For informational purposes only. Definitions are written as general educational summaries. Legal and regulatory terms carry precise meanings in their source instruments, always refer to the primary regulation or standard for authoritative definitions. Regulatory requirements change; definitions are reviewed regularly but may not reflect the latest developments.
Want to explore a term in more depth or see how it applies to your specific situation?
Accountability Gap
Full definitionthe difficulty of assigning responsibility for harms caused by AI systems whose decisions emerge from complex, distributed, and partly autonomous processes.
Adversarial Example
Full definitionan input deliberately crafted with small, often imperceptible changes that cause an AI model to make a confident but wrong prediction.
Agentic AI
Full definitionAI systems that perceive their environment, reason about goals, plan sequences of actions, and execute those actions with limited or no human oversight to achieve outcomes in the real world.
AI Alignment
Full definitionthe problem of ensuring an AI system pursues the goals its designers and society actually intend, rather than unintended proxies.
AI Assurance
Full definitionthe set of techniques (audits, testing, certification, impact assessments) used to build justified confidence that an AI system is trustworthy.
AI Audit
Full definitionan independent examination of an AI system to assess whether it meets defined criteria for performance, fairness, safety, regulatory compliance, and governance.
AI Bias
Full definitionsystematic and unfair differences in AI system outputs that disadvantage particular individuals or groups, often correlated with protected characteristics.
AI Bill of Materials (AI-BOM)
Full definitiona structured, machine-readable inventory of the components that make up an AI system, models, datasets, libraries, and their provenance and licences, analogous to a software bill of materials (SBOM).
AI Compliance
Full definitionthe activity of meeting legal, regulatory, and contractual obligations that apply to the development, deployment, and use of artificial intelligence systems.
AI Copyright
Full definitionthe body of law and contract concerning rights in AI training data, AI-generated outputs, and the use of copyrighted material by AI systems.
AI Ethics
Full definitionthe normative framework concerning what AI systems ought to do, the principles, values, and considerations that should guide AI development and deployment beyond strict legal compliance.
AI Governance
Full definitionthe system of policies, structures, processes, and controls that enables an organisation to develop, procure, and use artificial intelligence responsibly, lawfully, and in a way that creates sustained value while managing its risks.
AI Hallucination
Full definitionwhen a generative AI model produces content that is factually incorrect, fabricated, or unsupported by its training data while presenting it with the same confidence as accurate content.
AI Impact Assessment
Full definitiona structured evaluation of the potential harms, benefits, and rights implications of an AI system before and during its deployment.
AI Incident
Full definitionan event in which an AI system causes, contributes to, or has the potential to cause harm, including physical, psychological, financial, or reputational harm, to individuals, organisations, or society.
AI Insurance
Full definitioninsurance coverage addressing losses and liabilities arising from the use, development, or failure of AI systems, including dedicated AI liability policies and AI-specific exclusions or endorsements within existing cyber, technology, or general-liability cover.
AI Inventory
Full definitiona comprehensive and maintained register of all AI systems that an organisation develops, procures, or deploys, typically including risk classification, use case, data sources, and ownership.
AI Literacy
Full definitiona sufficient understanding of how AI systems work, their capabilities, and their limitations, held by the people who deploy or oversee them.
AI Management System
Full definitiona systematic framework of policies, processes, and controls that an organisation uses to manage the development, deployment, and use of artificial intelligence throughout its lifecycle.
AI Red Teaming
Full definitionstructured adversarial testing of an AI system, by humans or other AI systems, to identify vulnerabilities, failure modes, harmful outputs, and ways the system can be misused.
AI Regulation
Full definitionthe body of binding law and enforceable regulatory guidance that governs how AI systems are developed, sold, and used.
AI Risk Appetite
Full definitionthe level and type of AI-related risk that an organisation is willing to accept in pursuit of its objectives, formally approved by the board or governing body.
AI Risk Management
Full definitionthe discipline of identifying, assessing, treating, monitoring, and reporting risks specific to artificial intelligence systems within an organisation's broader enterprise risk framework.
AI Risk Tiers
Full definitionthe EU AI Act's risk-based classification of AI systems into unacceptable, high, limited, and minimal risk, each with different obligations.
