AIGP Artificial Intelligence Governance Professional Questions and Answers

The primary reason the EU is considering updates to its Product Liability Directive is to address digital services and connected products. The current directive does not adequately cover the complexities and challenges posed by modern digital and connected technologies. By updating the directive, the EU aims to ensure that it remains relevant and effective in addressing the liabilities associated with these advanced products, ensuring consumer protection and fair market practices in the digital age.

The correct answer isA. Only GPAI modelswith systemic riskmustpublish a detailed summary of training datato meet transparency and accountability standards under the EU AI Act.

From the AI Governance in Practice Report2025(EU AI Act Section):

“For GPAI systems with systemic risk, providers must publish sufficiently detailed summaries of the content used to train the model.”

Also, the AIGP ILT Guide confirms:

“The obligation to disclose summaries of training data applies only to systemic-risk GPAI models, not all general-purpose models or high-risk systems.”

This unique requirement is part of the Act’s effort to increasetransparency and auditabilityfor powerful foundational models.

===========

The correct answeris Engagementof a cross-functional team. Effective AI governance requires collaboration among various organizational functions including legal, compliance, IT, ethics, and data science.

From the AIGP Body of Knowledge:

“AI governance cannot be siloed—it requires input and oversight from across departments... A cross-functional team ensures that ethical, technical, legal, and operational risks are all appropriately managed.”

Also confirmed in the ILT Participant Guide:

“Cross-functional teams allow organizations to bring in different perspectives... Legal, compliance, and technical experts must work together to ensure responsible AI outcomes.”

===========

During the first month of monitoring the model for bias, it is most important to continue disparity testing. Disparity testing involves regularly evaluating the model's decisions to identify and address any biases, ensuring that the model operates fairly across different demographic groups.

AI's resource-intensive computing demands pose significant environmental risks. High-performance computing required for training and deploying AI models often leads to substantial energy consumption, which can result in increased carbon emissions and other environmental impacts. This is particularly relevant given the growing concern over climate change and the environmental footprint of technology. Organizations need to consider these environmental risks when developing AI systems, potentially exploring more energy-efficient methods and renewable energy sources to mitigate the environmental impact.

The correct answer isD. Forming adedicated governance committeeensures continuous oversight, role clarity, and accountability throughout the AI lifecycle.

From the AIGP ILT Guide – Governance Structures:

“Organizations using AI in high-impact scenarios should establish a governance body responsible for oversight of risk, compliance, and ethical alignment.”

Also reflected in AI Governance in Practice Report2025:

“Committees support cross-functional decision-making, provide guidance for updates, and maintain accountability. This is especially critical for high-stakes applications like marketing to diverse audiences.”

Options A, B, and C are valid supplementary actions, butDoffers a long-term and systematic governance mechanism.

The correct answer isA. Pre- and post-deployment testing ensuresbias, accuracy, and fairnessare evaluated and corrected as needed, which isessential for reputational risk mitigation.

From the AIGP Body of Knowledge:

“Testing AI systems before and after deployment is critical to ensure performance, fairness, and compliance. Failing to do so may result in reputational damage and legal exposure.”

AI Governance in Practice Report2025(Bias/Fairness and Risk Sections):

“System impact assessments, testing, and post-deployment monitoring are necessary to identify and mitigate risks… This supports both compliance and public trust.”

Testing is proactive, unlike indemnification (which transfers risk after damage), or requiring manual review (which defeats automation).

The correct answer isB. "Candidate quality" isnota negative consequence of using AI—rather, it is the intendedbenefitof using such tools (e.g., more efficient filtering of strong candidates).

From the AIGP ILT Guide:

“Automation bias, disparate impact, and privacy risks are well-documented concerns in AI-assisted hiring. These risks may arise when AI models replicate biases present in training data or obscure the decision logic.”

AI Governance in Practice Report2025(Bias and Fairness Section) also warns:

“Improper AI use in hiring can lead to disparate impact, where neutral criteria disproportionately disadvantage protected groups.”

Candidate quality is agoal, not a risk, makingB the correct answerfor what isnota negative outcome.

===========

The best approach to enable a customer who wants information on the AI model's parameters for underwriting purposes is to provide a transparency notice. This notice should explain the nature of the AI system, how it uses customer data, and the decision-making process it follows. Providing a transparency notice is crucial for maintaining trust and compliance with regulatory requirements regarding the transparency and accountability of AI systems.

