What is Systemic-Risk Taxonomy?

A systemic-risk taxonomy is a structured classification system used to identify, group, and describe risks that could produce broad, widespread, or cascading harms from an AI model or system. In regulation, it is important because it helps organizations decide when enhanced controls, testing, monitoring, and governance are required.

In Depth

In practice, a systemic-risk taxonomy maps risk sources into categories such as misuse, model failure, cybersecurity abuse, large-scale misinformation, or concentration of downstream harms. Compliance teams use this kind of taxonomy to make risk assessments consistent across teams, to define escalation thresholds, and to determine when additional safeguards like red-teaming, incident monitoring, or release controls are needed.

The concept is closely associated with governance for advanced and widely deployed models, especially under the EU AI Act’s GPAI with systemic risk obligations. It is also aligned with broader AI risk frameworks such as the NIST AI RMF and ISO/IEC 42001, which require organizations to identify, assess, and treat AI-related risks in a repeatable way.

Related Frameworks

EU AI ActISO/IEC 42001NIST AI RMF

Related Topics

Frontier ModelsRisk ManagementCybersecurity

Related Terms

General Purpose Ai GpaiStructured Pre Deployment TestingPostmarket Performance Evaluation

Weekly digest — coming soon

Leave your email to get the first issue when it ships. Free, no account required.

We use your email only for the digest. Privacy policy