AI Safety
Full definitionthe field concerned with ensuring AI systems behave reliably and as intended, particularly as their capabilities approach or exceed human-level performance in defined domains.
AI Safety Institute
Full definitiona government-established body that researches, evaluates, and advises on the safety and security risks of advanced AI systems, often testing frontier models and informing policy.
AI Strategy
Full definitionan organisation's plan for where, why, and how it will use artificial intelligence to create value, together with the governance, capability, and investment choices that make that use durable, lawful, and safe.
AI Supply Chain
Full definitionthe chain of external components an AI system depends on, foundation models, training data, libraries, APIs, and compute providers, each carrying its own security, legal, and reliability risk.
AI System
Full definitionunder the EU AI Act, a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers from the input it receives how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.
AI Transparency
Full definitionthe legal and ethical requirement that people are told when they are interacting with AI, when content is AI-generated, and, in some cases, how an AI decision affecting them was reached.
AI Verify
Full definitionSingapore's AI governance testing framework and software toolkit that allows organisations to demonstrate responsible AI through standardised technical tests and process checks.
AI Washing
Full definitionthe practice of misrepresenting the AI capability, sophistication, or involvement of a product, service, or company to investors, customers, or regulators.
AI Watermarking
Full definitionembedding a machine-detectable marker in AI-generated content so it can later be identified as synthetic.
Algorithmic Accountability
Full definitionthe principle that the organisations deploying automated systems remain answerable for those systems' decisions and impacts.
Algorithmic Disgorgement
Full definitiona regulatory remedy requiring an organisation to delete models and algorithms built using improperly obtained data.
Algorithmic Impact Assessment
Full definitiona structured, questionnaire-based assessment, originating in the Canadian federal government's Directive on Automated Decision-Making, that scores the impact level of an automated decision system and sets proportionate requirements.
Algorithmic Transparency
Full definitionthe degree to which information about an AI system's design, data, and decision-making logic is made available to regulators, auditors, affected individuals, or the public.
Anonymisation
Full definitionprocessing personal data so that individuals can no longer be identified from it, irreversibly and in a way that cannot reasonably be undone.
Artificial General Intelligence (AGI)
Full definitiona hypothetical AI system capable of understanding, learning, and applying knowledge across the full range of tasks at which humans are capable, rather than being narrow to a specific domain.
Authorised Representative
Full definitionunder the EU AI Act, a natural or legal person established in the EU who has received and accepted a written mandate from a provider established outside the EU to carry out the provider's obligations under the Act on its behalf.
Automated Decision-Making (ADM)
Full definitionthe process of making a decision about an individual by automated means without meaningful human involvement.
Automated Employment Decision Tool (AEDT)
Full definitionan AI tool used to substantially assist or replace hiring, screening, or promotion decisions about candidates or employees.
Automation Bias
Full definitionthe tendency for humans to over-rely on automated AI recommendations, deferring to them even when their own judgment or other information suggests a different conclusion.
Benchmark
Full definitiona standardised dataset or task used to measure and compare the performance of AI models on a defined capability.
Bias Testing
Full definitionthe systematic evaluation of an AI system to detect whether it produces different, worse, or unfair outcomes for individuals in different demographic groups.
Biometric Categorisation
Full definitionan AI system that assigns people to categories on the basis of their biometric data, for example inferring characteristics or group membership from a face or voice.
Bletchley Declaration
Full definitiona 2023 statement signed by 28 countries and the EU affirming international cooperation on the safety of frontier AI.
Business Continuity
Full definitionthe planning and capabilities that let an organisation maintain or quickly restore critical functions after a disruption, including one caused by AI system failure or unavailability.
CE Marking (AI)
Full definitionthe conformity marking a high-risk AI system must carry to show it meets EU requirements before being placed on the EU market.
Chain of Thought
Full definitiona technique in which a model is prompted to generate intermediate reasoning steps before producing a final answer.
Codes of Conduct (EU AI Act)
Full definitionvoluntary codes encouraged by the EU AI Act that help providers and deployers of non-high-risk AI apply some of the Act's high-risk-style requirements, or pursue other commitments such as environmental sustainability and accessibility.
Colorado AI Act
Full definitionColorado Senate Bill 24-205, signed in May 2024 as the first comprehensive US state law on high-risk AI, but repealed and replaced before it ever took effect by SB 189, signed 14 May 2026.
