risk and compliance management application
      • Implemented the impacts of Citation to control mapping feature across the dashabords and overview pages.
    • Fixed:
      • Resolved a security vulnerability that allowed unintended edits to read-only fields.
      • Replaced hard-coded admin role dependencies with granular roles to improve security and align with least privilege principles.
    Version 21.0.1 - August 2025
    • New:
      • Deliver system level AI risk score aggregation and visualization
        • Provide aggregated AI system-level risk scoring by integrating heatmaps and residual risk score widgets directly within AI asset overview records. These visual tools help surface cumulative risk exposure and enable users to track residual risks effectively across the entire AI asset inventory. This capability supports proactive risk management by offering clear, data-driven insights into the overall AI system risk posture.
      • Filter the risk heatmap by Risk Assessment Methodology for targeted risk analysis
        • From the AI risk and compliance home page, apply the Risk Assessment Methodology filter to customize the display of the risk heatmap based on specific risk evaluation frameworks. This capability enables you to segment and analyze AI risks according to the assessment of models your organization adopts, such as internal standards, regulatory frameworks, or industry benchmarks. By narrowing the view to a particular methodology, you can better understand how different risk factors are identified, scored, and distributed, facilitating more informed decision-making. This targeted analysis supports the development of precise mitigation plans aligned with the organization's risk governance strategy.
      • Grouping control attestations
        • Control attestations can be grouped based on predefined criteria such as control objectives, frameworks, or assessment cycles. This grouping functionality enables more efficient management and review of attestations, reduces redundancy, and improves visibility into compliance status across related controls for AI Risk and Compliance team. It also supports better planning and execution of control assurance activities by organizing attestations in a logical, structured manner.
    • Changed:
      • The Risk and compliance tab features dedicated Risk overview and Compliance overview sections to support continuous monitoring of the risk and compliance posture of AI assets.
      • The Risk overview section provides a filtered view of AI assets based on inherent and residual risk levels, enabling informed risk evaluation. The Compliance overview section displays the regulatory risk classification of AI systems, models, and datasets using donut charts.
    Version 20.2.0 - June 2025
    Fixed: Added query-range ACLs for AI system and AI system tasks.
    Version 20.1.3 - May 2025
    AI Risk and Compliance involves a strategic framework designed to identify, assess, and mitigate the inherent risks associated with the development and deployment of AI technologies. As organizations increasingly rely on AI systems, it becomes essential to navigate the complexities of compliance with global regulations such as the GDPR and the EU's AI Act. This framework includes a comprehensive risk assessment process to evaluate potential challenges such as, algorithmic bias, data privacy, and transparency. It ensures that AI systems are developed and used in an ethical and responsible manner. Engaging diverse stakeholders, including ethicists and legal experts, improves the organization's ability to address the social and ethical implications of AI technologies while fostering a culture of accountability.