Residual Risk

The risk remaining after risk-treatment measures have been applied. Distinct from inherent risk (before treatment). Residual risk must be formally accepted by the appropriate authority (typically the AI Risk Owner or AI Ethics Committee) before deployment can proceed.

Framework references

• ISO 42001 §6.1
• NIST AI RMF Manage 1.3

Relevant Responsible AI Studio tools

• /tools/ai-risk-register
• /tools/governance-dashboard

More compliance + audit terms

• AI Bill of Materials (AIBOM) →
• AI Incident →
• Algorithmic Impact Assessment (AIA) →
• Audit Trail →

See the full 80-term glossary →