Compute Governance
Full definitiongoverning advanced AI by monitoring or controlling access to the large-scale computing power used to train it.
Concentration Risk
Full definitionin an AI context, the risk that arises when an organisation, or a whole market, depends heavily on a small number of AI models, providers, or infrastructure, so that a single failure, outage, price change, or policy shift has outsized impact.
Concept Drift
Full definitiona change over time in the real-world relationship a model is trying to predict, so that the patterns it learned during training no longer hold.
Confidential Computing
Full definitionprotecting data while it is being processed by performing the computation inside a hardware-based trusted execution environment.
Conformity Assessment
Full definitionthe process by which a provider of an AI system demonstrates that it meets the requirements of an applicable regulation or standard before placing the system on the market.
Consent
Full definitionunder the GDPR, any freely given, specific, informed, and unambiguous indication of a data subject's wishes by which they signify agreement, through a statement or clear affirmative action, to the processing of their personal data.
Content Provenance
Full definitionverifiable information about the origin, authorship, and editing history of digital content, used to distinguish AI-generated material from human-created content.
Content Provenance
Full definitionverifiable information about where a piece of digital content came from and how it was created or edited, including whether AI was involved, typically attached using cryptographic metadata standards.
Contestability
Full definitionthe ability of individuals affected by an AI-driven decision to challenge that decision and have it reviewed, corrected, or overridden by a human.
Context Window
Full definitionthe maximum amount of text, measured in tokens, that a large language model can take into account at once, including both the input prompt and the generated output.
Corrective Action
Full definitionthe steps a provider or deployer takes to bring a non-compliant or malfunctioning AI system back into conformity, or to withdraw it from the market.
Council of Europe AI Convention
Full definitionthe first legally binding international treaty on artificial intelligence, framing AI around human rights, democracy, and the rule of law.
Covariate Shift
Full definitiona form of distribution shift where the statistical distribution of input features changes between training and deployment, while the underlying relationship between inputs and outputs remains the same.
Critical Third Party
Full definitiona provider whose services are so important to many regulated firms that its failure could threaten financial stability, attracting direct regulatory oversight of the provider itself rather than only its customers.
Data Controller
Full definitionthe entity that determines the purposes and means of processing personal data, and bears primary accountability for it.
Data Leakage
Full definitionthe unintended exposure of sensitive information through an AI system, either into a model during training (where it may later be reproduced) or out of a system at inference, through prompts, outputs, logs, or stored context.
Data Minimisation
Full definitionthe data-protection principle that personal data collected and processed should be adequate, relevant, and limited to what is necessary for the stated purpose.
Data Poisoning
Full definitiona form of adversarial attack on AI systems where malicious data is deliberately introduced into the training dataset to corrupt a model's learned behaviour or introduce backdoors.
Data Processor
Full definitionan entity that processes personal data on behalf of, and on the instructions of, a data controller.
Data Protection by Design and by Default
Full definitionthe obligation to build privacy safeguards into systems from the outset and to default to the most privacy-protective settings.
Data Protection Impact Assessment (DPIA)
Full definitiona structured process under GDPR Article 35 for identifying and mitigating data protection risks before processing that is likely to result in high risk to individuals.
Data Protection Officer
Full definitionunder the GDPR, an independent expert that an organisation must appoint in defined circumstances to advise on data-protection obligations, monitor compliance, and act as a contact point for the supervisory authority and data subjects.
Data Sovereignty
Full definitionthe principle that data is subject to the laws and governance of the jurisdiction in which it is collected, stored, or processed.
Data Subject Rights
Full definitionthe set of rights the GDPR grants individuals over their personal data, including access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision-making.
Datasheets for Datasets
Full definitiona documentation standard that records how a dataset was created, composed, intended to be used, and maintained.
Deepfake
Full definitionAI-generated or AI-manipulated synthetic content, audio, image, or video, that depicts real people doing or saying things they did not do or say.
Deployer
Full definitionunder the EU AI Act, a natural or legal person using an AI system under its own authority, except where the system is used in the course of a personal, non-professional activity.
Differential Privacy
Full definitiona mathematical privacy guarantee that limits the amount of information that can be inferred about any individual from an AI model or dataset, by adding calibrated statistical noise.
