The NIST Privacy Framework is a voluntary, risk-based tool for managing privacy risk — published by the US National Institute of Standards and Technology, free to use, and increasingly adopted globally as an analytical layer over privacy programs. Where ISO 27701 is a certifiable management system standard, NIST PF is something different: a structured way to think about, prioritise, and communicate privacy risk. Version 1.1 — released as Initial Public Draft April 2025, finalising late 2025 / early 2026 — adds AI privacy-risk content and aligns with the Cybersecurity Framework 2.0 released in February 2024.
NIST Privacy Framework is sometimes confused with a regulation, sometimes with a certifiable standard like ISO 27701. It is neither. The clearest framing is "structured way to think about privacy risk" — what NIST itself calls a "voluntary tool." For organisations that already understand they need ISO 27701 certification, NIST PF is unlikely to add much. For organisations needing a structured analytical layer to communicate privacy risk to boards, regulators, or vendor due-diligence reviewers, it is one of the most useful tools available — and it is free.
The framework is built on three components that work together. The Core is the catalogue of privacy outcomes; Profiles are how an organisation selects from the Core to match its specific situation; Tiers describe the maturity of how those Profiles are operated in practice. Together they let an organisation say not just "we manage privacy risk" but "here's our specific risk profile, here's the maturity at which we operate, here's the gap to where we want to be."
A hierarchical taxonomy of privacy activities and outcomes — five Functions broken into Categories and Subcategories. The Core is the universal reference that every Profile selects from. Same structure across all NIST frameworks, designed to make outcomes communicable across security, privacy and AI risk teams.
A Profile is an organisation-specific selection of Core outcomes — choosing which Categories and Subcategories matter most given the organisation's privacy obligations, business priorities and risk appetite. Two Profiles can differ entirely. Most organisations create both a Current Profile (where they are today) and a Target Profile (where they want to be).
Tiers describe the rigour and integration of an organisation's privacy risk management — Tier 1 (Partial) through Tier 4 (Adaptive). Tiers are not ratings or maturity scores in the conventional sense; they describe how privacy risk management is operated, not how good the controls are individually.
The Functions are the highest level of the Core. The "-P" suffix flags them as Privacy Framework Functions — distinguishing them from CSF Functions of similar names. Three Functions (Identify-P, Govern-P, Protect-P) overlap conceptually with CSF; two (Control-P, Communicate-P) are privacy-specific. Together they cover the privacy risk lifecycle from understanding to ongoing communication.
Develop the organisational understanding to manage privacy risk. Inventory and mapping of data; understanding of privacy interests of individuals; risk assessment methodology. The starting work — and the work most often done loosely.
Develop and implement organisational governance to manage privacy risk. Policies, processes, procedures; risk management strategy; awareness and training; monitoring and review. Reframed and expanded in version 1.1 to align with CSF 2.0's Govern Function.
Develop and implement appropriate activities to enable organisations or individuals to manage data with sufficient granularity. Data processing policies, processes, procedures; data processing management. Where the operational privacy controls live — purpose limitation, data minimisation, access controls.
Develop and implement appropriate activities to enable organisations and individuals to have a reliable understanding of how data is processed. Communication policies, processes, procedures; data processing awareness. Privacy notices, transparency reports, individual rights mechanisms.
Develop and implement appropriate data processing safeguards. Data protection policies, processes, procedures; identity management; access control; data security. Specifically focused on managing risks associated with cybersecurity-related privacy events. The bridge to CSF 2.0.
Implementation Tiers describe how an organisation's privacy risk management is operated — not how good the underlying controls are. A Tier 4 organisation with weak controls is still risky; a Tier 1 organisation with strong individual controls is still under-managed. The Tiers measure the rigour and integration of the management approach. Most organisations land at Tier 2 or 3 in early assessments; reaching Tier 4 requires substantial investment in continuous improvement infrastructure.
Privacy risk management is ad-hoc and reactive. Limited awareness of privacy risk at the organisational level. Privacy activities not consistently informed by organisational risk objectives or external requirements.
Risk management practices approved by management but not established as organisation-wide policy. Privacy activities informed by organisational risk objectives, threat environment, business requirements. Information sharing on informal basis.
Privacy risk management practices formally approved as organisation-wide policy. Privacy activities regularly updated based on changes in risk objectives, threat environment, business requirements. Consistent methodology applied across the organisation.