The correct answer isB – Proprietary methods. While transparency is important, organizations arenot obligated to disclose proprietary algorithms, methods, or trade secretsin public disclosures.

From the AIGP Body of Knowledge – Transparency & Disclosures:

“AI system users should disclose the purpose, capabilities, limitations, and applicable legal context—but not sensitive IP.”

AI Governance in Practice Report2025(Transparency Section) states:

“Disclosure requirements balance public understanding with the need to protect proprietary business interests. Proprietary training methods are not expected to be disclosed.”

Thus, while it’s best practice to disclose theintended purpose, legal compliance, and system limitations,internal proprietary techniquesare usually excluded.

===========

Providing the loan applicants with information about the model capabilities and limitations would not directly support fairness testing by the compliance team. Fairness testing focuses on evaluating the model's decisions for biases and ensuring equitable treatment across different demographic groups, rather than informing applicants about the model.

The core ethical concern when deploying diagnostic AI in a healthcare setting is ensuringfairness and accuracy across diverse patient populations. If the AI is trained on a dataset that isnot representativeof the population it will serve, it risks reinforcing health disparities and leading to misdiagnoses.

From theAI Governance in Practice Report2025:

“Training datasets lacking in diversity can produce outputs that systematically underperform for certain groups… this can lead to inaccurate or biased outcomes in healthcare settings.” (p. 41)

“Bias, discrimination and fairness challenge… inadequate or nonrepresentative training data can result in AI systems that propagate historical disparities.” (p. 42)

While physician oversight may reduce risk,biased data can still shape clinical decision-making.

A– Economic benefit is not central to ethical risk here.

C– Important but less critical than data representativeness.

D– Error rate matters but is addressed via validation; it’s not the core ethical issue.

The correct answer isD. While modernization through software may support efficiency, it isnot a foundational or essential componentof designing an integrated strategy.

From the AI Governance in Practice Report2025:

“Integrated strategies rely on senior management support, ethical reviews, and stakeholder engagement... The use of tools and platforms may come later as an operational enhancement.”

Also confirmed in AIGP Body of Knowledge:

“Key components of a governance framework include leadership buy-in, ethical analysis, and stakeholder input. Tools are supporting elements—not strategic drivers.”

===========

The correct answer isD. Transparency obligations under data protection laws, such as GDPR and most AI governance frameworks, require thatusers whose data is being processedbe directly informed.

From the AIGP ILT Guide (Privacy Module):

“The user privacy notice must be updated to explain the nature of automated processing, the logic involved, and the significance and consequences for the data subject.”

Also, per AI Governance in Practice Report2025(Part III):

“Transparency obligations apply throughout the lifecycle of AI… Individuals must be informed about automated decision-making and profiling that may impact them.”

Unlike internal policies or general privacy notices,the user privacy noticeprovides direct transparency to theindividual data subjectsaffected by AI processing.

===========

The OECD's Ethical AI Governance Framework aims to ensure that AI development and deployment are carried out ethically while fostering innovation. The framework includes principles like transparency, accountability, and human rights protections to prevent societal harm. It does not focus solely on technical design or post-deployment monitoring (C), nor does it establish industry-specific requirements (B). While explainability is important, the primary goal is to balance innovation with ethical considerations (D).

The U.S. mortgage company's AI platform relates to housing and credit, making the Fair Housing Act (A), Fair Credit Reporting Act (B), and Equal Credit Opportunity Act (C) relevant. Title VII of the Civil Rights Act of 1964 deals with employment discrimination and is not directly relevant to the mortgage application context (D).

A multi-modal model is an AI system that can process and analyze multiple types of data, such as text, video, images, and sound. This type of AI integrates different data sources to enhance its understanding and decision-making capabilities. In the given scenario, the AI technology that tags content including names of animals, humans, and objects falls under this category. Reference: AIGP BODY OF KNOWLEDGE, which outlines the capabilities and use cases of multi-modal models​​.

The potential negative consequences of using an AI tool in hiring include reputational harm (A), civil rights violations (B), and discriminatory treatment (C). These issues stem from biases in the AI system or its misuse, which can lead to unfair hiring practices and legal liabilities. Intellectual property infringement (D) is not a typical consequence of using AI in hiring, as it relates to the unauthorized use of protected intellectual property, which is not directly relevant to the hiring process or the potential biases within AI tools​​​​.

The correct answeris.CThis action ties directly into principlesof dataminimization, purpose limitation,and lawfulnessof processing, which are central to privacy and AI governance.

