AIRiskAware
Reference

AI Governance Glossary

Plain-English definitions of 215 essential terms in AI risk, governance, and compliance, from algorithmic bias and model drift to the EU AI Act, ISO 42001, and high-risk AI systems. Each term links to a full definition with its primary sources.

For informational purposes only. Definitions are written as general educational summaries. Legal and regulatory terms carry precise meanings in their source instruments, always refer to the primary regulation or standard for authoritative definitions. Regulatory requirements change; definitions are reviewed regularly but may not reflect the latest developments.

Want to explore a term in more depth or see how it applies to your specific situation?

A

Accountability Gap

Full definition

the difficulty of assigning responsibility for harms caused by AI systems whose decisions emerge from complex, distributed, and partly autonomous processes.

Adversarial Example

Full definition

an input deliberately crafted with small, often imperceptible changes that cause an AI model to make a confident but wrong prediction.

Agentic AI

Full definition

AI systems that perceive their environment, reason about goals, plan sequences of actions, and execute those actions with limited or no human oversight to achieve outcomes in the real world.

AI Alignment

Full definition

the problem of ensuring an AI system pursues the goals its designers and society actually intend, rather than unintended proxies.

AI Assurance

Full definition

the set of techniques (audits, testing, certification, impact assessments) used to build justified confidence that an AI system is trustworthy.

AI Audit

Full definition

an independent examination of an AI system to assess whether it meets defined criteria for performance, fairness, safety, regulatory compliance, and governance.

AI Bias

Full definition

systematic and unfair differences in AI system outputs that disadvantage particular individuals or groups, often correlated with protected characteristics.

AI Bill of Materials (AI-BOM)

Full definition

a structured, machine-readable inventory of the components that make up an AI system, models, datasets, libraries, and their provenance and licences, analogous to a software bill of materials (SBOM).

AI Compliance

Full definition

the activity of meeting legal, regulatory, and contractual obligations that apply to the development, deployment, and use of artificial intelligence systems.

AI Copyright

Full definition

the body of law and contract concerning rights in AI training data, AI-generated outputs, and the use of copyrighted material by AI systems.

AI Ethics

Full definition

the normative framework concerning what AI systems ought to do, the principles, values, and considerations that should guide AI development and deployment beyond strict legal compliance.

AI Governance

Full definition

the system of policies, structures, processes, and controls that enables an organisation to develop, procure, and use artificial intelligence responsibly, lawfully, and in a way that creates sustained value while managing its risks.

AI Hallucination

Full definition

when a generative AI model produces content that is factually incorrect, fabricated, or unsupported by its training data while presenting it with the same confidence as accurate content.

AI Impact Assessment

Full definition

a structured evaluation of the potential harms, benefits, and rights implications of an AI system before and during its deployment.

AI Incident

Full definition

an event in which an AI system causes, contributes to, or has the potential to cause harm, including physical, psychological, financial, or reputational harm, to individuals, organisations, or society.

AI Insurance

Full definition

insurance coverage addressing losses and liabilities arising from the use, development, or failure of AI systems, including dedicated AI liability policies and AI-specific exclusions or endorsements within existing cyber, technology, or general-liability cover.

AI Inventory

Full definition

a comprehensive and maintained register of all AI systems that an organisation develops, procures, or deploys, typically including risk classification, use case, data sources, and ownership.

AI Literacy

Full definition

a sufficient understanding of how AI systems work, their capabilities, and their limitations, held by the people who deploy or oversee them.

AI Management System

Full definition

a systematic framework of policies, processes, and controls that an organisation uses to manage the development, deployment, and use of artificial intelligence throughout its lifecycle.

AI Red Teaming

Full definition

structured adversarial testing of an AI system, by humans or other AI systems, to identify vulnerabilities, failure modes, harmful outputs, and ways the system can be misused.

AI Regulation

Full definition

the body of binding law and enforceable regulatory guidance that governs how AI systems are developed, sold, and used.

AI Risk Appetite

Full definition

the level and type of AI-related risk that an organisation is willing to accept in pursuit of its objectives, formally approved by the board or governing body.