Privacy risk management practices adapt based on lessons learned and predictive indicators. Continuous improvement embedded culturally. Real-time integration of privacy risk into broader enterprise risk management. The aspirational state — uncommon in practice.
Tiers are not goals — they are observations. An organisation does not "achieve" Tier 3; it operates at Tier 3. Most organisations target Tier 3 as the practical operating state — Tier 4 is rare in practice and requires substantial investment in continuous improvement infrastructure that often outweighs the marginal benefit. Tier honesty is more important than Tier ambition: Tier 2 with accurate self-assessment is more useful than Tier 3 with inflated claims.
Version 1.0 of the Privacy Framework — published in January 2020 — predated the explosion of generative AI. Version 1.1 explicitly addresses AI privacy risks for the first time. New Section 1.2.2 catalogues how AI tools relate to privacy risks, with particular attention to attack patterns that have emerged in the last five years. For organisations deploying AI systems that touch personal data, this is the single most useful piece of guidance the framework now provides.
Four distinct AI privacy-risk patterns the v1.1 update addresses explicitly. Each represents a way AI systems can compromise privacy that the 2020 v1.0 was silent on.
Attacks that determine whether a specific individual's data was in an AI model's training set — even when the model is supposedly anonymised. Privacy risk for any data subject whose records were used in training.
Attacks that reconstruct sensitive training data from a model's behaviour. Particularly concerning for models trained on personal data — health records, financial information, identity documents. Reconstruction can recover specific individuals' records.
Manipulation of AI system inputs to extract personal data the system holds in context. A particular concern for chatbots and assistants with access to user-specific data — adversarial prompts that bypass intended controls.
Systemic, computational, statistical and human biases that cause AI systems to make important decisions and predictions about individuals in ways that disadvantage protected groups. Privacy risk in the form of inappropriate inferences from data.
For organisations with AI systems that process personal data, the v1.1 update is genuinely useful. The NIST PF integration is naturally complemented by ISO 42001 (AI management system, published December 2023) and the NIST AI Risk Management Framework. The combined toolkit — NIST PF for privacy risk, NIST AI RMF for AI risk, ISO 42001 for AI management system — gives organisations a structured way to navigate the overlap between privacy and AI governance.
The most common practitioner question we hear about NIST PF is whether to use it instead of, or alongside, ISO 27701. The honest answer: they solve different problems. ISO 27701 provides certifiable external assurance; NIST PF provides structured analytical depth. Many of the strongest privacy programs use both — ISO 27701 as the certified backbone, NIST PF as the analytical layer for board reporting and AI governance work.
| Situation | Likely right tool |
|---|---|
| Customers / vendors require external privacy assurance Vendor due diligence asking "are you ISO 27701 certified" — a yes-or-no question with a yes-or-no answer. | ISO 27701 Only ISO 27701 carries certified external assurance. NIST PF cannot satisfy this requirement. |
| Board needs structured privacy-risk reporting Quarterly board reporting on privacy posture, gap analysis, target-state articulation, prioritisation rationale. | NIST PF Profile / Tier structure communicates clearly to non-specialist boards. ISO 27701 documentation often too granular for this purpose. |
| AI system handling personal data needs privacy governance ML model training on customer data; chatbot with access to user records; algorithmic decisions about individuals. | NIST PF v1.1 explicit AI privacy-risk content; Profile structure ideal for AI-specific privacy posture. ISO 27701 less specific on AI. |
| Regulator-facing evidence of structured privacy program Demonstrating accountability to GDPR / KSA PDPL / UAE PDPL / DPDP regulators in inspection or investigation. | ISO 27701 Certified ISMS / PIMS more widely recognised by international regulators. NIST PF accepted but less universally. |
| No budget for ISO certification Early-stage company; pre-commercial; budget constraints making ISO 27701 certification not yet justifiable. | NIST PF Free to adopt. Build the structure first; pursue ISO 27701 certification once justified by customer / vendor demand. |
| Mature multinational with both internal and external assurance needs Large enterprise; multiple jurisdictions; certified privacy posture plus sophisticated internal risk management infrastructure. | Both ISO 27701 as certified backbone for external assurance; NIST PF as analytical layer for internal risk management. Common pattern in mature programs. |
| Heavy NIST CSF 2.0 / cybersecurity orientation Existing CSF 2.0 program; security and privacy teams want a unified framework family. | NIST PF v1.1 explicitly aligned with CSF 2.0 — same Core structure, complementary domains. Reduces friction for organisations on the NIST family. |
| Sales channel into US Federal / FedRAMP-adjacent markets Selling to US Federal agencies, contractors, or organisations operating under federal frameworks. | Both NIST PF expected by US Federal procurement; ISO 27701 expected by international parts of the same procurement landscape. Both required in mature programs. |
For most organisations in our practice, the answer is "ISO 27701 with NIST PF as analytical overlay." The certification carries the external assurance weight; the framework provides the analytical depth for board reporting, AI governance, and internal continuous improvement. Read the ISO 27701 page for the certification side; this page is the working brief for the NIST PF analytical side.
