Risk Taxonomy: AI Risk Framework

• Risk taxonomy is a hierarchical framework that categorizes AI risks into technical, societal, legal, and operational dimensions.
• It employs multi-stage methodologies such as document review, thematic coding, and incident validation to ensure comprehensive risk coverage.
• It supports organizational governance and risk mitigation by mapping hazards to regulatory standards and actionable safety measures.

Risk taxonomy provides a rigorous framework for classifying, analyzing, and managing the diverse harms and hazards arising across AI systems. Foundational taxonomies encode the technical, societal, legal, and operational risk vectors that impact the safety, reliability, fairness, and rights-respecting conduct of AI models and platforms. Driven by regulatory harmonization, technical auditability, and empirical incident records, modern risk taxonomy unifies disparate approaches for organizational governance, mitigation engineering, and policy design.

1. Conceptual Foundations and Taxonomy Derivation

A risk taxonomy is a hierarchical structure for partitioning risk types, exposures, and causal factors into discrete, mutually exclusive categories and subcategories. The process of taxonomy development typically involves manual inductive coding of regulatory documents, corporate policies, incident records, and technical benchmarks. For example, the AIR 2024 taxonomy is derived from eight government regulations (EU, US, China) and sixteen corporate acceptable-use/model policies. All risk statements are encoded into atomic categories, which are then grouped through a four-tier ontology (Zeng et al., 2024). This structuring facilitates semantic interoperability, regulatory mapping, and unified benchmarking, enabling cross-sector communication and best-practice synthesis for generative AI safety.

2. Hierarchical Structures of Modern AI Risk Taxonomies

A canonical taxonomy, such as AIR 2024, exemplifies four “level-1” pillars:

• System & Operational Risks: Misuse/malfunction of AI subsystems, security breaches, autonomy failures.
• Content Safety Risks: Direct user harms from generated outputs, including hate, violence, self-harm, sexual exploitation.
• Societal Risks: Long-range, diffuse impacts on social systems—disinformation, election interference, economic disruption.
• Legal & Rights Risks: Violations of privacy, discrimination, IP, criminal facilitation.

Each pillar supports further subhierarchies: e.g., “System & Operational Risks” divides into “Security Risks” and “Operational Misuses,” with themes such as confidentiality, integrity, automated decision-making, and unsafe autonomous control. At the most granular level, atomic risks number into the hundreds (AIR’s Figure 1 enumerates 314 distinct items) (Zeng et al., 2024).

Multi-dimensional structures are also instantiated, such as the AI Risk Repository’s dual causal–domain taxonomy, assigning each risk both a causal (entity, intentionality, timing) and a domain coordinate (seven domains, 23 subdomains: discrimination & toxicity, privacy & security, misinformation, malicious misuse, human-computer interaction, socioeconomic & environmental, system failures & limitations) (Slattery et al., 2024).

3. Specialized and Domain-Specific Risk Taxonomies

Risk taxonomies are tailored to domain requirements and operational contexts. For psychotherapy agents, a focused taxonomy splits risk into “Immediate” and “Potential” classes anchored to real-time change in DSM-5-derived symptom clusters (e.g., exacerbation of hopelessness, change in trust, threat triggers) with formal annotation and session risk scoring (Steenstra et al., 21 May 2025). In financial systems, GRAB’s taxonomy maps 193 anchor terms onto 21 risk types under five macro classes (market, credit, liquidity, operational, compliance {data} legal risk) for unsupervised learning and sentence-level risk labeling (Li et al., 25 Sep 2025).

Legal risk taxonomies differentiate actionable claims arising pre- and post-deployment (copyright infringement, DMCA violations, privacy torts, failure to warn) and organize them into a strict hierarchy enabling compliance checklists and ex-ante risk audits (Atkinson et al., 2024).

Speech-centric taxonomies isolate paralinguistic risk vectors (malicious sarcasm, threats, gender/age/ethnicity imitation and bias) emphasizing risks insufficiently captured by text-only frameworks (Yang et al., 2024).