AI Risk Management

Full definition

the discipline of identifying, assessing, treating, monitoring, and reporting risks specific to artificial intelligence systems within an organisation's broader enterprise risk framework.

AI Risk Tiers

Full definition

the EU AI Act's risk-based classification of AI systems into unacceptable, high, limited, and minimal risk, each with different obligations.

AI Safety

Full definition

the field concerned with ensuring AI systems behave reliably and as intended, particularly as their capabilities approach or exceed human-level performance in defined domains.

AI Safety Institute

Full definition

a government-established body that researches, evaluates, and advises on the safety and security risks of advanced AI systems, often testing frontier models and informing policy.

AI Strategy

Full definition

an organisation's plan for where, why, and how it will use artificial intelligence to create value, together with the governance, capability, and investment choices that make that use durable, lawful, and safe.

AI Supply Chain

Full definition

the chain of external components an AI system depends on, foundation models, training data, libraries, APIs, and compute providers, each carrying its own security, legal, and reliability risk.

AI System

Full definition

under the EU AI Act, a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers from the input it receives how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.

AI Transparency

Full definition

the legal and ethical requirement that people are told when they are interacting with AI, when content is AI-generated, and, in some cases, how an AI decision affecting them was reached.

AI Verify

Full definition

Singapore's AI governance testing framework and software toolkit that allows organisations to demonstrate responsible AI through standardised technical tests and process checks.

AI Washing

Full definition

the practice of misrepresenting the AI capability, sophistication, or involvement of a product, service, or company to investors, customers, or regulators.

AI Watermarking

Full definition

embedding a machine-detectable marker in AI-generated content so it can later be identified as synthetic.

Algorithmic Accountability

Full definition

the principle that the organisations deploying automated systems remain answerable for those systems' decisions and impacts.

Algorithmic Disgorgement

Full definition

a regulatory remedy requiring an organisation to delete models and algorithms built using improperly obtained data.

Algorithmic Impact Assessment

Full definition

a structured, questionnaire-based assessment, originating in the Canadian federal government's Directive on Automated Decision-Making, that scores the impact level of an automated decision system and sets proportionate requirements.

Algorithmic Transparency

Full definition

the degree to which information about an AI system's design, data, and decision-making logic is made available to regulators, auditors, affected individuals, or the public.

Anonymisation

Full definition

processing personal data so that individuals can no longer be identified from it, irreversibly and in a way that cannot reasonably be undone.

Artificial General Intelligence (AGI)

Full definition

a hypothetical AI system capable of understanding, learning, and applying knowledge across the full range of tasks at which humans are capable, rather than being narrow to a specific domain.

Authorised Representative

Full definition

under the EU AI Act, a natural or legal person established in the EU who has received and accepted a written mandate from a provider established outside the EU to carry out the provider's obligations under the Act on its behalf.

Automated Decision-Making (ADM)

Full definition

the process of making a decision about an individual by automated means without meaningful human involvement.

Automated Employment Decision Tool (AEDT)

Full definition

an AI tool used to substantially assist or replace hiring, screening, or promotion decisions about candidates or employees.

Automation Bias

Full definition

the tendency for humans to over-rely on automated AI recommendations, deferring to them even when their own judgment or other information suggests a different conclusion.

C

CE Marking (AI)

Full definition

the conformity marking a high-risk AI system must carry to show it meets EU requirements before being placed on the EU market.

Chain of Thought

Full definition

a technique in which a model is prompted to generate intermediate reasoning steps before producing a final answer.

Codes of Conduct (EU AI Act)

Full definition

voluntary codes encouraged by the EU AI Act that help providers and deployers of non-high-risk AI apply some of the Act's high-risk-style requirements, or pursue other commitments such as environmental sustainability and accessibility.

Colorado AI Act

Full definition

Colorado Senate Bill 24-205, signed in May 2024 as the first comprehensive US state law on high-risk AI, but repealed and replaced before it ever took effect by SB 189, signed 14 May 2026.

Compute Governance

Full definition

governing advanced AI by monitoring or controlling access to the large-scale computing power used to train it.

Concentration Risk

Full definition

in an AI context, the risk that arises when an organisation, or a whole market, depends heavily on a small number of AI models, providers, or infrastructure, so that a single failure, outage, price change, or policy shift has outsized impact.

