Katharina Koerner, Trace3; Nandita Rao Narla, DoorDash
The NIST AI Risk Management Framework has emerged as a popular choice among US based organizations aiming to build responsible AI governance programs. However, real-word adoption of this very comprehensive framework is both challenging and onerous—often falling on privacy engineers who are voluntold to lead AI governance efforts. This presentation will explore key lessons learned from implementing the NIST AI RMF for different industries, highlighting how existing privacy infrastructure, policies, and other governance frameworks can serve as a foundation for AI risk management and compliance. We will also uncover common pitfalls and present a lightweight approach to jumpstart this framework adoption.
Katharina is a seasoned expert in AI governance, tech policy, privacy, and security, with a background spanning law, public policy, and emerging technologies. She is currently a Senior Principal Consultant - AI Governance and Risk at Trace3, a leading technology consulting firm specializing in cloud, data, AI, and security solutions. Previously, she was AI Governance Lead at Western Governors University (WGU), where she developed AI/ML governance frameworks, led policy initiatives, and assessed AI risks. She has also worked as a Principal Researcher - Technology at IAPP, conducting research on privacy engineering, AI regulation, and technology governance. With a PhD in EU Law, a JD in Law, and multiple certifications in privacy, security, and AI, Katharina bridges policy, law, and technology to drive ethical and responsible AI adoption.
Nandita Rao Narla is the Head of Technical Privacy and Governance at DoorDash. Previously, she was a founding team member of a data profiling startup and held various leadership roles at EY, where she helped Fortune 500 companies build and mature privacy, cybersecurity, and data governance programs. Beyond checkbox compliance programs, Nandita is interested in developing products that respect user privacy and build trust. She is a Senior Fellow at Future of Privacy Forum and serves on the advisory boards and technical standards committees for IAPP, Ethical Tech Project, XR Safety Initiative, Institute of Operational Privacy Design, IEEE and NIST.
author = {Katharina Koerner and Nandita Rao Narla},
title = {Using Privacy Infrastructure to Kickstart {AI} Governance: {NIST} {AI} Risk Management Case Studies},
year = {2025},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}