AIGP Questions and Answers

The correct answer isD.Emotion recognition in the workplaceis flagged asunacceptable or highly restrictedunder the EU AI Act due to its intrusive nature and potential for misuse.

From the AIGP ILT Guide – EU AI Act Training Module:

“AI systems that monitor individuals’ emotions in the workplace or educational settings are listed among prohibited or strictly limited practices under Article 5.”

AI Governance in Practice Report2025supports this interpretation:

“Emotion recognition systems, especially in sensitive contexts such as employment or education, raise significant concerns under EU fundamental rights law and are likely to be restricted.”

Other uses listed—such as emergency response or emotion detection in healthcare—may fall underlawful and beneficial uses, especially whenjustified by public interest.

===========

Retraining the model with data that reflects demographic parity is the best strategy to mitigate the bias uncovered in the loan applications. This approach addresses the root cause of the bias by ensuring that the training data is representative and balanced, leading to more equitable decision-making by the AI model.

The correct answer isD. Transparency obligations under data protection laws, such as GDPR and most AI governance frameworks, require thatusers whose data is being processedbe directly informed.

From the AIGP ILT Guide (Privacy Module):

“The user privacy notice must be updated to explain the nature of automated processing, the logic involved, and the significance and consequences for the data subject.”

Also, per AI Governance in Practice Report2025(Part III):

“Transparency obligations apply throughout the lifecycle of AI… Individuals must be informed about automated decision-making and profiling that may impact them.”

Unlike internal policies or general privacy notices,the user privacy noticeprovides direct transparency to theindividual data subjectsaffected by AI processing.

===========

The Singapore Model AI Governance Framework recommends several measures to promote the responsible use of AI, such as determining the level of human involvement in decision-making, adapting governance structures, and establishing communications and collaboration among stakeholders. However, employing human-over-the-loop protocols is not specifically mentioned in this framework. The focus is more on integrating human oversight appropriately within the decision-making process rather than exclusively employing such protocols. Reference: AIGP Body of Knowledge, section on AI governance frameworks.

The correct answer isC.Registration in the EU databaseis an obligation ofprovidersof high-risk AI systems—not distributors.

From the AIGP ILT Guide – Roles & Obligations Module:

“Distributors must verify CE marking, ensure instructions for use are provided, inform authorities of risks, and take corrective action when necessary. However, registration duties in the EU database lie with the provider.”

Also from the AI Governance in Practice Report2025:

“The AI Act differentiates responsibilities for developers, providers, importers, and distributors. Only providers of high-risk systems are obligated to register their systems in the EU AI Database.”

Distributors focus onverification and communication, not formal registration.

An AI model is best defined as a program that has been trained on a set of data to find patterns within that data. This definition captures the essence of machine learning, where the model learns from the data to make predictions or decisions. Reference: AIGP BODY OF KNOWLEDGE, which provides a detailed explanation of AI models and their training processes​​.

The correct answer isA. TheAcceptable Use Policy (AUP)sets the primary terms and conditions under which the AI model can be used, including limitations, prohibited uses, and operational constraints.

From the AIGP ILT Guide:

“The AUP is the most critical document to assess what you can and cannot do with the AI system. It governs use cases, outlines forbidden uses (e.g., disinformation), and supports responsible AI practices.”

Also confirmed in the AI Governance in Practice Report2025(Third-Party AI Assurance section):

“Reviewing and adhering to the acceptable use policy ensures that the model is being used in a manner that aligns with both provider expectations and ethical AI practices.”

===========

The correct answer isD. AI Impact Assessments are primarily used to identify and managerisks and harmsassociated with AI systems.

From the AIGP Body of Knowledge:

“The goal of an AI impact assessment is to ensure that risks are identified, evaluated, and mitigated prior to or during development and deployment.”

As further confirmed in the AI Governance in Practice Report2025(Part III):

“Risk-based tools like DPIAs and Algorithmic Impact Assessments help identify potential risks to individuals and society, enabling organizations to implement mitigation plans and safeguards.”

While benefits may be noted in such assessments, thecore objectiveis to manage risks andpromote responsible AI.

===========

The correct answer isD – Privacy impact assessments (PIAs). These aredirectly adaptablefor identifying risks in AI systems, particularly around data usage, bias, and individual impacts.