From the AIGP Body of Knowledge, Section on Privacy Considerations:

“Personal data must only be processed for specified and lawful purposes. Organizations must consider whether they have a legal basis for processing such data under data protection laws like the GDPR or CCPA.”

Additionally, AI Governance in Practice Report2025emphasizes:

“One of the most significant challenges when designing and developing AI systems is ensuring the data used is appropriate for the intended purpose… Managing unnecessary data, especially data that may contain sensitive attributes, can increase risk.”

===========

Training data is used to enable a model to detect and learn patterns. During the training phase, the model learns from the labeled data, identifying patterns and relationships that it will later use to make predictions on new, unseen data. This process is fundamental in building an AI model's capability to perform tasks accurately. Reference: AIGP Body of Knowledge on Model Training and Pattern Recognition.

Private LLMs offer advantages likecustomizability,reduced hallucination,confidentiality, andalignment with enterprise-specific tasks, but theydo not inherently reduce the time or effortneeded fordata validation or verification— which remains an essential step regardless of model privacy.

From the AI risk and quality sections:

“Ensuring the quality of the data… is highly contextual and must be validated regardless of the model’s deployment environment.” (p. 17)

B, C, Dare legitimate benefits of private LLMs.

Ais incorrect — validation still requires time and resources.

Feature selection is the most important element of feature engineering to mitigate potential bias in an AI system. This process involves choosing the most relevant and representative features from the data set, which directly affects the model’s performance and fairness. By carefully selecting features, data scientists can reduce the influence of biased or irrelevant attributes, ensuring that the AI system is more accurate and equitable. Proper feature selection helps in eliminating biases that might stem from socio-demographic factors or other sensitive variables, leading to a more balanced and fair AI model. Reference: AIGP Body of Knowledge on Fairness in AI and Feature Engineering.

After completing model testing and validation, the most important step prior to deploying the model into production is to perform a readiness assessment. This assessment ensures that the model is fully prepared for deployment, addressing any potential issues related to infrastructure, performance, security, and compliance. It verifies that the model meets all necessary criteria for a successful launch. Other steps, such as defining a model-validation methodology, documenting maintenance teams and processes, and identifying known edge cases, are also important but come secondary to confirming overall readiness. Reference: AIGP Body of Knowledge on Deployment Readiness.

Third-party risk management for AI systems should beproportional and risk-based, involvinginitial due diligenceandongoing monitoringthat reflects thelevel of risk posedby the third party's AI system.

From theAI Governance in Practice Report2025:

“Third-party due diligence assessments to identify possible external risk and inform selection.” (p. 11)

“Legal due diligence may include verification of the personal data's lawful collection by the data broker, review of contractual obligations…” (p. 19)

Afocuses too narrowly on financial stability.

Cis excessive and not scalable or aligned with best practices.

Dinappropriately separates ethical and technical risks; both must be evaluated holistically.

The White House Executive Order of November 2023 designates the National Institute of Standards and Technology (NIST) as the responsible body for creating guidelines to conduct red-teaming tests of AI systems. NIST is tasked with developing and providing standards and frameworks to ensure the security, reliability, and ethical deployment of AI systems, including conducting rigorous red-teaming exercises to identify vulnerabilities and assess risks in AI systems.

In the design phase of integrating data from different sources, identifying fits and gaps is crucial. This process involves understanding how well the data from the clinical research partner aligns with the healthcare network's existing data. It ensures that the combined data set is coherent and can be effectively used for training the AI algorithm. This step helps in spotting any discrepancies, inconsistencies, or missing data that might affect the performance and accuracy of the AI model. It directly addresses the integrity and compatibility of the data, which is foundational before applying any privacy-enhancing technologies, labeling, or evaluating the origin of the data. Reference: AIGP Body of Knowledge on Data Integration and Quality.

When assessing whether users should be given the right to opt out from an AI system, the primary considerations are feasibility, risk to users, and industry practice. Feasibility addresses whether the opt-out mechanism can be practically implemented. Risk to users assesses the potential harm or benefits users might face if they cannot opt out. Industry practice considers the norms and standards within the industry. However, the cost of alternative mechanisms, while important in the broader context of implementation, is not directly relevant to the ethical consideration of whether users should have the right to opt out. The focus should be on protecting user rights and ensuring ethical AI practices.

The EU AI Act imposes severalmandatory obligationson high-risk AI systems, butpublishing a detailed report on training dataisnotone of them.