Concept Drift

Full definition

a change over time in the real-world relationship a model is trying to predict, so that the patterns it learned during training no longer hold.

Confidential Computing

Full definition

protecting data while it is being processed by performing the computation inside a hardware-based trusted execution environment.

Conformity Assessment

Full definition

the process by which a provider of an AI system demonstrates that it meets the requirements of an applicable regulation or standard before placing the system on the market.

Consent

Full definition

under the GDPR, any freely given, specific, informed, and unambiguous indication of a data subject's wishes by which they signify agreement, through a statement or clear affirmative action, to the processing of their personal data.

Content Provenance

Full definition

verifiable information about the origin, authorship, and editing history of digital content, used to distinguish AI-generated material from human-created content.

Content Provenance

Full definition

verifiable information about where a piece of digital content came from and how it was created or edited, including whether AI was involved, typically attached using cryptographic metadata standards.

Contestability

Full definition

the ability of individuals affected by an AI-driven decision to challenge that decision and have it reviewed, corrected, or overridden by a human.

Context Window

Full definition

the maximum amount of text, measured in tokens, that a large language model can take into account at once, including both the input prompt and the generated output.

Corrective Action

Full definition

the steps a provider or deployer takes to bring a non-compliant or malfunctioning AI system back into conformity, or to withdraw it from the market.

Council of Europe AI Convention

Full definition

the first legally binding international treaty on artificial intelligence, framing AI around human rights, democracy, and the rule of law.

Covariate Shift

Full definition

a form of distribution shift where the statistical distribution of input features changes between training and deployment, while the underlying relationship between inputs and outputs remains the same.

Critical Third Party

Full definition

a provider whose services are so important to many regulated firms that its failure could threaten financial stability, attracting direct regulatory oversight of the provider itself rather than only its customers.

D

Data Controller

Full definition

the entity that determines the purposes and means of processing personal data, and bears primary accountability for it.

Data Leakage

Full definition

the unintended exposure of sensitive information through an AI system, either into a model during training (where it may later be reproduced) or out of a system at inference, through prompts, outputs, logs, or stored context.

Data Minimisation

Full definition

the data-protection principle that personal data collected and processed should be adequate, relevant, and limited to what is necessary for the stated purpose.

Data Poisoning

Full definition

a form of adversarial attack on AI systems where malicious data is deliberately introduced into the training dataset to corrupt a model's learned behaviour or introduce backdoors.

Data Processor

Full definition

an entity that processes personal data on behalf of, and on the instructions of, a data controller.

Data Protection by Design and by Default

Full definition

the obligation to build privacy safeguards into systems from the outset and to default to the most privacy-protective settings.

Data Protection Impact Assessment (DPIA)

Full definition

a structured process under GDPR Article 35 for identifying and mitigating data protection risks before processing that is likely to result in high risk to individuals.

Data Protection Officer

Full definition

under the GDPR, an independent expert that an organisation must appoint in defined circumstances to advise on data-protection obligations, monitor compliance, and act as a contact point for the supervisory authority and data subjects.

Data Sovereignty

Full definition

the principle that data is subject to the laws and governance of the jurisdiction in which it is collected, stored, or processed.

Data Subject Rights

Full definition

the set of rights the GDPR grants individuals over their personal data, including access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision-making.

Datasheets for Datasets

Full definition

a documentation standard that records how a dataset was created, composed, intended to be used, and maintained.

Deepfake

Full definition

AI-generated or AI-manipulated synthetic content, audio, image, or video, that depicts real people doing or saying things they did not do or say.

Deployer

Full definition

under the EU AI Act, a natural or legal person using an AI system under its own authority, except where the system is used in the course of a personal, non-professional activity.

Differential Privacy

Full definition

a mathematical privacy guarantee that limits the amount of information that can be inferred about any individual from an AI model or dataset, by adding calibrated statistical noise.

Disparate Impact

Full definition

a form of discrimination that occurs when a facially neutral practice disproportionately disadvantages a protected group, regardless of intent.

Distributor

Full definition

under the EU AI Act, a natural or legal person in the supply chain, other than the provider or importer, that makes an AI system available on the EU market.