From the AIGP ILT Guide – Risk Management Module:

“PIAs and DPIAs are existing tools used in privacy compliance that can be extended to evaluate the risks of AI, including fairness, explainability, and legality.”

AI Governance in Practice Report2025further explains:

“Organizations can adapt privacy impact assessments to evaluate the ethical, legal, and technical risks posed by AI systems. They provide a structured and recognized method.”

PIAs are preferable over general security practices (like pen testing) which do not address algorithmic bias or legal compliance directly.

===========

The 1956 Dartmouth summer research project on AI is best known as a meeting focused on the founding of the AI field. This conference is historically significant because it marked the formal beginning of artificial intelligence as an academic discipline. The term "artificial intelligence" was coined during this event, and it laid the foundation for future research and development in AI.

The correct answer isC. Thechoice of architecture(e.g., neural networks vs. decision trees) is typically part of thedesign and developmentphase, not the initial planning.

From the AIGP Body of Knowledge – AI Lifecycle Module:

“Planning involves scoping, context definition, stakeholder identification, governance planning, and assumptions—not yet model selection.”

Confirmed in the ILT Participant Guide:

“Design decisions such as architecture or algorithm type come after planning—usually during development based on technical feasibility and data availability.”

The best approach to enable a customer who wants information on the AI model's parameters for underwriting purposes is to provide a transparency notice. This notice should explain the nature of the AI system, how it uses customer data, and the decision-making process it follows. Providing a transparency notice is crucial for maintaining trust and compliance with regulatory requirements regarding the transparency and accountability of AI systems.

The White House Blueprint for an AI Bill of Rights focuses on protecting civil rights, privacy, and ensuring AI systems are safe and effective. It includes principles like data privacy (D), human alternatives (A), and safe and effective systems (C). However, it does not specifically address high-risk mitigation standards as a distinct category (B).

Model disgorgement is the technique used to remove the effects of improperly used data from an ML system. This process involves retraining or adjusting the model to eliminate any biases or inaccuracies introduced by the inappropriate data. It ensures that the model's outputs are not influenced by data that was not meant to be used or was used incorrectly. Reference: AIGP Body of Knowledge on Data Management and Model Integrity.

The AI risk that would not have been identified during the procurement process based on the categories of information requested by the third-party consultant is security. The consultant focused on accuracy rates, diversity of training data, and system functionality, which pertain to performance and fairness but do not directly address the security aspects of the AI system. Security risks involve ensuring that the system is protected against unauthorized access, data breaches, and other vulnerabilities that could compromise its integrity. Reference: AIGP Body of Knowledge on AI Security and Risk Management.

Once a company moves from being adeployerto also acting as aprovider or developer, it assumesnew obligationsunder regulations like the EU AI Act. One of the core requirements for providers is to produce and maintaintechnical documentation, including descriptions of the model, associated risks, and mitigation strategies.

From theAI Governance in Practice Report2025:

“Providers of high-risk AI systems must draw up technical documentation demonstrating the system’s conformity with the requirements... including potential risks and safeguards applied.” (p. 34)

“This documentation must be available before placing the system on the market.” (p. 35)

The best human oversight mechanism for the police department to implement is for a police officer to consider the AI recommendation as part of the criminal investigation. This ensures that the AI system's output is used as a tool to aid human decision-making rather than replace it. The police officer should integrate the AI's insights with other evidence and contextual information to make informed decisions, maintaining a balance between technological aid and human judgment. Reference: AIGP Body of Knowledge on AI Integration and Human Oversight.

The planning phase of the AI life cycle typically includes defining the objective of the model, choosing the appropriate architecture, and understanding the context in which the model will operate. However, the approach to governance is usually established as part of the overall AI governance framework, not specifically within the planning phase. Governance encompasses broader organizational policies and procedures that ensure AI development and deployment align with legal, ethical, and operational standards. Reference: AIGP Body of Knowledge, AI lifecycle planning phase section.

Ensuringoversight and auditabilityrequires that the organization hassufficient access to data, documentation, and model internalsor outputs necessary for evaluation.

From theAI Governance in Practice Report2025:

“Access to technical documentation and system internals is essential to enable effective auditing, conformity checks, and accountability mechanisms.” (p. 11, 34)

Ais about liability, not auditability.

Bmatters for IP rights, not oversight.

Crelates to lifecycle responsibility but doesn’t guarantee audit access.