NIST PF work is shaped by the framework's three components — Core, Profiles, Tiers. The workstreams below cover building Current and Target Profiles, conducting gap analysis, integrating with adjacent NIST frameworks (CSF 2.0, AI RMF), and operationalising the analytical outputs as a working privacy risk management capability. Most engagements run shorter than ISO 27701 certification builds — the absence of certification audit shortens the back end materially.
Definition of organisational and business context for NIST PF adoption. Identification of privacy risks in scope, key stakeholders, regulatory landscape. The Identify-P starting work.
Comprehensive data processing inventory aligned to ID-P Categories. Data flows, processing purposes, data subjects, recipients, retention. The substantive precondition for any meaningful Profile work.
Assessment of current state against the Core. Subcategory-level current achievement scoring. Honest baseline that becomes the starting point for gap analysis. Tier self-assessment overlay.
Articulation of desired future state. Selection of priority Subcategories given organisational risk profile, regulatory obligations, business priorities. Target Tier selection. The aspiration document.
Structured comparison of Current and Target Profiles. Gap inventory by Function and Category. Risk-based prioritisation of gaps for closure. The analytical centrepiece — and the artefact most useful for board reporting.
Initiative roadmap to close priority gaps. Resource estimation, sequencing, ownership assignment. Quarterly progress milestones. The bridge from analysis to operational change.
Where the organisation runs CSF 2.0 alongside NIST PF, integration of the two Profiles. Shared Govern Function, complementary control selections, single integrated risk register. The analytical efficiency of running both as intended.
Application of v1.1 AI privacy risk content. Inventory of AI systems processing personal data. Membership inference, data reconstruction, prompt injection, algorithmic bias risk assessment. Coordination with NIST AI RMF and ISO 42001 if applicable.
Cross-walk of NIST PF Subcategories to GDPR, KSA PDPL, UAE PDPL, DPDP obligations. Where PF outcomes map cleanly to regulatory requirements; where regulation requires more than the framework specifies. The compliance integration layer.
For organisations running both, alignment of NIST PF Profile to ISO 27701 controls. Where PF analytical outputs feed ISO 27701 Statement of Applicability decisions; where the two frameworks diverge. Single integrated operating model.
Translation of Profile / Tier outputs into board-grade reporting. Vendor risk framework templates using NIST PF as the analytical layer. Quarterly progress narratives. Where the framework's analytical investment pays back.
NIST PF work is delivered through one of three engagement shapes — typically lighter than ISO 27701 / 27001 certification builds because there is no certification audit at the end. Most engagements focus on building Current and Target Profiles, gap analysis, and operationalising the analytical outputs. Many run alongside or after an ISO 27701 build to add analytical depth.
For organisations adopting NIST PF for the first time. Current Profile development, Target Profile articulation, gap analysis, prioritised action plan. Most common engagement shape — produces the analytical outputs without ISO certification overhead.
For organisations building NIST PF as the analytical backbone of their privacy program. Profile build plus action-plan execution, CSF 2.0 integration, AI privacy risk overlay, regulation mapping, board reporting infrastructure. Larger scope than Profile-only engagements.
For organisations with established NIST PF capability needing senior backup on harder analytical questions — Profile refresh cycles, AI privacy risk overlay updates, mapping to new regulations, integration with ISO 42001 / NIST AI RMF, board-grade narrative shaping.
Common questions on NIST Privacy Framework — particularly from organisations evaluating whether to adopt it, organisations with existing ISO 27701 work asking how the two relate, and organisations needing to understand the v1.1 AI privacy content.
NIST Privacy Framework's value comes from how it is used, not how much it costs. The framework is free; the analytical investment to build a meaningful Profile and operate it as a working risk-management capability is real. A 30-minute scoping call costs nothing — we will tell you honestly whether NIST PF makes sense for your situation, how it fits with any existing ISO 27701 work, and what the right shape of engagement looks like.
Schedule a call