From theAI Governance in Practice Report2025:

“It mandates drawing up technical documentation for high-risk AI systems, and requires high-risk AI systems to come with instructions for use that disclose various information, including characteristics, capabilities and performance limitations.” (p. 34)

“To make high-risk AI systems more traceable, it also requires AI systems to be able to automatically allow for the maintenance of logs throughout the AI life cycle.”

“Conducting post-market monitoring” and “conformity assessments” areexplicitrequirements for high-risk systems. (p. 34–35)

However,publishingdetailed training data is typicallyrequired only for general-purpose AI systems with systemic risk, not standard high-risk AI systems.

A. Log retention,B. Post-market monitoring, andC. Conformity assessmentsareall requiredunder the EU AI Act for high-risk systems.

Reviewing the terms of use is essential when gathering data from a clinical research partner. This step ensures that the healthcare network complies with all legal and contractual obligations related to data usage. It addresses data ownership, usage limitations, consent requirements, and privacy obligations, which are critical to maintaining ethical standards and avoiding legal repercussions. This review helps ensure that the data is used in a manner consistent with the agreements made and the regulatory environment, which is fundamental for lawful and ethical AI development. Reference: AIGP Body of Knowledge on Legal and Regulatory Considerations.

Biasis a common risk acrossboth proprietary and open-source models, andnot uniqueto proprietary deployments. All AI systems — regardless of origin — require evaluation for fairness, accuracy, and representativeness.

From theAI Governance in Practice Report2025:

“Bias, discrimination and fairness challenges are present in both open and closed models, regardless of how the model is sourced.” (p. 41)

Risk probability/severity testing is not typically used to evaluate the performance of an AI system. While important for risk management, it does not directly assess an AI system's operational performance. Adversarial robustness, statistical sampling, and decision analysis are all methods that can help evaluate the performance of a responsible AI system by testing its resilience, accuracy, and decision-making processes under various conditions. Reference: AIGP Body of Knowledge on AI Performance Evaluation and Testing.

Offeringloan products based on current offerings and rulesrequires a system that can followexplicit business logic, not generate open-ended content. Anexpert system, which is a rules-based AI that uses “if-then” logic, is ideal here.

From the AI governance context:

“Rule-based AI systems are often preferred when decisions must adhere to precise regulatory or financial criteria.” (aligned with AI best practices in regulated sectors)

A. RAGis used to integrate external knowledge—not suitable for structured, rule-based logic.

B. Multimodal modelshandle varied input types—not needed here.

D. Quantum computingis not yet practical or relevant for this business use case.

An AI model is best defined as a program that has been trained on a set of data to find patterns within that data. This definition captures the essence of machine learning, where the model learns from the data to make predictions or decisions. Reference: AIGP BODY OF KNOWLEDGE, which provides a detailed explanation of AI models and their training processes​​.

An AI system that maintains its level of performance within defined acceptable limits despite real-world or adversarial conditions is described as resilient. Resilience in AI refers to the system's ability to withstand and recover from unexpected challenges, such as cyber-attacks, hardware failures, or unusual input data. This characteristic ensures that the AI system can continue to function effectively and reliably in various conditions, maintaining performance and integrity. Robustness, on the other hand, focuses on the system's strength against errors, while reliability ensures consistent performance over time. Resilience combines these aspects with the capacity to adapt and recover.

Human-centric AI focuses on improving the human experience by addressing individual needs and enhancing human capabilities. Option D exemplifies this by using virtual assistants to tailor educational content to each student's unique abilities and needs, thereby supporting personalized learning and improving educational outcomes. This use case directly benefits individuals by providing customized assistance and adapting to their learning pace and style, aligning with the principles of human-centric AI.

The primary purpose of conducting ethical red-teaming on an AI system is to simulate model risk scenarios. Ethical red-teaming involves rigorously testing the AI system to identify potential weaknesses, biases, and vulnerabilities by simulating real-world attack or failure scenarios. This helps in proactively addressing issues that could compromise the system's reliability, fairness, and security. Reference: AIGP Body of Knowledge on AI Risk Management and Ethical AI Practices.

To evaluate the effectiveness of an AI-based ad recommendation tool, the most relevant metric is the output data, specifically assessing the delta between the prediction and actual ad clicks. This metric directly measures the tool's accuracy and effectiveness in making accurate recommendations that lead to user engagement. While monitoring algorithmic patterns and input data can provide insights into the model's behavior and targeting accuracy, and GPU performance can indicate the robustness and efficiency of the tool, the primary indicator of effectiveness for an ad recommendation tool is how well it predicts actual ad clicks.