Ensuring fairness when training an AI system largely depends on the data attributes and variability. This involves having a diverse and representative dataset that accurately reflects the population the AI system will serve. Fairness can be compromised if the data is biased or lacks variability, as the model may learn and perpetuate these biases. Diverse data attributes ensure that the model learns from a wide range of examples, reducing the risk of biased predictions. Reference: AIGP Body of Knowledge on Ethical AI Principles and Data Management.

Utilizing synthetic data to offset the lack of patient data is an efficient solution that balances privacy concerns with the need for sufficient data to train the model. Synthetic data can be generated to simulate real patient data while avoiding the privacy issues associated with using actual patient data. This approach allows for the development and testing of the AI algorithm without compromising patient privacy, and it can be refined with real data as it becomes available. Reference: AIGP Body of Knowledge on Data Privacy and AI Model Training.

The third-party consultant asked each vendor for information about the diversity of their datasets to assist in ensuring the fairness of the AI system. Diverse datasets help prevent biases and ensure that the AI system performs equitably across different demographic groups. This is crucial for a law enforcement application, where fairness and avoiding discriminatory practices are of paramount importance. Ensuring diversity in training data helps in building a more just and unbiased AI system. Reference: AIGP Body of Knowledge on Ethical AI and Fairness.

The November 2023 White House Executive Order provides guidance that governmental agencies should limit access to specific uses of generative AI. This means that generative AI tools should be used in a controlled manner, where their applications are restricted to well-defined, approved use cases that ensure the security, privacy, and ethical considerations are adequately addressed. This approach allows for the benefits of generative AI to be harnessed while mitigating potential risks and abuses.

To evaluate the effectiveness of an AI-based ad recommendation tool, the most relevant metric is the output data, specifically assessing the delta between the prediction and actual ad clicks. This metric directly measures the tool's accuracy and effectiveness in making accurate recommendations that lead to user engagement. While monitoring algorithmic patterns and input data can provide insights into the model's behavior and targeting accuracy, and GPU performance can indicate the robustness and efficiency of the tool, the primary indicator of effectiveness for an ad recommendation tool is how well it predicts actual ad clicks.

When an AI system causessignificant false positives, especially in sensitive contexts likefraud detection, the priority is tohalt harmful activityand perform a full assessment. Continued use without understanding the fault may cause furthercustomer harmand legal exposure.

From theAI Governance in Practice Report2025:

“Incident management plans should enable identification, escalation, and system rollback to prevent continued harm from malfunctioning AI systems.” (p. 12, 35)

A privacy impact assessment (PIA) can be effectively leveraged to create an AI impact assessment. A PIA evaluates the potential privacy risks associated with the use of personal data and helps in implementing measures to mitigate those risks. Since AI systems often involve processing large amounts of personal data, the principles and methodologies of a PIA are highly applicable and can be extended to assess broader impacts, including ethical, social, and legal implications of AI. Reference: AIGP Body of Knowledge on Impact Assessments.

The greatest risk from AI systems generatingrealistic synthetic mediaisdownstream harm, such asdeepfakes, misinformation, reputational damage, and erosion of trust.

From theAI Governance in Practice Report2025:

“With generative AI, downstream harms such as deception, reputational damage, misinformation, and manipulation can emerge even if original use was lawful.” (p. 55–56)

The most comprehensive way to identify a full range of risks — legal, ethical, operational, and societal — for a new AI model is through aformal impact assessment, such as aData Protection Impact Assessment (DPIA)orAlgorithmic Impact Assessment.

From theAI Governance in Practice Report2025:

“Risk-based approaches are often distilled into organizational risk management efforts, which put impact assessments at the heart of deciding whether harm can be reduced.” (p. 29)

“DPIAs… help organizations identify, analyze and minimize data-related risks and demonstrate accountability.” (p. 30)

A. Environmental scanis too general.

B. Red teamingis useful for adversarial risk but not broad.

C. Integration testingfocuses on technical/system compatibility, not overall risk.

In the machine learning context, feature engineering is the process of extracting attributes and variables from raw data to make it suitable for training an AI model. This step is crucial as it transforms raw data into meaningful features that can improve the model's accuracy and performance. Feature engineering involves selecting, modifying, and creating new features that help the model learn more effectively. Reference: AIGP Body of Knowledge on AI Model Development and Feature Engineering.

The EU AI Act outlines what must be included intechnical documentationfor high-risk systems. These requirements are designed to supportconformity assessment, transparency, and traceability.