Dual-Use Foundation Model

Full definition

a foundation model whose capabilities could be applied to both beneficial uses and serious harm, such as cyber or biological misuse.

I

Importer

Full definition

under the EU AI Act, a natural or legal person located or established in the EU that places on the market an AI system bearing the name or trademark of a person established outside the EU.

India Digital Personal Data Protection Act

Full definition

the Digital Personal Data Protection Act 2023 (DPDPA), India's first comprehensive data protection law, governing the processing of personal data by data fiduciaries.

Inference (AI)

Full definition

the operational phase in which a trained AI model is used to generate outputs, predictions, classifications, or content, from new input data.

Intended Purpose

Full definition

under the EU AI Act, the use for which an AI system is intended by its provider, including the specific context and conditions of use set out in the provider's instructions, marketing, and technical documentation.

Interpretability

Full definition

the degree to which a human can understand the internal mechanics or cause of an AI model's output.

ISO 31000

Full definition

the international standard providing principles and general guidelines for risk management across any type of organisation or risk.

ISO/IEC 22989

Full definition

the international standard that establishes terminology and describes concepts in the field of artificial intelligence.

ISO/IEC 23053

Full definition

the international standard, published in 2022, that provides a framework and common terminology for describing AI systems that use machine learning.

ISO/IEC 23894

Full definition

the international standard providing guidance on managing risks specific to the development and use of artificial intelligence.

ISO/IEC 27001

Full definition

the international standard specifying requirements for an information security management system (ISMS).

ISO/IEC 27701

Full definition

an international standard that extends the ISO/IEC 27001 information-security management system to privacy, specifying requirements and guidance for a privacy information management system (PIMS) covering the processing of personally identifiable information.

ISO/IEC 42001

Full definition

the international management system standard for artificial intelligence, published in December 2023, against which organisations can be independently certified.

ISO/IEC 42005

Full definition

the international standard, published in 2025, that provides guidance for organisations conducting AI system impact assessments across the AI system lifecycle.

ISO/IEC 5259

Full definition

a multi-part series of international standards addressing data quality for analytics and machine learning, covering quality measures, processes, governance, and management of training and operational data.

ISO/IEC TR 24028

Full definition

an international technical report, published in 2020, that gives an overview of trustworthiness in artificial intelligence, including properties such as robustness, reliability, transparency, and explainability, and approaches to achieving them.

M

Machine Learning

Full definition

the branch of artificial intelligence in which algorithms learn patterns from data and use those patterns to make predictions or decisions, rather than following explicitly programmed rules.

Market Surveillance Authority

Full definition

the national authority each EU Member State designates to supervise and enforce the EU AI Act in its territory, with powers to investigate, demand documentation, and order corrective action against non-compliant AI systems.

MAS FEAT Principles

Full definition

the Monetary Authority of Singapore's 2018 principles for responsible AI in financial services, covering Fairness, Ethics, Accountability, and Transparency.

Material Service Provider

Full definition

under APRA's prudential standard CPS 230, a third party an APRA-regulated entity relies on to deliver a critical operation, or that exposes it to material operational risk, increasingly including providers of AI and cloud services.

Meaningful Human Control

Full definition

the principle that humans should retain genuine, informed authority over consequential decisions made or supported by AI systems.

Membership Inference

Full definition

an attack that determines whether a specific data record was part of a model's training dataset by analysing the model's output behaviour for that record.

MITRE ATLAS

Full definition

a knowledge base of adversarial tactics, techniques, and real-world case studies against AI-enabled systems, modelled on the widely used MITRE ATT&CK framework.

MLOps

Full definition

the set of practices that combine machine learning, DevOps, and data engineering to automate and standardise the deployment, monitoring, and lifecycle management of machine learning models in production.

Model Card

Full definition

a short document accompanying a trained AI model that provides structured information about its performance, intended uses, limitations, and evaluation results across different demographic groups.

Model Collapse

Full definition

a degenerative process in which generative models trained on data produced by earlier models progressively lose information about the true data distribution, narrowing diversity and degrading quality over successive generations.

Model Distillation

Full definition

a technique in which a smaller "student" model is trained to reproduce the behaviour of a larger "teacher" model, transferring much of its capability into a more efficient form.

