This article aims to shed light on the meaning of complexity for risk assessment of sociotechnical systems. The point of departure is that complexity is related to uncertainty as an indication of confidence in risk assessment. Complexity science points to limitations in risk analysis that owe to a mismatch between the nature of sociotechnical systems and how we approach them in search of prediction and control. Complexity complements uncertainty in three ways: as a source of uncertainty, as an additional type of uncertainty concerning deviations from what is designed, planned or assumed, and as an overall indication of limitations in the analysis with respect to potential for surprise. A new framework is suggested to clarify and make the concept of practical value to risk assessment. The framework consists of a definition, a conceptual map, an ontological and epistemological position, and a set of indicators. Complexity is explained in the conjunction of an analyst, a system, and a chosen model and is conditioned on the state of knowledge and the assessment context. It is epistemic in the sense that it resides in the analyst's understanding of the system and not in the system as such. A challenging implication is that complexity is relative in many respects, but this also provides opportunities for approaching it in risk assessment. The indicators can help to acknowledge, reduce, and describe complexity in preassessment, risk analysis, and risk evaluation.