From theAI Governance in Practice Report2025:

“It mandates drawing up technical documentation… must include a general description of the AI system, the intended purpose, and a detailed description of the elements and development process.” (p. 34)

“Documentation… includes training, testing, evaluation procedures, andappropriateness of performance metrics.” (p. 34–35)

Therisk management systemis addressed separately through arisk management plan, not within the technical documentation itself.

Thus:

A, C, and Dare explicitly required in thetechnical documentation.

B, while important, is part of therisk management process, not a required section oftechnical documentation.

Bias in AI can be reduced during the planning and design phases through stakeholder involvement, human oversight, and careful data collection. While feature selection is critical in the development phase, it does not specifically occur during planning and design. Ensuring diverse stakeholder involvement and human oversight helps identify and mitigate potential biases early, and data collection ensures a representative dataset. Reference: AIGP Body of Knowledge on AI Development Lifecycle and Bias Mitigation.

Biasis a common risk acrossboth proprietary and open-source models, andnot uniqueto proprietary deployments. All AI systems — regardless of origin — require evaluation for fairness, accuracy, and representativeness.

From theAI Governance in Practice Report2025:

“Bias, discrimination and fairness challenges are present in both open and closed models, regardless of how the model is sourced.” (p. 41)

An AI system’sfunction,industry, anddeployment locationdefine itsrisk profile, which directly influences theinternal governance structuresan organization must put in place.

From theAI Governance in Practice Report2025:

“There are many challenges and potential solutions for AI governance, each with unique proximityand significance based on an organization’s role, footprint, broader risk-governance profile and maturity.” (p. 4)

“AI governance starts with defining the corporate strategy for AI… and formulating policy standards and operational procedures to reflect industry, use case, and location.” (p. 11)

A– Organizational accountability is broader and not directly scoped by industry or function.

C– Diversity of data sources is tied to data strategy.

D– Explainability is more influenced by model type, not use context.

Testing results need to bedocumented thoroughlyto ensuretraceability, accountability, and compliance. This is central to enabling audits, investigations, or regulatory inquiries into the system’s development and performance.

From theAI Governance in Practice Report2025:

“Documentation and recordkeeping are essential components… to demonstrate AI system compliance, trace system behavior, and support audits and conformity assessments.” (p. 34–35)

“Maintaining audit trails across development and deployment enables transparency and accountability.” (p. 12)

AandBare benefits, but not theprimary governance justification.

D– Limiting future testing is not a recommended goal.

Third-party risk management for AI systems should beproportional and risk-based, involvinginitial due diligenceandongoing monitoringthat reflects thelevel of risk posedby the third party's AI system.

From theAI Governance in Practice Report2025:

“Third-party due diligence assessments to identify possible external risk and inform selection.” (p. 11)

“Legal due diligence may include verification of the personal data's lawful collection by the data broker, review of contractual obligations…” (p. 19)

Afocuses too narrowly on financial stability.

Cis excessive and not scalable or aligned with best practices.

Dinappropriately separates ethical and technical risks; both must be evaluated holistically.

The White House Executive Order from November 2023 requires companies developing dual-use foundation models to report on their current training or development activities, the results of red-team testing, and the physical and cybersecurity protection measures. However, it does not mandate reports on environmental impact studies for each dual-use foundation model. While environmental considerations are important, they are not specified in this context as a reporting requirement under this Executive Order.

If it is possible to provide a rationale for a specific output of an AI system, that system can best be described as explainable. Explainability in AI refers to the ability to interpret and understand the decision-making process of the AI system. This involves being able to articulate the factors and logic that led to a particular output or decision. Explainability is critical for building trust, enabling users to understand and validate the AI system's actions, and ensuring compliance with ethical and regulatory standards. It also facilitates debugging and improving the system by providing insights into its behavior.

A greedy algorithm is one that makes the best choice at each step to achieve an immediate objective, without considering the longer-term consequences. It focuses on local optimization at each decision point with the hope that these local solutions will lead to an optimal global solution. However, greedy algorithms do not always produce the best overall solution for certain problems, but they are useful when an immediate, locally optimal solution is desired. Reference: AIGP Body of Knowledge, algorithm types section.

AI governance frameworks consistently define the“unique characteristics”of AI that create novel governance challenges.

