The reviewed record of science sign in
Pith

arxiv: 2607.02197 · v1 · pith:WEHBHHKE · submitted 2026-07-02 · cs.CY · cs.AI· cs.CR

Overview of Risk Assessment and Management for Intelligent Systems under the AI Act and Beyond

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel 2026-07-03 05:57 UTCgrok-4.3pith:WEHBHHKErecord.jsonopen to challenge →

classification cs.CY cs.AIcs.CR
keywords AI risk assessmentAI Actrisk managementregulatory landscapeintelligent systemsethical risksmethodological gapsbest practices
0
0 comments X

The pith

AI systems require systematic risk assessment and management to meet emerging global regulations.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper reviews the worldwide regulatory landscape driving the need for rigorous AI risk assessment. It characterizes the spectrum of AI-related risks from technical failures to ethical and social impacts. The work examines key risk assessment and management methodologies for AI systems and highlights best practices while identifying methodological gaps. A sympathetic reader would care because these approaches aim to support safe and reliable deployment of AI under frameworks like the AI Act.

Core claim

This paper presents an overview of AI risk assessment and management methodologies. It begins by reviewing the worldwide regulatory landscape that drives the need for systematic AI risk assessment, then characterizes the spectrum of AI-related risks identified in the literature from technical failures to ethical and social impacts, reviews key risk assessment methodologies proposed for AI systems focusing on general frameworks, and highlights best practices while illuminating methodological gaps for further research.

What carries the argument

The spectrum of AI-related risks and the general frameworks for risk assessment and management in AI systems.

If this is right

  • Developers of AI systems must incorporate risk identification and analysis to achieve regulatory compliance.
  • Adoption of reviewed best practices can reduce technical failures and ethical impacts in deployed systems.
  • Addressing the identified methodological gaps will improve the reliability of AI risk management overall.
  • Global regulatory frameworks will benefit from standardized approaches derived from the reviewed methodologies.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The overview could serve as a starting point for creating unified risk assessment tools applicable across different AI domains.
  • Connections to risk practices in established fields such as cybersecurity or engineering safety may address some gaps.
  • Empirical testing of the reviewed methodologies on real-world AI deployments could quantify the practical impact of the gaps.

Load-bearing premise

The selected literature and regulatory examples provide a sufficiently complete and unbiased representation of current AI risk assessment practice.

What would settle it

A comprehensive survey of AI risk methodologies that covers all identified gaps with no remaining deficiencies would falsify the paper's claim of significant areas needing further research.

Figures

Figures reproduced from arXiv: 2607.02197 by Alvaro Ortigosa, Aythami Morales, Francisco Jurado, Javier Irigoyen, Julian Fierrez, Roberto Daza, Ruben Tolosana, Ruben Vera-Rodriguez.

Figure 1
Figure 1. Figure 1: Overview of AI risk assessment as a module in the context of a general responsible AI framework. [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
read the original abstract

The society and emerging risk-based regulatory frameworks for AI underscore the need for rigorous risk assessment to ensure safe and reliable AI systems. In response to this imperative, this paper presents an overview of AI risk assessment (identification and analysis) and management methodologies. It begins by reviewing the worldwide regulatory landscape that drives the need for systematic AI risk assessment. Then we characterize the spectrum of AI-related risks identified in the literature, from technical failures to ethical and social impacts. Subsequently, it reviews key risk assessment methodologies proposed for AI systems, focusing on general frameworks. The paper highlights best practices and illuminates methodological gaps, highlighting areas for further research on AI risk assessment.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 2 minor

Summary. The paper presents an overview of AI risk assessment (identification and analysis) and management methodologies. It begins by reviewing the worldwide regulatory landscape that drives the need for systematic AI risk assessment, then characterizes the spectrum of AI-related risks from technical failures to ethical and social impacts, reviews key risk assessment methodologies proposed for AI systems with a focus on general frameworks, and concludes by highlighting best practices and methodological gaps for further research.

Significance. If the coverage of regulations, risks, and methodologies is representative, the overview would provide a timely synthesis connecting emerging risk-based frameworks such as the AI Act to practical assessment approaches. By illuminating gaps, it could usefully direct future work on rigorous risk management for intelligent systems and serve as a reference for aligning development practices with regulatory expectations.

minor comments (2)
  1. Abstract: the phrasing 'this paper presents an overview... Subsequently, it reviews...' repeats 'it' in a way that could be tightened for conciseness and flow.
  2. The manuscript would benefit from an explicit statement of selection criteria for the reviewed methodologies and regulatory examples to help readers assess the scope of the overview.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for their thorough review and positive recommendation to accept the manuscript. We appreciate the recognition that the overview provides a timely synthesis connecting regulatory frameworks such as the AI Act to practical risk assessment approaches.

