Privacy & Information Security Law Blog

On April 14, 2025, the National Institute of Standards and Technology (“NIST”) announced the release of a draft update to its voluntary Privacy Framework, “NIST Privacy Framework 1.1 Initial Public Draft” (“PFW 1.1”). The update is designed to address current privacy risk management needs, enhance usability, and align the Privacy Framework with version 2.0 of the NIST Cybersecurity Framework (“CSF”), which was released in February 2024.

The updated Privacy Framework includes the following key changes:

• Revised Core Structure and Content: The Core section has been revised to align with the updated CSF, with a focus specific functions such as governance (i.e., risk management strategy and policies).
• New AI and Privacy Risk Management Section: PFW 1.1 includes a new section that describes how AI tools relate to privacy risks, such as the potential (1) that an AI system could reveal information about individuals through data reconstruction, prompt injection, or membership interference; or (2) for systemic, computational, statistical and human biases that make important decisions and predictions about individuals.
• Interactive Online Guidelines: Previously, NIST embedded a guide to the Privacy Framework as Section 3 within the previous version. As part of the update, NIST published a standalone online guide.

NIST has invited stakeholder feedback on PFW 1.1 until June 13, 2025.