Disparate Impact
Full definitiona form of discrimination that occurs when a facially neutral practice disproportionately disadvantages a protected group, regardless of intent.
Distributor
Full definitionunder the EU AI Act, a natural or legal person in the supply chain, other than the provider or importer, that makes an AI system available on the EU market.
Dual-Use Foundation Model
Full definitiona foundation model whose capabilities could be applied to both beneficial uses and serious harm, such as cyber or biological misuse.
Embedding
Full definitiona numerical vector representation of data, such as a word, sentence, image, or user, learned so that items with similar meaning sit close together in a high-dimensional space.
Emotion Recognition
Full definitionan AI system that infers the emotions or intentions of a person on the basis of their biometric data, such as facial expressions, voice, or physiological signals.
EU AI Act
Full definitionRegulation (EU) 2024/1689, the European Union's comprehensive AI law that classifies AI systems by risk level and imposes obligations proportionate to that risk on providers and deployers.
EU AI Act Annex III
Full definitionthe schedule to the EU AI Act that lists the eight specific high-risk AI use cases subject to the Act's most extensive compliance obligations.
EU AI Act Prohibited Practices
Full definitionthe category of AI uses banned outright under Article 5 of the EU AI Act because they pose unacceptable risk to fundamental rights.
EU Database for High-Risk AI
Full definitionthe public EU database in which providers (and certain public-authority deployers) must register stand-alone high-risk AI systems before placing them on the market or putting them into service.
Explainability
Full definitionthe degree to which an AI system's decision-making process can be described in human-understandable terms, either through the system's inherent design or through post-hoc explanation methods.
Fairness Metric
Full definitiona quantitative measure used to evaluate whether an AI system produces equitable outcomes across different demographic or protected groups.
Fine-Tuning
Full definitionthe process of further training a pre-trained AI model on a narrower, task-specific dataset to adapt it to a particular use case.
Foundation Model
Full definitiona large AI model trained on broad data at scale and adaptable to a wide range of downstream tasks, typically through fine-tuning or prompting rather than purpose-specific training.
Fourth-Party Risk
Full definitionthe risk arising from a supplier's own suppliers, the subcontractors and upstream providers behind a direct vendor that can disrupt a service despite having no direct relationship with the organisation.
Frontier AI Safety Commitments
Full definitionvoluntary commitments by leading AI companies to assess, manage, and publish their approach to severe AI risks.
Frontier Model
Full definitiona highly capable, general-purpose AI model at or near the leading edge of capability, whose risks are not yet fully understood.
Function Creep
Full definitionthe gradual expansion of an AI system's use beyond its original intended purpose, often without adequate governance review or fresh assessment of risks.
Fundamental Rights Impact Assessment (FRIA)
Full definitiona structured assessment of how a high-risk AI system may affect people's fundamental rights, carried out before deployment.
General-Purpose AI (GPAI)
Full definitionan AI model trained on large amounts of data that exhibits significant generality and can perform a wide range of distinct tasks, including tasks it was not explicitly trained for.
Generative AI
Full definitionAI systems that produce new content, text, image, audio, video, code, or structured data, rather than only classifying or analysing existing inputs.
GPAI Code of Practice
Full definitiona voluntary compliance tool published by the EU AI Office in July 2025 to help providers of general-purpose AI models meet their obligations under the EU AI Act.
Ground Truth
Full definitionthe reference data, treated as correct, against which an AI model's predictions are trained and evaluated.
Grounding
Full definitionconnecting an AI model's outputs to verifiable external sources or data so the responses can be traced and trusted.
Guardrails
Full definitiontechnical and procedural controls that constrain an AI system's behaviour to keep its outputs and actions within acceptable bounds.
High-Risk AI
Full definitionAI systems classified by the EU AI Act as posing significant risk to health, safety, or fundamental rights, and therefore subject to the Act's most extensive obligations.
Hiroshima AI Process
Full definitionthe G7 initiative, launched under Japan's 2023 presidency, that produced International Guiding Principles and a voluntary Code of Conduct for organisations developing advanced AI systems.
Homomorphic Encryption
Full definitiona form of encryption that allows computations to be performed directly on encrypted data without decrypting it first.
Human Oversight
Full definitionthe design and governance measures that let people effectively monitor, intervene in, or override an AI system while it operates.