Circularity Check

0 steps flagged

No significant circularity: survey paper with no derivations or self-referential claims

full rationale

This is a survey/overview paper that reviews external regulatory frameworks, literature on AI risks, and existing methodologies. It contains no equations, fitted parameters, predictions, or derivation chains. The central claim is simply that the paper presents an overview of selected material; this does not reduce to any input by construction. No self-citation is load-bearing for any result, and no uniqueness theorems or ansatzes are invoked. The paper is self-contained as a literature review against external sources.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No free parameters, axioms, or invented entities are introduced; the work is a descriptive survey.

pith-pipeline@v0.9.1-grok · 5664 in / 889 out tokens · 20639 ms · 2026-07-03T05:57:41.254679+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

44 extracted references · 44 canonical work pages · 2 internal anchors

  1. [1]

    Ethics guidelines for trustworthy AI,

    M. Cannarsa, “Ethics guidelines for trustworthy AI,”The Cambridge Handbook of Lawyering in the Digital Age, pp. 283–297, 2021

  2. [2]

    Human-centric multimodal machine learning: Recent advances and testbed on AI-based recruitment,

    A. Pe ˜naet al., “Human-centric multimodal machine learning: Recent advances and testbed on AI-based recruitment,”SN Computer Science, vol. 4, no. 5, p. 434, June 2023

  3. [3]

    Connecting the dots in trustworthy artificial intelligence: From AI principles, ethics, and key requirements to responsible AI systems and regulation,

    N. D ´ıaz-Rodr´ıguez, J. Del Ser, M. Coeckelbergh, M. L. de Prado, E. Herrera-Viedma, and F. Herrera, “Connecting the dots in trustworthy artificial intelligence: From AI principles, ethics, and key requirements to responsible AI systems and regulation,”Information Fusion, vol. 99, p. 101896, 2023

  4. [4]

    Regulation (EU) 2024/1689 of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act),

    European Parliament and Council of the European Union, “Regulation (EU) 2024/1689 of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act),” Official Journal of the European Union, L 2024/1689, Jul. 2024. [Online]. Available: https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng

  5. [5]

    General Data Protection Regulation (GDPR),

    European Parliament and Council of the European Union, “General Data Protection Regulation (GDPR),” Regulation (EU) 2016/679, Official Journal of the European Union, L 119, Apr. 2016, [Online]. Available: EUR-Lex

  6. [6]

    Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence,

    Office of Management and Budget, “Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence,” Memorandum M-24-10, Executive Office of the President, Mar. 2024, [Online]. Available: White House PDF

  7. [7]

    Artificial Intelligence in Software as a Medical Device,

    U.S. Food and Drug Administration, “Artificial Intelligence in Software as a Medical Device,” Mar. 2025, [Online]. Available: FDA AI SaMD page

  8. [8]

    Algorithmic Impact Assessment Tool,

    Government of Canada, “Algorithmic Impact Assessment Tool,” 2025. [Online]. Available: https://www.canada.ca/en/government/system/ digital-government/digital-government-innovations/responsible-use-ai/ algorithmic-impact-assessment.html

  9. [9]

    Interim Measures for the Administration of Generative Artificial Intelligence Services,

    CAC et al., “Interim Measures for the Administration of Generative Artificial Intelligence Services,” Jul. 2023, order No. 15. [Online]. Avail- able: https://www.cac.gov.cn/2023-07/13/c 1690898327029107.htm

  10. [10]

    Model Artificial Intelligence Governance Framework,

    PDPC Singapore and IMDA, “Model Artificial Intelligence Governance Framework,” PDPC Singapore and IMDA, Tech. Rep., Jan

  11. [11]

    Available: https://www.pdpc.gov.sg/-/media/files/pdpc/ pdf-files/resource-for-organisation/ai/sgmodelaigovframework2.pdf

    [Online]. Available: https://www.pdpc.gov.sg/-/media/files/pdpc/ pdf-files/resource-for-organisation/ai/sgmodelaigovframework2.pdf

  12. [12]

    A Pro-Innovation Approach to AI Regulation,

    DSIT, “A Pro-Innovation Approach to AI Regulation,” HM Government, Tech. Rep. CP 815, Mar. 2023. [Online]. Available: https://www.gov.uk/government/publications/ ai-regulation-a-pro-innovation-approach/white-paper

  13. [13]

    Responsible AI #AIForAll: Approach Document for India, Part 1 – Principles for Responsible AI,

