ISO 31000
Risk management - Guidelines
Overview
Provides principles, framework and process for managing risk. Essential for DSA's risk-based approach to online platform governance, systemic risk identification, and risk mitigation measures. Applies to all types of risks regardless of nature.
Applicability
Enterprise risk management for all organizations and DSA systemic risk assessments
Relevance to Digital Services Act (DSA)
Primary standard for DSA systemic risk assessments (Articles 34-36) and risk management obligations
Key Coverage Areas
Standard Sections & Chapters
Principles of risk management
Framework for managing risk
Leadership and commitment
Integration into organizational processes
Design of risk management framework
Implementing risk management
Evaluation and improvement
Related Digital Services Act (DSA) Articles
Article 26: Advertising on online platforms
View Article →Risk assessment framework
Implementation Guidance:
Apply systematic risk assessment to algorithmic systems
Article 27: Recommender system transparency
View Article →Risk monitoring and review
Implementation Guidance:
Continuously monitor risks from recommender systems
Mapped Obligations:
- Explain main parameters of recommender systems in terms and conditions using plain, intelligible language
Article 34: Risk assessment
View Article →Comprehensive risk management framework
Implementation Guidance:
Conduct annual systemic risk assessments following ISO 31000 methodology
Mapped Obligations:
- Conduct initial risk assessment by the date specified in Article 33(6)
- Perform risk assessments at least annually thereafter
- Identify and analyze systemic risks related to illegal content dissemination
- Consider how recommender systems and algorithms influence risks
- Evaluate content moderation systems and their effectiveness
- Preserve risk assessment documentation for at least 3 years
- Provide risk assessment documents to Commission and Digital Services Coordinator upon request
Article 35: Mitigation of risks
View Article →Risk treatment and implementation
Implementation Guidance:
Implement risk mitigation measures based on risk assessment findings
Mapped Obligations:
- Implement reasonable, proportionate and effective mitigation measures for identified systemic risks
- Adapt content moderation processes for illegal content, especially hate speech and cyber violence
- Test and adapt algorithmic systems including recommender systems
Quick Information
- Organization
- ISO
- Category
- Risk Management
- Certification
- Not available