Human-in-the-Loop
Full definitiona design pattern in which a human reviews, approves, or can override an AI system's output or action before it takes effect.
Importer
Full definitionunder the EU AI Act, a natural or legal person located or established in the EU that places on the market an AI system bearing the name or trademark of a person established outside the EU.
India Digital Personal Data Protection Act
Full definitionthe Digital Personal Data Protection Act 2023 (DPDPA), India's first comprehensive data protection law, governing the processing of personal data by data fiduciaries.
Inference (AI)
Full definitionthe operational phase in which a trained AI model is used to generate outputs, predictions, classifications, or content, from new input data.
Intended Purpose
Full definitionunder the EU AI Act, the use for which an AI system is intended by its provider, including the specific context and conditions of use set out in the provider's instructions, marketing, and technical documentation.
Interpretability
Full definitionthe degree to which a human can understand the internal mechanics or cause of an AI model's output.
ISO 31000
Full definitionthe international standard providing principles and general guidelines for risk management across any type of organisation or risk.
ISO/IEC 22989
Full definitionthe international standard that establishes terminology and describes concepts in the field of artificial intelligence.
ISO/IEC 23053
Full definitionthe international standard, published in 2022, that provides a framework and common terminology for describing AI systems that use machine learning.
ISO/IEC 23894
Full definitionthe international standard providing guidance on managing risks specific to the development and use of artificial intelligence.
ISO/IEC 27001
Full definitionthe international standard specifying requirements for an information security management system (ISMS).
ISO/IEC 27701
Full definitionan international standard that extends the ISO/IEC 27001 information-security management system to privacy, specifying requirements and guidance for a privacy information management system (PIMS) covering the processing of personally identifiable information.
ISO/IEC 42001
Full definitionthe international management system standard for artificial intelligence, published in December 2023, against which organisations can be independently certified.
ISO/IEC 42005
Full definitionthe international standard, published in 2025, that provides guidance for organisations conducting AI system impact assessments across the AI system lifecycle.
ISO/IEC 5259
Full definitiona multi-part series of international standards addressing data quality for analytics and machine learning, covering quality measures, processes, governance, and management of training and operational data.
ISO/IEC TR 24028
Full definitionan international technical report, published in 2020, that gives an overview of trustworthiness in artificial intelligence, including properties such as robustness, reliability, transparency, and explainability, and approaches to achieving them.
Large Language Model (LLM)
Full definitiona foundation model specifically trained on a very large corpus of text to predict and generate human language, capable of conversation, reasoning, code generation, and a wide range of language-related tasks.
Legitimate Interest
Full definitiona legal basis under the GDPR permitting the processing of personal data where it is necessary for interests pursued by the controller or a third party, provided those interests are not overridden by the individual's rights and freedoms.
Limited-Risk AI
Full definitionAI systems that are neither prohibited nor high-risk under the EU AI Act but that interact with people or generate content, and are therefore subject mainly to the transparency obligations in Article 50.
Machine Learning
Full definitionthe branch of artificial intelligence in which algorithms learn patterns from data and use those patterns to make predictions or decisions, rather than following explicitly programmed rules.
Market Surveillance Authority
Full definitionthe national authority each EU Member State designates to supervise and enforce the EU AI Act in its territory, with powers to investigate, demand documentation, and order corrective action against non-compliant AI systems.
MAS FEAT Principles
Full definitionthe Monetary Authority of Singapore's 2018 principles for responsible AI in financial services, covering Fairness, Ethics, Accountability, and Transparency.
Material Service Provider
Full definitionunder APRA's prudential standard CPS 230, a third party an APRA-regulated entity relies on to deliver a critical operation, or that exposes it to material operational risk, increasingly including providers of AI and cloud services.
Meaningful Human Control
Full definitionthe principle that humans should retain genuine, informed authority over consequential decisions made or supported by AI systems.
Membership Inference
Full definitionan attack that determines whether a specific data record was part of a model's training dataset by analysing the model's output behaviour for that record.
MITRE ATLAS
Full definitiona knowledge base of adversarial tactics, techniques, and real-world case studies against AI-enabled systems, modelled on the widely used MITRE ATT&CK framework.
