![$hero_image['alt']](https://partnershiponai.org/wp-content/uploads/2026/05/risk-management-1800x832-1.webp)
AI systems are poised to transform every industry, offering powerful opportunities for value creation, productivity, and innovation. In one survey of business leaders, 88% of respondents reported regular use of AI in at least one business function. Nearly half of organizations with $5B in revenue report that AI use has passed the pilot phase, with 10% reporting AI use as fully scaled. However, more than half of respondents from organizations using AI say they have experienced at least one negative consequence.
We have seen AI systems “hallucinate” key data, leak proprietary information, give customers incorrect guidance, and more. In several instances, companies that laid off workers because of AI have had to scramble to rehire when those systems proved less than fully trustworthy. These instances are serious, but could be mere footnotes compared to the future potential of AI to disrupt business models, impair financial performance, and harm people and society.
Business risks related to AI can be difficult to anticipate and understand. They can be generated internally when a company deploys AI itself, and externally when other entities deploy AI. They can quickly snowball into regulatory, competitive, operational, and reputational impacts.
This is why, as our CEO Rebecca Finlay set out earlier this year: corporate AI governance matters now more than ever.
To support companies in the practical implementation of AI governance, Partnership on AI is publishing the draft Corporate AI Risk Assessment Framework.
The Corporate AI Risk Assessment Framework
There are clear advantages to being an early mover in AI governance. Companies that proactively assess and manage issues can ensure compliance with evolving regulations, manage liability risk, foster trust, limit operational disruptions, and improve competitive positioning.
A growing range of resources support AI risk assessment practices, including formal frameworks from ISO, NIST, and the OECD. However, we continue to hear that companies need help moving from a nebulous and theoretical approach to AI risk management to one that is precise, practical, and actionable. The Corporate AI Risk Assessment Framework:
- Offers a practical resource for Boards, senior executives, and employees in corporate-level roles—including strategy, governance, compliance, risk, policy, and investor relations—to improve the identification, prioritization, and management of AI-related risks.
- Can be used by investors to understand which questions to ask companies and to convey their expectations on the responsible design, development, deployment, and use of AI systems. Use of this Framework by both companies and investors will enhance the quality and focus of dialogue on AI.
- Identifies the substance of risk—such as the key issues, topics, and activities to address—rather than specifying a particular management process or system. It directly supports the use of formal risk management frameworks by identifying the substance (what should be assessed and managed) to complement the process (how to assess and manage).
This Framework is intended for use at the corporate level—rather than at the AI system level—and to cover a company’s entire upstream and downstream value chain, as well as its own operations.
This company-wide approach to risk assessment means that insights gained from using this Framework can inform disclosures made in formal financial and sustainability reports. Risk assessment practices can also be embedded into existing company processes, such as enterprise risk management, materiality assessments, and human rights due diligence.
What’s Next
The risks of AI have shifted rapidly from the general and ill-defined to the very real and very present. These include the advanced capacity of AI to discover security vulnerabilities in operating systems, the growing deployment of AI in worker recruitment and development, and the use of content-generation tools to create dangerous and illegal content. It is clear that proactive risk management approaches are needed to address these challenges.
The Corporate AI Risk Assessment Framework includes issues across PAI’s areas of expertise, such as labor impacts, transparency recommendations, and synthetic media. We plan to refine the Framework over time based on feedback from the PAI community and beyond, as well as developments in the field.
We are seeking feedback on the practical use of the Framework to understand if it supports enterprise risk management, if the right topics are included, and how it can sharpen investor due diligence.
Feedback will inform future iterations of the Framework and guide the development of new resources, such as best practices compilation, “how to” guides, or disclosure recommendations.
If you have additional comments or would like to test implementation of the Corporate AI Risk Assessment Framework, please get in touch with Sam Wallace at sam@partnershiponai.org.