Model Drift

Full definition

the degradation of an AI model's performance over time as the real-world data distribution diverges from the distribution on which the model was trained.

Model Evaluation

Full definition

the systematic testing of an AI model's capabilities, limitations, and risks, using benchmarks, structured tests, and adversarial probing.

Model Extraction

Full definition

an attack that reconstructs a model's parameters or replicates its behaviour by systematically querying it and observing the outputs.

Model Inventory

Full definition

a complete, maintained catalogue of the models an organisation uses, recording each model's purpose, owner, risk tier, data, and validation status to support oversight and accountability.

Model Inversion

Full definition

an attack against a trained AI model that reconstructs sensitive training data by repeatedly querying the model and analysing its outputs.

Model Monitoring

Full definition

the ongoing observation of a deployed model's inputs, outputs, and performance to detect degradation or drift over time.

Model Registry

Full definition

a centralised system for tracking, versioning, and managing machine learning models throughout their lifecycle, from development through deployment to retirement.

Model Risk

Full definition

the risk of adverse consequences arising from decisions based on incorrect or misused model outputs, encompassing data quality, model design, implementation, and ongoing use.

Model Risk Management

Full definition

the discipline of identifying, assessing, mitigating, and monitoring risks arising from the use of quantitative models to support business decisions.

Model Validation

Full definition

independent verification that a model performs as intended, is fit for its purpose, and is used within its limitations.

Multimodal Model

Full definition

an AI model that can process or generate more than one type of data, for example combining text, images, audio, or video, within a single system.

P

Placing on the Market

Full definition

under the EU AI Act, the first making available of an AI system or general-purpose AI model on the EU market.

Post-Market Monitoring

Full definition

the systematic collection and analysis of data on the performance, safety, and impact of an AI system after it has been deployed in production.

Predictive Policing

Full definition

the use of AI to forecast the likelihood that an individual will commit a criminal offence based on profiling or personality traits, or to forecast where and when crime is likely to occur.

Privacy-Enhancing Technologies (PETs)

Full definition

techniques that let data be used or analysed while minimising exposure of the underlying personal information.

Product Manufacturer

Full definition

under the EU AI Act, the manufacturer of a product in which a high-risk AI system is used as a safety component, where the product is covered by the EU harmonisation legislation listed in Annex I and placed on the market under the manufacturer's name or trademark.

Profiling

Full definition

any automated processing of personal data to evaluate, analyse, or predict aspects of a person, such as their performance, economic situation, health, preferences, or behaviour.

Prompt Injection

Full definition

an attack technique in which malicious input is crafted to override or circumvent the intended instructions of an AI system, causing it to behave in unintended ways.

Provider

Full definition

under the EU AI Act, a natural or legal person that develops an AI system or general-purpose AI model (or has one developed) and places it on the market or puts it into service under its own name or trademark, whether for payment or free of charge.

Proxy Discrimination

Full definition

discrimination that arises when a model relies on a neutral-looking variable that correlates strongly with a protected characteristic.

Pseudonymisation

Full definition

replacing identifying details with a pseudonym so data cannot be attributed to a person without separately held additional information.

Purpose Limitation

Full definition

the data-protection principle that personal data collected for one specified purpose should not be further processed in a way incompatible with that purpose.

Putting into Service

Full definition

under the EU AI Act, the supply of an AI system for first use directly to the deployer, or for the provider's own use in the EU, for its intended purpose.

R

Re-identification

Full definition

the process or risk of linking supposedly anonymous data back to the individuals it describes.

Real-Time Remote Biometric Identification

Full definition

the use of AI to identify people from biometric data, such as facial images, at a distance in publicly accessible spaces and without significant delay, sharply restricted by the EU AI Act.

Reasonably Foreseeable Misuse

Full definition

under the EU AI Act, the use of an AI system in a way that is not its intended purpose but that may result from reasonably foreseeable human behaviour or interaction with other systems.

Regulatory Sandbox

Full definition

a supervised environment in which organisations can test innovative AI products with real users under temporary regulatory relief and close regulator oversight.