MLOps
Full definitionthe set of practices that combine machine learning, DevOps, and data engineering to automate and standardise the deployment, monitoring, and lifecycle management of machine learning models in production.
Model Card
Full definitiona short document accompanying a trained AI model that provides structured information about its performance, intended uses, limitations, and evaluation results across different demographic groups.
Model Collapse
Full definitiona degenerative process in which generative models trained on data produced by earlier models progressively lose information about the true data distribution, narrowing diversity and degrading quality over successive generations.
Model Distillation
Full definitiona technique in which a smaller "student" model is trained to reproduce the behaviour of a larger "teacher" model, transferring much of its capability into a more efficient form.
Model Drift
Full definitionthe degradation of an AI model's performance over time as the real-world data distribution diverges from the distribution on which the model was trained.
Model Evaluation
Full definitionthe systematic testing of an AI model's capabilities, limitations, and risks, using benchmarks, structured tests, and adversarial probing.
Model Extraction
Full definitionan attack that reconstructs a model's parameters or replicates its behaviour by systematically querying it and observing the outputs.
Model Inventory
Full definitiona complete, maintained catalogue of the models an organisation uses, recording each model's purpose, owner, risk tier, data, and validation status to support oversight and accountability.
Model Inversion
Full definitionan attack against a trained AI model that reconstructs sensitive training data by repeatedly querying the model and analysing its outputs.
Model Monitoring
Full definitionthe ongoing observation of a deployed model's inputs, outputs, and performance to detect degradation or drift over time.
Model Registry
Full definitiona centralised system for tracking, versioning, and managing machine learning models throughout their lifecycle, from development through deployment to retirement.
Model Risk
Full definitionthe risk of adverse consequences arising from decisions based on incorrect or misused model outputs, encompassing data quality, model design, implementation, and ongoing use.
Model Risk Management
Full definitionthe discipline of identifying, assessing, mitigating, and monitoring risks arising from the use of quantitative models to support business decisions.
Model Validation
Full definitionindependent verification that a model performs as intended, is fit for its purpose, and is used within its limitations.
Multimodal Model
Full definitionan AI model that can process or generate more than one type of data, for example combining text, images, audio, or video, within a single system.
Neural Network
Full definitiona class of machine learning model loosely inspired by biological neural systems, composed of interconnected processing units (neurons) organised in layers that transform input data through learned weights.
NIST AI 600-1 (Generative AI Profile)
Full definitiona companion resource to the NIST AI Risk Management Framework that addresses risks specific to generative AI systems.
NIST AI Risk Management Framework
Full definitiona voluntary, sector-agnostic framework published by the US National Institute of Standards and Technology that organises AI risk management around four functions: Govern, Map, Measure, and Manage.
Notified Body
Full definitionan independent organisation designated by an EU Member State to assess whether certain high-risk AI systems conform to the EU AI Act.
NYC Local Law 144
Full definitionNew York City Local Law 144 of 2021, which requires employers and employment agencies to conduct annual bias audits of automated employment decision tools (AEDTs) and notify candidates and employees of their use.
OAIC
Full definitionthe Office of the Australian Information Commissioner, Australia's national regulator for privacy and freedom of information, with increasing focus on AI and automated decision-making.
OECD AI Principles
Full definitionthe first intergovernmental standard on AI, adopted in 2019, setting out five values-based principles for trustworthy AI and five recommendations for national policy.
Open-Weight Model
Full definitionan AI model whose trained parameters (weights) are publicly released, allowing anyone to run, fine-tune, or build on it.
Operational Resilience
Full definitionthe ability of an organisation to continue delivering critical operations through disruption, including the failure, degradation, or compromise of the AI systems and providers those operations depend on.
Operator
Full definitionunder the EU AI Act, an umbrella term covering a provider, product manufacturer, deployer, authorised representative, importer, or distributor.
Overfitting
Full definitiona modelling failure in which a system learns the noise and idiosyncrasies of its training data rather than the underlying pattern, so it performs well in testing but poorly in the real world.
OWASP Top 10 for LLM Applications
Full definitiona community-maintained list of the most critical security risks specific to applications built on large language models, first released in 2023 and updated for 2025.
Placing on the Market
Full definitionunder the EU AI Act, the first making available of an AI system or general-purpose AI model on the EU market.