Across the OECD AI Principles, NIST AI RMF, ISO/IEC 42001, and the EU AI Act, the key characteristics requiring governance are:

Autonomy– AI systems act without direct human intervention and take context-dependent decisions.

Adaptability– AI systems learn, evolve, and update their behavior over time, making outputs non-deterministic.

These traits fundamentally distinguish AI from traditional software and shape all major governance activities (risk assessment, monitoring, assurance, accountability, alignment, etc.).

Below is why each option is correct or incorrect:

A. Autonomy — NOT selected

Reason:

Autonomy is repeatedly cited as one of the defining characteristics that necessitates governance.

NIST AI RMF references the risks ofautonomous behavior.

ISO/IEC 42001 emphasizes governance controls for “systems operating with varying levels of autonomy.”

Thus,Autonomy IS a unique characteristic, so it isnotan answer.

B. Automation — SELECTED

Reason:

“Automation” is not a unique AI property. Automation predates AI and applies to robotics, scripts, business process automation, etc.

AI governance literature doesnotclassify automation as a unique AI-specific characteristic.

Automation is aresultof AI, but not adistinguishing property.

Therefore,Automation is correctly selected as NOT a unique AI characteristic.

C. Adaptability — NOT selected

Reason:

Adaptability (systems that update, learn, or change behavior) is recognized universally as a core distinctive trait of AI.

EU AI Act emphasizes governance requirements for “adaptive systems.”

NIST AI RMF highlights “learning and emergent behavior.”

Thus,Adaptability IS a unique characteristic, so it shouldnotbe chosen as an exception.

D. Speed and scale — SELECTED

Reason:

While AI can operate at high speed and scale,these are not unique characteristics of AI.

Traditional computing systems, cloud workloads, and automation pipelines operate at similar scale.

AI governance documents mention speed/scale as arisk amplifier, not a defining characteristic.

Therefore,Speed and scaleshould be selected.

E. Superintelligence — SELECTED

Reason:

“Superintelligence” is not a characteristic of current AI systems and isnot referenced as a governance-relevant attributein mainstream policy documents (OECD, NIST, ISO, EU AI Act).

It is speculative rather than a defining feature.

Therefore, it is correctly chosen as NOT a unique characteristic requiring governance today.

During the first month of monitoring the model for bias, it is most important to continue disparity testing. Disparity testing involves regularly evaluating the model's decisions to identify and address any biases, ensuring that the model operates fairly across different demographic groups.

The correct answeris.CThis action ties directly into principlesof dataminimization, purpose limitation,and lawfulnessof processing, which are central to privacy and AI governance.

From the AIGP Body of Knowledge, Section on Privacy Considerations:

“Personal data must only be processed for specified and lawful purposes. Organizations must consider whether they have a legal basis for processing such data under data protection laws like the GDPR or CCPA.”

Additionally, AI Governance in Practice Report2025emphasizes:

“One of the most significant challenges when designing and developing AI systems is ensuring the data used is appropriate for the intended purpose… Managing unnecessary data, especially data that may contain sensitive attributes, can increase risk.”

===========

Random forest algorithms are classified as discriminative models. Discriminative models are used to classify data by learning the boundaries between classes, which is the core functionality of random forest algorithms. They are used for classification and regression tasks by aggregating the results of multiple decision trees to make accurate predictions.

The correct answer isA. While location of processors may have implications (such as for data transfers under GDPR), thereis noabsoluterequirement thatthird-party processors be based in the same country.

From the AI Governance in Practice Report2025and ILT Guide:

“Data controllers are responsible for ensuring that third-party processors have adequate protections, but not necessarily that they reside in the same jurisdiction. What is required is legal safeguards (e.g., SCCs) for international transfers, not same-country location.”

In contrast, DPIAs, DSARs, and implementation of technical/organizational safeguardsare explicitlyrequired underGDPR and responsible AI frameworks.

===========

The primary purpose of an AI impact assessment is to anticipate and manage the potential risks and harms of an AI system. This includes identifying the possible negative outcomes and implementing measures to mitigate these risks. This process helps ensure that AI systems are developed and deployed in a manner that is ethically and socially responsible, addressing concerns such as bias, fairness, transparency, and accountability. The assessment often involves a thorough evaluation of the AI system's design, data inputs, outputs, and the potential impact on various stakeholders. This approach is crucial for maintaining public trust and adherence to regulatory requirements.