AIGP Study Guide
Module 2: AI Impacts & Responsible AI · BoK II.A

Three AI harms taxonomies

AI-specific frameworks. The Sociotechnical Harms taxonomy has five themes; the CSET AI Harm Taxonomy defines AI harm with four elements, all four must be present; and the NIST AI RMF defines risk as probability × magnitude.

AI-specific frameworks overlap with privacy ones but add their own logic. Know the headline structure of each.

🧩 Sociotechnical Harms - "Sociotechnical Harms of Algorithmic Systems" builds on existing taxonomies. Five major themes: representational, allocative, quality-of-service, interpersonal, social system / societal.

🏛️ CSET AI Harm Taxonomy - from Georgetown's Center for Security and Emerging Technology, built for the AI Incident Database (AIID). Characterises the harms, entities and technologies in AI incidents and their circumstances. Defines AI harm with four elements, all four must be present for AI harm to exist.

📐 NIST AI RMF - risk = "the composite measure of an event's probability of occurring and the magnitude or degree of the consequences". Goal → enable AI use by minimising negative impacts, maximising positive outcomes. Harms split into harm to people, harm to an organisation, harm to an ecosystem.

Exam flash: two favourite traps

CSET requires all four elements present (not "any of"), and NIST defines risk as probability × magnitude, a composite measure, not just likelihood.

Key terms - quick answers

What is “Sociotechnical Harms taxonomy”?
Five themes: representational, allocative, quality-of-service, interpersonal, social system/societal.
What is “CSET AI Harm Taxonomy”?
Georgetown CSET framework for the AI Incident Database; defines AI harm with four elements, all four must be present.
What is “AI Incident Database (AIID)”?
Database the CSET taxonomy characterises, recording harms, entities and technologies in AI incidents.
What is “NIST AI RMF”?
Defines risk as the composite of probability and magnitude; splits harms into people, organisation, ecosystem.