Post-Market Monitoring
Full definitionthe systematic collection and analysis of data on the performance, safety, and impact of an AI system after it has been deployed in production.
Predictive Policing
Full definitionthe use of AI to forecast the likelihood that an individual will commit a criminal offence based on profiling or personality traits, or to forecast where and when crime is likely to occur.
Privacy-Enhancing Technologies (PETs)
Full definitiontechniques that let data be used or analysed while minimising exposure of the underlying personal information.
Product Manufacturer
Full definitionunder the EU AI Act, the manufacturer of a product in which a high-risk AI system is used as a safety component, where the product is covered by the EU harmonisation legislation listed in Annex I and placed on the market under the manufacturer's name or trademark.
Profiling
Full definitionany automated processing of personal data to evaluate, analyse, or predict aspects of a person, such as their performance, economic situation, health, preferences, or behaviour.
Prompt Injection
Full definitionan attack technique in which malicious input is crafted to override or circumvent the intended instructions of an AI system, causing it to behave in unintended ways.
Provider
Full definitionunder the EU AI Act, a natural or legal person that develops an AI system or general-purpose AI model (or has one developed) and places it on the market or puts it into service under its own name or trademark, whether for payment or free of charge.
Proxy Discrimination
Full definitiondiscrimination that arises when a model relies on a neutral-looking variable that correlates strongly with a protected characteristic.
Pseudonymisation
Full definitionreplacing identifying details with a pseudonym so data cannot be attributed to a person without separately held additional information.
Purpose Limitation
Full definitionthe data-protection principle that personal data collected for one specified purpose should not be further processed in a way incompatible with that purpose.
Putting into Service
Full definitionunder the EU AI Act, the supply of an AI system for first use directly to the deployer, or for the provider's own use in the EU, for its intended purpose.
Re-identification
Full definitionthe process or risk of linking supposedly anonymous data back to the individuals it describes.
Real-Time Remote Biometric Identification
Full definitionthe use of AI to identify people from biometric data, such as facial images, at a distance in publicly accessible spaces and without significant delay, sharply restricted by the EU AI Act.
Reasonably Foreseeable Misuse
Full definitionunder the EU AI Act, the use of an AI system in a way that is not its intended purpose but that may result from reasonably foreseeable human behaviour or interaction with other systems.
Regulatory Sandbox
Full definitiona supervised environment in which organisations can test innovative AI products with real users under temporary regulatory relief and close regulator oversight.
Reinforcement Learning
Full definitiona machine-learning paradigm in which an agent learns to make decisions by taking actions in an environment and receiving rewards or penalties that it seeks to maximise over time.
Responsible AI
Full definitionthe discipline of designing, developing, deploying, and using AI in ways that align with stated values: typically fairness, accountability, transparency, safety, privacy, and human autonomy.
Responsible Scaling Policy (RSP)
Full definitiona developer's published framework that ties the deployment of more capable AI to predefined safety evaluations and safeguards.
Retrieval-Augmented Generation (RAG)
Full definitionan architectural pattern that combines a generative AI model with a retrieval system, so the model generates responses grounded in retrieved documents rather than only its parametric training data.
Right to Data Portability
Full definitionunder the GDPR, the right of a data subject to receive the personal data they provided to a controller in a structured, commonly used, machine-readable format, and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.
Right to Erasure
Full definitionthe right of an individual to have their personal data deleted in certain circumstances, also known as the right to be forgotten.
Right to Explanation
Full definitionthe legal right of individuals who are subject to automated decisions to receive meaningful information about the logic and significance of that decision, and in some jurisdictions to have it reviewed by a human.
Right to Object
Full definitionunder the GDPR, the right of a data subject to object, on grounds relating to their situation, to the processing of their personal data in certain circumstances, including processing based on legitimate interests and processing for direct marketing or profiling.
Right to Rectification
Full definitionunder the GDPR, the right of a data subject to have inaccurate personal data corrected and incomplete data completed without undue delay.
RLHF (Reinforcement Learning from Human Feedback)
Full definitiona training technique that uses human preference judgments to align an AI model's outputs with human values and intended behaviour.
Robustness
Full definitionan AI system's ability to maintain its performance under varied, unexpected, noisy, or adversarial conditions.
Safety Case
Full definitiona structured, evidence-backed argument that a system is acceptably safe to operate in a defined context and use.
