AI Risk and Compliance release notes

  • Release version: Yokohama
  • Updated March 26, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AI Risk and Compliance release notes

    The ServiceNow AI Risk and Compliance application, introduced in the Yokohama release, helps organizations ethically manage their artificial intelligence (AI) capabilities, mitigate AI-related risks, and ensure regulatory compliance. It provides comprehensive governance for AI systems, models, and datasets throughout their entire life cycle, enhancing visibility, control, and accountability in AI operations.

    Show full answer Show less

    Key Features

    • AI Asset Lifecycle Management: Centralizes management of AI assets from selection through development, deployment, and monitoring, ensuring consistent governance and improved traceability.
    • Impact Assessments: Identifies how AI systems affect fundamental rights and detects risks such as bias, privacy breaches, misinformation, and copyright concerns.
    • Risk Management: Enables detailed risk assessments on individual risks associated with AI assets, supporting targeted risk mitigation.
    • Case Management: Provides structured tracking and resolution of AI-related cases and incidents to maintain accountability.
    • AI Framework Content Pack: Supplies regulatory-aligned templates and mappings (e.g., EU AI Act, NIST AI RMF) to help build a compliance-ready AI asset inventory.
    • AI Risk and Compliance Workspace: Offers a centralized dashboard to view risk classifications, compliance status, AI asset states, assessments, and control attestations, with reporting capabilities for leadership.
    • 360° Relationship Visualization: Displays connections among AI assets, controls, risks, and issues to enhance understanding of impact across the enterprise.
    • Collaboration Tools: Facilitates internal discussions on ethical, transparency, and accountability aspects of AI assets to support informed decision-making.

    Roles and Permissions

    The application includes specific roles tailored to managing AI governance:

    • AI Risk and Compliance Admin: Configures the application and manages AI system deletions.
    • AI Risk and Compliance Manager: Initiates impact and risk assessments, manages AI system life cycle, and performs control attestations.
    • AI Risk and Compliance Analyst: Performs assessments and management tasks on assigned records.
    • AI Risk and Compliance User: Creates AI cases and performs control attestations through the Employee Center.
    • AI Risk and Compliance Reader: Has read-only access to AI systems and assessments.

    Activation and Integration

    The AI Risk and Compliance application is available through the ServiceNow Store and requires installation via a request. It can be used alongside the AI Control Tower application to effectively manage the AI asset inventory life cycle and governance activities.

    The ServiceNow® AI Risk and Compliance application to manage your artificial intelligence (AI) capabilities ethically, mitigate AI risks, and ensure compliance. AI Risk and Compliance is a new application in the Yokohama release.

    AI Risk and Compliance highlights for the Yokohama release

    • Manage AI systems, models, and datasets across their entire life-cycle with consistent governance for better visibility, control, and compliance.
    • Perform impact assessments for AI systems, models, and datasets to identify high-risk AI assets.
    • Perform risk assessments on individual risks associated with an AI asset based on additional information and testing.
    • Manage and oversee AI-related cases and incidents through a structured case management process.
    • Build a compliance-ready AI asset inventory aligned with regulatory requirements using the AI framework content pack.

    See AI Risk and Compliance for more information.

    Important:
    AI Risk and Compliance is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    AI Risk and Compliance features

    AI asset lifecycle management
    Manage the complete life-cycle of AI assets, from selecting appropriate AI systems to developing, deploying, and monitoring AI models and datasets. This feature helps maintain a centralized inventory, confirms consistent governance practices, and improves traceability and oversight across all stages of AI development and usage.
    Perform impact assessment on an AI use case
    Perform impact assessments to identify how AI systems, models, and datasets affect fundamental rights. This feature detects potential risks, such as copyright issues, algorithmic bias, privacy breaches, misinformation, and surveillance concerns, to support better oversight and risk management.
    AI asset inventory risk management
    Identify individual and specific risks associated with AI assets, such as AI systems, models, and datasets. Perform risk assessments on each identified risk separately.
    AI case management
    Manage and track cases or incidents related to AI use cases across the organization. This feature provides a structured approach to documenting, investigating, and resolving AI-related issues and cases, supporting consistent oversight and accountability.
    AI framework content pack
    Use the default AI framework content pack to prepare a compliance-ready inventory of AI assets. The content pack provides mappings to key AI regulations and standards, such as the European Union AI Act and the National Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF). This feature helps organizations to align AI governance activities with regulatory requirements.
    AI Risk and Compliance workspace
    See a comprehensive overview of all your AI inventory-related information in the AI Risk and Compliance workspace. The AI Risk and Compliance workspace enables you to:
    • Identify the risk classification of AI asset inventory.
    • Identify the compliant and noncompliant controls for authority documents and policies.
    • View AI systems based on state and department.
    • View the AI assessments and risk assessments information.
    • View information related to the control attestation, indicators, AI issues, AI cases, and policy exceptions.
    • Generate report to help leaders identify, assess, and mitigate risks.
    360° Relationship Visualization of AI assets
    Explore the relationships between critical AI assets that impact your business, including controls, risks, and issues.
    Collaborate with internal users
    Collaborate with internal users by starting chats focused on the ethical, transparency, and accountability aspects of AI assets. Use discussions to document considerations, share feedback, and drive informed decision-making throughout the AI asset life-cycle.
    Roles installed with AI Risk and Compliance
    The following roles related to AI Risk and Compliance for managing AI systems across the enterprise were added:
    • AI Risk and Compliance Admin [sn_grc_ai_gov.ai_risk_and_compliance_admin]: Configure AI Risk and Compliance and delete AI systems.
    • AI Risk and Compliance Manager [sn_grc_ai_gov.ai_risk_and_compliance_manager]: Initiate impact assessment, risk assessment, and control attestations. Manage the life cycle of the AI system.
    • AI Risk and Compliance Analyst [sn_grc_ai_gov.ai_risk_and_compliance_analyst]: Initiate impact assessment, risk assessment, and control attestations. Manage the life cycle of the AI system.
      Note:
      AI Risk and Compliance Analyst can perform these actions only on the records assigned to them.
    • AI Risk and Compliance User [sn_grc_ai_gov.ai_risk_and_compliance_business_user]: Create an AI case on the Employee Center and work on the assigned tasks. Perform control attestations.
    • AI Risk and Compliance Reader [sn_grc_ai_gov.ai_risk_and_compliance_reader]: Read the AI systems and AI impact assessments.

    Activation information

    Install AI Risk and Compliance by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Related ServiceNow applications and features

    Use the AI Control Tower application with AI Risk and Compliance to manage AI asset inventory life cycle.