Reinforcement Learning

Full definition

a machine-learning paradigm in which an agent learns to make decisions by taking actions in an environment and receiving rewards or penalties that it seeks to maximise over time.

Responsible AI

Full definition

the discipline of designing, developing, deploying, and using AI in ways that align with stated values: typically fairness, accountability, transparency, safety, privacy, and human autonomy.

Responsible Scaling Policy (RSP)

Full definition

a developer's published framework that ties the deployment of more capable AI to predefined safety evaluations and safeguards.

Retrieval-Augmented Generation (RAG)

Full definition

an architectural pattern that combines a generative AI model with a retrieval system, so the model generates responses grounded in retrieved documents rather than only its parametric training data.

Right to Data Portability

Full definition

under the GDPR, the right of a data subject to receive the personal data they provided to a controller in a structured, commonly used, machine-readable format, and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.

Right to Erasure

Full definition

the right of an individual to have their personal data deleted in certain circumstances, also known as the right to be forgotten.

Right to Explanation

Full definition

the legal right of individuals who are subject to automated decisions to receive meaningful information about the logic and significance of that decision, and in some jurisdictions to have it reviewed by a human.

Right to Object

Full definition

under the GDPR, the right of a data subject to object, on grounds relating to their situation, to the processing of their personal data in certain circumstances, including processing based on legitimate interests and processing for direct marketing or profiling.

Right to Rectification

Full definition

under the GDPR, the right of a data subject to have inaccurate personal data corrected and incomplete data completed without undue delay.

RLHF (Reinforcement Learning from Human Feedback)

Full definition

a training technique that uses human preference judgments to align an AI model's outputs with human values and intended behaviour.

Robustness

Full definition

an AI system's ability to maintain its performance under varied, unexpected, noisy, or adversarial conditions.

S

Safety Case

Full definition

a structured, evidence-backed argument that a system is acceptably safe to operate in a defined context and use.

Self-Supervised Learning

Full definition

a machine-learning approach in which a model learns from unlabelled data by generating its own training signal from the data itself, for example, by predicting masked or withheld parts of the input.

Semi-Supervised Learning

Full definition

a machine-learning approach that trains on a small amount of labelled data together with a larger amount of unlabelled data.

Seoul Declaration

Full definition

the outcome of the AI Seoul Summit in May 2024, in which a group of governments affirmed commitments to safe, innovative, and inclusive AI, building on the 2023 Bletchley Declaration.

Serious Incident Reporting

Full definition

the obligation on providers of high-risk AI to report serious incidents and malfunctions to the relevant authorities.

Shadow AI

Full definition

employee use of AI tools without organisational authorisation, oversight, or governance, typically through personal accounts or browser-based consumer AI services.

Silent AI

Full definition

AI-related exposure that sits within an insurance policy without being explicitly covered or excluded, leaving it unclear at the time of a claim whether AI-caused loss will be paid.

Social Scoring

Full definition

the evaluation or classification of people over a period of time based on their social behaviour or personal characteristics, leading to detrimental treatment in contexts unrelated to where the data was collected, or treatment that is unjustified or disproportionate, a practice prohibited by the EU AI Act.

Special Category Data

Full definition

personal data the GDPR affords extra protection because of its sensitivity, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, sex life or sexual orientation, and genetic and biometric data used to identify a person.

Substantial Modification

Full definition

a change to a high-risk AI system, or a use beyond its intended purpose, significant enough to trigger fresh obligations under the EU AI Act.

Supervised Learning

Full definition

a machine-learning approach in which a model is trained on labelled examples, inputs paired with known correct outputs, so that it can predict the output for new, unseen inputs.

Synthetic Media

Full definition

images, audio, video, or text that have been generated or substantially modified by AI rather than captured from reality.

System Card

Full definition

a transparency document describing how a complete AI system behaves, including the model, its safeguards, evaluations, and known limitations.

Systemic Risk (GPAI)

Full definition

under the EU AI Act, the category of risk posed by the most capable general-purpose AI models whose impact could propagate across the economy, society, or fundamental rights at scale.

This glossary is maintained by the AIRiskAware research team and updated regularly as the regulatory landscape evolves. Every definition links to a fuller explanation and its primary sources.