4. Taxonomies for Risk Mitigation and Organizational Governance

Taxonomies extend not only to risk identification but to cataloguing mitigation strategies. The MIT AI Risk Initiative’s mitigation taxonomy encodes four domains and 23 subcategories spanning governance & oversight, technical & security (e.g., alignment, safety engineering, content controls), operational process (testing, data governance, deployment, incident response), and transparency & accountability (documentation, disclosure, rights, external access) (Saeri et al., 12 Dec 2025). These hierarchies are built from evidence scans of multiple frameworks, supporting mapping between risks and mitigations for structured risk-reduction workflows.

Operational integration is exemplified by the AI Risk Atlas: risks are represented as ontology nodes with formal semantic types (Training, Inference, Output, SocioTechnical), linked to applicable benchmarks, mitigation measures, and governance terms via standardized mappings and knowledge graph schemas (Bagehorn et al., 26 Feb 2025).

5. Taxonomies in Security, Societal, and Systemic Risk Management

Security-focused taxonomies (e.g., the AI System Threat Vector Taxonomy) define nine orthogonal threat domains—Misuse, Poisoning, Privacy, Adversarial, Biases, Unreliable Outputs, Drift, Supply Chain, IP Threat—each with operational sub-threats and direct mapping to business-loss categories (Confidentiality, Integrity, Availability, Legal, Reputation). These structures enable empirical incident categorization, quantitative risk assessment (e.g., Monte Carlo loss modeling, VaR calculations), and compliance alignment to ISO/NIST controls and EU AI Act mandates (Huwyler, 26 Nov 2025).

Systemic risks are characterized in societal-scale taxonomies such as TASRA (accountability-driven: diffusion, bigger/worse-than-expected, indifference, criminal weaponization, state weaponization) (Critch et al., 2023) and the “Systemic Risks from General-Purpose AI” taxonomy (control, democracy, discrimination, economy, environment, rights, governance, etc.) (Uuk et al., 2024). These frameworks capture cascading, value-chain-propagating risks, as per regulatory definitions (EU AI Act Art. 3(65)), and identify contributing sources (e.g., automation bias, deceptive alignment, evolutionary dynamics).

6. Methodologies for Taxonomy Construction and Application

Taxonomy construction relies on multi-stage processes: regulatory and policy document review, expert interviews, thematic coding, literature synthesis, and validation on incident records or benchmarking datasets. Validity and utility arise from mapping taxonomic leaves to observed system failures (incident coverage), mapping to mitigation actions, and alignment to regulatory obligations.

In application, taxonomies guide risk-based testing workflows (contextual setup, risk assessment, test strategy)—defining risk drivers, items, impact/likelihood factors, prioritization schemes, and operational automation (Felderer et al., 2018). Practitioners deploy these structures as reflection tools (in public health, for instance) to structure adoption decisions and mitigation planning (Zhou et al., 2024).

7. Implications, Limitations, and Future Directions

The proliferation of risk taxonomies enables harmonization across actors—governments, corporations, auditors, and researchers—by promoting shared language and systematic coverage. However, limitations arise in empirical calibration of risk thresholds (e.g., heuristics for “significant deviation”), coverage of multimodal and context-dependent harms, dynamic update requirements, and gaps such as soft factors (organizational culture), regulatory uncertainties for composite systems (e.g., quantum–AI integration), and emerging systemic hazards.

Future directions entail quantitative validation (cluster metrics, network analysis), risk-to-mitigation mappings, linkage to continuous monitoring and social-impact assessment, and integration with evolving standards (GDPR, NIST, ISO/IEC 42001, EU AI Act). Interoperability across frameworks (via formal semantic mappings, ontologies, and shared APIs) is central for robust, scalable risk management as AI capabilities and deployment domains expand.

---

Key References:

• AIR 2024: Unified risk taxonomy for generative AI (Zeng et al., 2024)
• MIT AI Risk Repository: Causal and domain-based taxonomy, living risk database (Slattery et al., 2024)
• AI System Threat Vector Taxonomy: Security domains and quantitative mapping (Huwyler, 26 Nov 2025)
• Risk Mitigation Taxonomy: Governance, technical, operational, and transparency controls (Saeri et al., 12 Dec 2025)
• Systemic Risks from General-Purpose AI: 13 high-level threat categories (Uuk et al., 2024)
• Risk-Based Testing Taxonomy: Context, assessment, and strategy (Felderer et al., 2018)