The best reason for GVC to offer students the choice to utilize generative AI in limited, defined circumstances is to enable students to learn how to use AI as a supportive educational tool. By integrating AI in a controlled manner, students can learn the practical applications of AI and develop skills to use AI responsibly and effectively in their educational pursuits.

Retraining an LLM (Large Language Model) is primarily done to improve or maintain its performance as data changes over time, to fine-tune it for specific use cases, and to incorporate new data interpretations to enhance accuracy and relevance. However, ensuring interpretability of the model's predictions is not typically a reason for retraining. Interpretability relates to how easily the outputs of the model can be understood and explained, which is generally addressed through different techniques or methods rather than through the retraining process itself. References to this can be found in the IAPP AIGP Body of Knowledge discussing model retraining and interpretability as separate concepts.

Ensuring fairness when training an AI system largely depends on the data attributes and variability. This involves having a diverse and representative dataset that accurately reflects the population the AI system will serve. Fairness can be compromised if the data is biased or lacks variability, as the model may learn and perpetuate these biases. Diverse data attributes ensure that the model learns from a wide range of examples, reducing the risk of biased predictions. Reference: AIGP Body of Knowledge on Ethical AI Principles and Data Management.

The NIST AI Risk Management Framework’s Govern function emphasizes the importance of establishing accountability structures that empower and train cross-functional teams. This is crucial because cross-functional teams bring diverse perspectives and expertise, which are essential for effective AI governance and risk management. Training these teams ensures that they are well-equipped to handle their responsibilities and can make informed decisions that align with the organization’s AI principles and ethical standards. Reference: NIST AI Risk Management Framework documentation, Govern function section.

Data aggregators are third parties that collect and license data from various sources. They are responsible for ensuring thelawful collectionandproper usage rightsof the data they distribute — especially when such data is used to train foundational AI models.

From theAI Governance in Practice Report2025:

“As organizations have neither proximity to how third-party data was first collected nor direct control over the data governance practices of third parties, an organization can benefit from carrying out its own legal due diligence and third-party risk management.” (p. 19)

“Legal due diligence may include verification of the personal data's lawful collection by the databroker...” (p. 19)

This confirms thatdata aggregatorsbear the legal and ethical burden to verify that data has been lawfully collected and is appropriately licensed for use, including in AI training.

A. The marketing agencyandD. its clientmay use data, but they rely on upstream providers for its lawful origin.

B. The tech companymay train the model but depends on lawful sourcing by data aggregators.

Model disgorgement is the technique used to remove the effects of improperly used data from an ML system. This process involves retraining or adjusting the model to eliminate any biases or inaccuracies introduced by the inappropriate data. It ensures that the model's outputs are not influenced by data that was not meant to be used or was used incorrectly. Reference: AIGP Body of Knowledge on Data Management and Model Integrity.

Utilizing synthetic data to offset the lack of patient data is an efficient solution that balances privacy concerns with the need for sufficient data to train the model. Synthetic data can be generated to simulate real patient data while avoiding the privacy issues associated with using actual patient data. This approach allows for the development and testing of the AI algorithm without compromising patient privacy, and it can be refined with real data as it becomes available. Reference: AIGP Body of Knowledge on Data Privacy and AI Model Training.

When the accuracy of a model deteriorates, the best first step is to conduct champion/challenger testing. This involves deploying a new model (challenger) alongside the current model (champion) to compare their performance. This method helps identify if the new model can perform better under current conditions without immediately discarding the existing model. It provides a controlled environment to test improvements and understand the reasons behind the deterioration. This approach is preferable to directly replacing the model, performing audits, or running red-teaming exercises, which may be subsequent steps based on the findings from the champion/challenger testing.

The most critical reason for documenting AI-related risks is toreduce exposure to legal, regulatory, and reputational liabilities. Clear documentation demonstrates thatrisks were identified, assessed, and addressed, which is essential for accountability and defensibility in the face of audits, litigation, or enforcement actions.

From theAI Governance in Practice Report2025:

“An effective AI governance model is about collective responsibility… which should encompass oversight mechanisms such as privacy, accountability, compliance.” (p. 13)

“Accountability… is based on the idea that there should be a person or entity that is ultimately responsible for any harm resulting from the use of the data, algorithm and AI system's underlying processes.” (p. 28)

While transparency, alignment with standards, and knowledge sharing are all secondary benefits,risk documentation’s primary role is liability mitigation.