AI Governance Library

Risk Tiers: Towards a Gold Standard for Advanced AI

Risk tiers clarify the harms AI might present and identify the measures being taken to prevent them.
Jakub Szarmach
3 min read
Risk Tiers: Towards a Gold Standard for Advanced AI
Risk Tiers- Towards a Gold Standard for Advanced AI
Risk Tiers- Towards a Gold Standard for Advanced AI.pdf
522 KB
download-circle

⚡ Quick Summary

This memo outlines a proposal for a “gold standard” framework for AI risk tiering—structured classifications of AI system risk that map to specific mitigation requirements. Developed by the Oxford Martin AI Governance Initiative, it highlights the need for standardized, lifecycle-wide risk tiering to support safe deployment of advanced AI systems. The paper reflects insights from multi-stakeholder convenings and emphasizes quantitative modeling, tier-based governance, and the role of public accountability in setting acceptable risk thresholds.

🧩 What’s Covered

The paper presents a roadmap to risk tiering that helps manage increasingly complex risks associated with frontier AI systems. Key sections include:

1. Role of Risk Tiers in Governance

  • Risk tiers categorize AI systems by expected harm, assigning each level appropriate mitigation obligations.
  • This approach supports regulatory clarity, system comparability, and public trust in how risk is being handled.
  • It also provides mechanisms for pre-agreed interventions when risks exceed thresholds.

2. Principles for Designing Risk Tiers

  • Encourages use of quantitative modeling where feasible (likelihood × severity matrices on p. 10)
  • Promotes qualitative or scenario-based approaches when data is insufficient
  • Emphasizes tier reassessment across the AI lifecycle, from pre-training forecasts to post-release monitoring 

3. Tiering Triggers and Lifecycle Integration

  • Tiering should occur at multiple development stages: pre-training, training checkpoints, post-training, deployment, and post-release updates
  • Key risk signals include compute scale, performance on sensitive benchmarks, and capability extensions via tools like scaffolding or APIs
  • Re-tiering is required if threat environments shift or systems are updated to boost functionality

4. Mitigation Mapping

  • Mitigations should align with each tier, including:
    • Security controls: physical/cyber protections against model theft
    • Deployment mitigations: output filters, user restrictions, refusals
    • Governance actions: transparency, third-party audits
  • Proposes a “risk budget” approach where mitigations are selected based on their estimated risk reduction impact and implementation cost 

5. Inclusion of Benefits

  • Advocates for eventual integration of benefit-risk tradeoffs, but notes that measurement of benefits remains too immature
  • Until comparative frameworks mature, focus should remain on risk mitigation first

6. Governance and Responsibility

  • Acknowledges that frontier labs currently lead risk tiering
  • Stresses the need for public institutions to set acceptable risk thresholds, not private actors
  • Recommends new independent oversight bodies with technical and regulatory legitimacy 

💡 Why it matters?

This is the most comprehensive and policy-oriented proposal for structuring AI risk tiering as a governance foundation. It offers a clear architecture for developers and regulators to coordinate risk classification, reduce ambiguity, and operationalize the “precautionary principle” without stalling innovation. It will likely shape how the EU AI Act, US executive orders, and international standards bodies approach systemic risk.

❓ What’s Missing

  • The framework is not yet operational—no templates, scoring rubrics, or quantitative models provided
  • Lacks real-world pilots or case studies of tiering in action
  • While governance roles are well framed, there’s little guidance on how to prevent capture of the tiering process by dominant firms
  • Doesn’t directly address supply chain risks or interactions between lower-tier models causing emergent risks

👥 Best For

  • Policy advisors and regulators drafting AI risk-based compliance regimes
  • AI lab safety teams designing internal escalation protocols
  • Standards-setting organizations (e.g., ISO, IEEE) exploring tier-based frameworks
  • Civil society watchdogs and academic centers advocating for responsible frontier AI practices
  • Investors and insurers assessing model deployment risks

📄 Source Details

  • TitleRisk Tiers: Towards a Gold Standard for Advanced AI
  • Authors: Nicholas A. Caputo, Siméon Campos, Jonas Schuett, Seán Ó hÉigeartaigh, et al.
  • Publisher: Oxford Martin AI Governance Initiative, University of Oxford
  • Published: June 2025
  • Length: 18 pages
  • Method: Expert convening + cross-sector synthesis
  • License: Open-access memo; authors note non-endorsement by all contributors

📝 Thanks to the Oxford Martin team and collaborators across SaferAI, MIT, DeepMind, and CCAI for offering a rigorous and timely foundation for AI risk classification policy.

Risk
About the author
Jakub Szarmach

Jakub Szarmach

Read next

Scalable AI Incident Classification

NIST: Reducing Risks Posed by Synthetic Content An Overview of Technical Approaches to Digital Content Transparency

AI GOVERNANCE AND ETHICS – GENERATIVE AI Expanded Guide

Intolerable Risk Threshold Recommendations for Artificial Intelligence

Multi-Agent Risks from Advanced AI

AI Governance Library

Curated Library of AI Governance Resources

AI Governance Library

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to AI Governance Library.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.