Because someone wrote that, doesn't make it so! The fact remains that ISO 9001 in its earliest forms wasn't about risk. When people rely on "implicit" requirements then you know they are grasping at straws.
I will respectfully disagree. Yes, you are correct when say that ISO 9001 was never "about risk", but the intent has always been about identifying areas of higher potential for problems and acting accordingly. For example, something that you and I have been voicing for years: "internal audits to be scheduled based on status, importance and past performance..." In my view, that is a clear area where, without using the word risk, the standard is saying: use your resources wisely and direct your efforts where you have the highest potential for problems.
So, in my view, whenever the standard used words such as applicable, as appropriate, etc, it had an implicit aspect of risk evaluation. In many places the standard used to allude to system requirements robustness to be commensurate with the risks encountered.
But, as I mentioned in my previous post, when the TC 176 decided to include this poorly structured, ill-identified RBT requirement in 9001, it created a huge problem. Too much friction without a return. Had the Conformity Assessment sector associated with this done their jobs, we would not have so much confusion.