    NITI Aayog, “Responsible AI #AIForAll: Approach Document for India, Part 1 – Principles for Responsible AI,” NITI Aayog, Tech. Rep., Feb. 2021. [Online]. Available: https://www.niti.gov.in/sites/default/ files/2021-02/Responsible-AI-22022021.pdf

  14. [14]

    AI watch: AI standardisation landscape,

    S. Nativi and D. Nigris, “AI watch: AI standardisation landscape,” European Commission, 2021

  15. [15]

    Sources of risk of AI systems,

    A. Steimers and M. Schneider, “Sources of risk of AI systems,”Intl. Journal of Environmental Research and Public Health, 2022

  16. [16]

    AI risk atlas: Taxonomy and tooling for navigating AI risks and resources,

    F. Bagehorn, K. Brimijoin, E. M. Daly, J. He, M. Hind, L. Garces- Erice, C. Giblin, I. Giurgiu, J. Martino, R. Nairet al., “AI risk atlas: Taxonomy and tooling for navigating AI risks and resources,”arXiv preprint arXiv:2503.05780, 2025

  17. [17]

    The AI risk repository: A meta-review, database, and taxonomy of risks from artificial intelligence

    P. Slattery, A. K. Saeri, E. A. Grundy, J. Grahamet al., “The AI risk repository: A comprehensive meta-review, database, and taxonomy of risks from artificial intelligence,”arXiv:2408.12622, 2024

  18. [18]

    TASRA: a taxonomy and analysis of societal- scale risks from AI,

    A. Critch and S. Russell, “TASRA: a taxonomy and analysis of societal- scale risks from AI,”arXiv preprint arXiv:2306.06924, 2023

  19. [19]

    A taxonomy of systemic risks from general-purpose AI,

    R. Uuk, C. I. Gutierrezet al., “A taxonomy of systemic risks from general-purpose AI,”arXiv:2412.07780, 2024

  20. [20]

    Between innovation and oversight: A cross-regional study of AI risk management frameworks in the EU, US, UK, and China,

    A. Al-Maamari, “Between innovation and oversight: A cross-regional study of AI risk management frameworks in the EU, US, UK, and China,”arXiv preprint arXiv:2503.05773, 2025

  21. [21]

    Artificial intelligence trust, risk and security management (AI trism): Frameworks, applica- tions, challenges and future research directions,

    A. Habbal, M. K. Ali, and M. A. Abuzaraida, “Artificial intelligence trust, risk and security management (AI trism): Frameworks, applica- tions, challenges and future research directions,”Expert Systems with Applications, vol. 240, p. 122442, 2024

  22. [22]

    An Overview of Catastrophic AI Risks

    D. Hendrycks, M. Mazeika, and T. Woodside, “An overview of catas- trophic AI risks,”arXiv preprint arXiv:2306.12001, 2023

  23. [23]

    OECD legal instrument 0449

    “OECD legal instrument 0449.” [Online]. Available: https: //legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449

  24. [24]

    Governing AI safety through independent audits,

    G. Falcoet al., “Governing AI safety through independent audits,” Nature Machine Intelligence, vol. 3, no. 7, pp. 566–571, 2021

  25. [25]

    Algorithm auditing: Managing the legal, ethical, and technological risks of artificial intelligence, machine learning, and associated algorithms,

    A. Koshiyamaet al., “Algorithm auditing: Managing the legal, ethical, and technological risks of artificial intelligence, machine learning, and associated algorithms,”Computer, vol. 55, no. 4, pp. 40–50, 2022

  26. [26]

    Achieving a data-driven risk assessment methodology for ethical AI,

    A. Fell ¨ander, J. Rebaneet al., “Achieving a data-driven risk assessment methodology for ethical AI,”Digital Society, vol. 1, no. 2, p. 13, 2022

  27. [27]

    Designing a risk assessment tool for artificial intelligence systems,

    P. R. Nagbøl, O. M ¨uller, and O. Krancher, “Designing a risk assessment tool for artificial intelligence systems,” inIntl. Conf. on Design Science Research in Information Systems and Technology, 2021, pp. 328–339

  28. [28]

    Artificial intelligence risk measure- ment,

    P. Giudici, M. Centurelliet al., “Artificial intelligence risk measure- ment,”Expert Systems with Applications, vol. 235, p. 121220, 2024

  29. [29]

    Towards risk-aware artificial intelligence and machine learning systems: An overview,

    X. Zhang, F. T. Chan, C. Yan, and I. Bose, “Towards risk-aware artificial intelligence and machine learning systems: An overview,”Decision Support Systems, vol. 159, p. 113800, 2022

  30. [30]

    EduEV AL-DB: A Role-Based Dataset for Pedagogical Risk Evaluation in Educational Explanations,