Self-Supervised Learning
Full definitiona machine-learning approach in which a model learns from unlabelled data by generating its own training signal from the data itself, for example, by predicting masked or withheld parts of the input.
Semi-Supervised Learning
Full definitiona machine-learning approach that trains on a small amount of labelled data together with a larger amount of unlabelled data.
Seoul Declaration
Full definitionthe outcome of the AI Seoul Summit in May 2024, in which a group of governments affirmed commitments to safe, innovative, and inclusive AI, building on the 2023 Bletchley Declaration.
Serious Incident Reporting
Full definitionthe obligation on providers of high-risk AI to report serious incidents and malfunctions to the relevant authorities.
Shadow AI
Full definitionemployee use of AI tools without organisational authorisation, oversight, or governance, typically through personal accounts or browser-based consumer AI services.
Silent AI
Full definitionAI-related exposure that sits within an insurance policy without being explicitly covered or excluded, leaving it unclear at the time of a claim whether AI-caused loss will be paid.
Social Scoring
Full definitionthe evaluation or classification of people over a period of time based on their social behaviour or personal characteristics, leading to detrimental treatment in contexts unrelated to where the data was collected, or treatment that is unjustified or disproportionate, a practice prohibited by the EU AI Act.
Special Category Data
Full definitionpersonal data the GDPR affords extra protection because of its sensitivity, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, sex life or sexual orientation, and genetic and biometric data used to identify a person.
Substantial Modification
Full definitiona change to a high-risk AI system, or a use beyond its intended purpose, significant enough to trigger fresh obligations under the EU AI Act.
Supervised Learning
Full definitiona machine-learning approach in which a model is trained on labelled examples, inputs paired with known correct outputs, so that it can predict the output for new, unseen inputs.
Synthetic Media
Full definitionimages, audio, video, or text that have been generated or substantially modified by AI rather than captured from reality.
System Card
Full definitiona transparency document describing how a complete AI system behaves, including the model, its safeguards, evaluations, and known limitations.
Systemic Risk (GPAI)
Full definitionunder the EU AI Act, the category of risk posed by the most capable general-purpose AI models whose impact could propagate across the economy, society, or fundamental rights at scale.
Technical Documentation
Full definitionthe body of written evidence that providers of high-risk AI must maintain to demonstrate compliance with applicable requirements, covering system design, training, testing, and ongoing performance.
Third-Party AI Risk
Full definitionthe risk an organisation takes on when it relies on AI systems, models, or data supplied by external vendors.
Three Lines of Defence
Full definitionan organisational risk governance model in which the first line (business/operations) owns and manages risk, the second line (risk and compliance functions) provides oversight and frameworks, and the third line (internal audit) provides independent assurance.
Tokenisation
Full definitionin machine learning, the process of breaking text or other data into smaller units called tokens, which a model processes as its basic input and output elements.
Training Data Governance
Full definitionthe policies and controls applied to the data used to train AI models, covering provenance, quality, representativeness, legality, and documentation.
Transfer Learning
Full definitiona technique in which a model developed for one task is reused as the starting point for a model on a related task.
UNESCO Recommendation on the Ethics of AI
Full definitionthe first global standard-setting instrument on AI ethics, adopted by all UNESCO member states in November 2021, setting out values, principles, and policy actions for the responsible development and use of AI.
Unsupervised Learning
Full definitiona machine-learning approach in which a model finds structure or patterns in data that has not been labelled, for example by grouping similar items together.
Vector Database
Full definitiona database designed to store and search high-dimensional vector embeddings by similarity, enabling fast retrieval of the items most semantically related to a query.
Vendor Lock-In
Full definitiona situation in which switching away from an AI provider, model, or platform is costly or impractical, leaving an organisation dependent on a single supplier's pricing, terms, and continuity.
Voluntary AI Safety Standard (Australia)
Full definitiona voluntary framework published by the Australian Government in 2024 setting out ten "guardrails", covering accountability, risk management, data governance, testing, human oversight, transparency, contestability, supply-chain transparency, record-keeping, and stakeholder engagement, for organisations developing or deploying AI.
This glossary is maintained by the AIRiskAware research team and updated regularly as the regulatory landscape evolves. Every definition links to a fuller explanation and its primary sources.