Risk and compliance tab in AI Control Tower

  • Release version: Australia
  • Updated May 28, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Risk and compliance tab in AI Control Tower

    The Risk and compliance tab in AI Control Tower provides ServiceNow customers with an integrated view of the risk classification and compliance posture of their AI assets, including AI systems, models, and datasets. This tab helps organizations monitor, evaluate, and manage the effectiveness, reliability, and regulatory compliance of their AI initiatives according to relevant standards and policies.

    Show full answer Show less

    Key Features

    • Compliance Overview: Visualizes compliance scores and risk classifications using donut charts. Risk levels are categorized as High, Medium, Low, or Unacceptable based on AI asset assessments.
    • Compliance by Authority Documents and Policies: Displays compliance based on controls implemented across multiple recognized frameworks such as:
      • NIST AI Risk Management Framework (covering map, measure, manage, govern citations)
      • EU Artificial Intelligence Act (chapter-based citations)
      • Transparency in Frontier AI Act (SB 53)
      • Colorado Artificial Intelligence Act (SB 205)
      Customers can filter by either authority documents or policies, view overall compliance scores, and identify issues needing immediate attention.
    • Risk Overview: Tracks and filters risk posture by AI asset type, showing aggregated risk scores for AI systems and an interactive risk heatmap. The heatmap can be filtered by residual or inherent risk, risk classification, control effectiveness, impact, likelihood, and available risk assessment methodologies.
    • Regulatory Landscape Overview: Requires the installation of the GRC: Regulatory Change Management application to access this section, which includes alerts, change task distributions, and regulatory impact or risk assessments linked to changes.
    • Customization: Customers can configure which authority documents and policies appear on the dashboard home page to tailor compliance monitoring to their organizational needs.

    Practical Benefits for ServiceNow Customers

    • Enables centralized visibility into AI asset risks and compliance status, facilitating proactive risk management.
    • Supports adherence to multiple regulatory frameworks and industry standards through integrated compliance tracking.
    • Provides actionable insights via filters, visualizations, and issue tracking for timely remediation and governance.
    • Helps align AI development and deployment with organizational policies and external legal requirements.
    • Facilitates ongoing monitoring of regulatory changes and their impact on AI risk and compliance through integration with regulatory change management capabilities.

    The Risk and compliance tab on the AI Control Tower displays the risk classification of AI assets and the compliance posture for selected authority documents and policies.

    AI assets refer to the various components and resources that are essential for the development, deployment, and operation of artificial intelligence systems. These assets can include:

    1. AI systems: The complete software or hardware infrastructure that runs AI algorithms and processes. This can include machine learning platforms, natural language processing systems, and other AI-driven applications.
    2. AI models: The mathematical and computational models that are trained on data to perform specific tasks. These models can range from simple linear regression models to complex deep learning neural networks.
    3. AI datasets: The collections of data used to train, validate, and test AI models.

    For more information, see AI systems, AI models, and Datasets.

    Understanding and managing these AI assets is crucial for ensuring that AI systems are effective, reliable, and compliant with regulatory and ethical standards as defined by your organization.

    The Risk and compliance dashboard has the following sections. You can drill down into the data on each widget in any section.

    Compliance overview

    Regulatory risk classification
    This section displays the risk classifications of AI systems, AI models, and Datasets using donut charts. The risks are qualitatively classified as High, Low, Medium, and Unacceptable. These classifications are based on the risk assessments of the AI assets.
    Compliance by authority documents and policies
    The section shows compliance based on controls implemented. By default, the compliance scores are displayed for the following frameworks that are provided in the library:
    • NIST AI Risk Management Framework: This framework displays the four key associated citations, namely map, measure, manage, and govern. Each citation's compliance score is displayed based on its control attestations.
    • EU Artificial Intelligence Act: This framework has multiple chapters that are displayed as citations and child citations. Each citation is mapped to a control objective to provide you with a compliance percentage score.
    • Transparency in Frontier Artificial Intelligence Act (SB 53): Covers transparency and safety requirements for frontier AI system developers.
    • Colorado Artificial Intelligence Act (SB 205): Covers requirements for developers and deployers of high-risk AI systems.

    You can choose to view compliance data by selecting one of two options: Authority Documents or Policies. Additionally, you can view the overall compliance score percentage, along with the number of compliant and non-compliant authority documents and policies, by using the drop-down filter to select specific authority documents or policies. You can also see all the issues that require immediate attention and AI cases related to each authority document or policy.

    The authority documents are provided solely for informational and guidance purposes to assist with the initial setup of AI Risk and Compliance frameworks. It does not constitute legal advice or assurance of regulatory compliance. You are solely responsible for ensuring that all use of the content complies with applicable laws, regulations, directives, and industry standards in their jurisdictions.

    Note:
    You can configure which authority documents and policies you want to display on the home page. For more information, see Set up properties for compliance posture.

    Risk overview

    This section monitors and tracks the risk posture of the AI assets in your organization. Using the AI asset filter, you can filter risk posture insights by the type of AI asset inventory.

    AI systems by aggregated risk score
    This section displays the classifications of AI systems by aggregated risk score using a donut chart. The risk scores are qualitatively classified as High and Low.
    Risk heatmap
    The Risk heatmap widget displays the visualization of all identified risks within the AI assets. By default, the Residual risk filter is applied, but you can filter the heatmap based on Inherent risk. The heatmap is segmented, and the segmentation changes based on the filter. The activities fall under the respective combination of risk and control effectiveness, or impact and likelihood. The combination is based on the selected risk classification filter. You can filter the risk heatmap by Risk Assessment Methodology (RAM)when more than one methodology is available.

    Regulatory landscape overview

    You need to install GRC: Regulatory Change Management application to see this section. For more information, see Installing Regulatory Change Management.

    Overview
    • Alerts

      This section displays the risk classifications of AI systems, AI models,and AI datasets using donut charts.

    • Change tasks

      This section displays the distribution of regulatory change tasks by workflow state or lifecycle phase using a donut chart.

    Assessments
    This section displays the regulatory impact assessments and risk assessments linked to regulatory changes using a donut chart. By default, regulatory assessments filter is applied, but you can change it to risk assessments.

    The following image shows the Risk and compliance dashboard.

    Figure 1. Risk and compliance dashboard
    The dashboard monitors and manages the risk and compliance posture of the AI assets in your organization.

    For more information, see AI Risk and Compliance documentation.