    J. Irigoyen, R. Dazaet al., “EduEV AL-DB: A Role-Based Dataset for Pedagogical Risk Evaluation in Educational Explanations,” inInt. Conf. on Learning Analytics & Knowledge Workshops (GenAI-LA), 2026

  31. [31]

    AIriskEval-edu: New Dataset for Risk Assessment in AI-mediated K- 12 Educational Explanations,

    J. Irigoyen, R. Daza, F. Jurado, J. Fierrez, R. Tolosana, A. Ortigosaet al., “AIriskEval-edu: New Dataset for Risk Assessment in AI-mediated K- 12 Educational Explanations,” inIEEE ICCST, 2026

  32. [32]

    Evaluating Social Engineering Risks in AI-based Interaction using Biometrics and a Gaming Setup,

    R. Dazaet al., “Evaluating Social Engineering Risks in AI-based Interaction using Biometrics and a Gaming Setup,” inICCST, 2026

  33. [33]

    AI risk assessment: A scenario-based, proportional methodology for the AI Act,

    C. Novelli, F. Casolari, A. Rotolo, M. Taddeo, and L. Floridi, “AI risk assessment: A scenario-based, proportional methodology for the AI Act,” Digital Society, vol. 3, no. 1, p. 13, 2024

  34. [34]

    Risk assessment at AGI companies: A review of popular risk assessment techniques from other safety- critical industries,

    L. Koessler and J. Schuett, “Risk assessment at AGI companies: A review of popular risk assessment techniques from other safety-critical industries,”arXiv preprint arXiv:2307.08823, 2023

  35. [35]

    Towards concrete and connected AI risk assessment (C2AIRA): A systematic mapping study,

    B. Xiaet al., “Towards concrete and connected AI risk assessment (C2AIRA): A systematic mapping study,” inIntl. Conf. on AI Engi- neering (CAIN), 2023, pp. 104–116

  36. [36]

    Is my vision-language data in your AI? membership inference test (MINT) Demo 2,

    D. DeAlcalaet al., “Is my vision-language data in your AI? membership inference test (MINT) Demo 2,” inIEEE COMPSAC, 2026

  37. [37]

    Leveraging avatar fingerprinting: A photorealistic talking-head public database and benchmark,

    L. Pedrouzoet al., “Leveraging avatar fingerprinting: A photorealistic talking-head public database and benchmark,”arXiv:2603.26934, 2026

  38. [38]

    Symbolic AI (LFIT) for XAI to handle biases,

    J. Tello, M. de la Cruz, T. Ribeiroet al., “Symbolic AI (LFIT) for XAI to handle biases,” inEuropean Conf. on Artificial Intelligence Workshops (ECAIw), ser. CEUR-WS, vol. 3523, October 2023

  39. [39]

    Addressing bias in LLMs: Strategies and application to fair AI-based recruitment,

    A. Pe ˜naet al., “Addressing bias in LLMs: Strategies and application to fair AI-based recruitment,” inAAAI/ACM AIES, 2025

  40. [40]

    DeepID challenge of detecting synthetic manipu- lations in ID documents,

    P. Korshunovet al., “DeepID challenge of detecting synthetic manipu- lations in ID documents,” inIEEE ICCV Workshops, 2025

  41. [41]

    PBa-LLM: Privacy-and bias-aware NLP using named-entity recognition (NER),

    G. Manceraet al., “PBa-LLM: Privacy-and bias-aware NLP using named-entity recognition (NER),” inIAPR ICDAR. Springer, 2025

  42. [42]

    Privacy-aware detection of fake identity documents: methodology, benchmark, and improved algorithms (FakeIDet2),

    J. Mu ˜noz-Haro, R. Tolosanaet al., “Privacy-aware detection of fake identity documents: methodology, benchmark, and improved algorithms (FakeIDet2),”Information Fusion, vol. 128, p. 103969, 2026

  43. [43]

    Biometrics and behavior analysis for detecting distrac- tions in e-learning,

    ´A. Becerra, J. Irigoyen, R. Daza, R. Cobos, A. Morales, J. Fierrez, and M. Cukurova, “Biometrics and behavior analysis for detecting distrac- tions in e-learning,” in2024 International Symposium on Computers in Education (SIIE). IEEE, 2024, pp. 1–6

  44. [44]

    Personalized weight loss management through wearable devices and artificial intelli- gence,

    S. Romero-Tapiador, R. Tolosana, A. Moraleset al., “Personalized weight loss management through wearable devices and artificial intelli- gence,”Computers in Biology and Medicine, vol. 209, p. 111676, 2026