Note: This is an independently prepared study aid based on the publicly available AIGP BoK domain outline. It is not an official IAPP publication.
1. Introduction and How to Use This Material
Domain I of the AIGP Body of Knowledge establishes the foundation on which the rest of the certification rests. Before a professional can evaluate how laws apply to AI (Domain II), govern AI development (Domain III), or govern AI deployment (Domain IV), they must first understand what AI is, why it requires governance distinct from other technologies, and how to build the organizational scaffolding — roles, policies, and procedures — that makes governance operational rather than aspirational.
This training material covers the three competencies in Domain I:
- I.A — Understand what AI is and why it needs governance (4–6 exam questions).
- I.B — Establish and communicate organizational expectations for AI governance (5–7 exam questions).
- I.C — Establish policies and procedures to apply throughout the AI life cycle (6–8 exam questions).
Domain I as a whole accounts for 16–20 questions on the AIGP exam.
How to use this guide
- Read each section linearly the first time — concepts build on each other.
- Pay close attention to the highlighted terms in the glossary; the AIGP exam frequently tests precise definitions.
- After completing the material, attempt the knowledge-check questions without looking back, then review explanations.
2. Competency I.A — Understanding What AI Is and Why It Needs Governance
2.1 Defining AI and Its Types
There is no single universally legislated definition of artificial intelligence, but most regulators and standards bodies have converged on broadly compatible language. The OECD definition — adopted in substantially similar form by the EU AI Act — describes an AI system as a machine-based system that, for explicit or implicit objectives, infers from the input it receives how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.
- Machine-based: implemented in hardware or software; not a purely human or organizational process.
- Inference from input: derives outputs from data through learned or programmed reasoning, not just hard-coded rules.
- Varying autonomy and adaptiveness: some systems act with minimal human direction; some keep changing behavior after deployment.
| Category | Description |
|---|---|
| Narrow (weak) AI | Designed for a specific task — spam classification, image recognition, recommendation. Most deployed AI today. |
| General AI (AGI) | Theoretical broad human-level cognition. Not realized; a long-term policy concern. |
| Classic / predictive AI | Predictions, classifications, or scores from structured inputs (e.g., decision trees, gradient-boosted models). |
| Generative AI | Produces new content — text, images, audio, video, code — typically built on large foundation models (LLMs). |
| Agentic AI | Plans and executes multi-step actions toward a goal, often invoking tools with limited human intervention. |
| Supervised / Unsupervised / Reinforcement | Learning from labeled examples; finding structure in unlabeled data; learning by trial and error against a reward. |
Machine learning vs. traditional programming
Traditional software is Input + Rules → Output (humans author the rules). Machine learning inverts this: Input + Data → Model → Output (the system learns the rules from data). This shift is the root of most of AI's governance challenges — the rules are no longer directly inspectable, data becomes part of the specification, and the same input may produce different outputs.
📌 Study tip: When asked why AI governance differs from traditional IT governance, the answer is the shift from authored rules to learned behavior — which produces opacity, probabilistic outputs, data dependency, and the need for new assurance techniques.
2.2 Risks and Harms Posed by AI
AI can cause harm to individuals, groups, organizations, and society.
- Individuals: wrongful denial of opportunity, privacy harms, physical-safety harms, psychological harms.
- Groups: disparate impact on a protected class; representational harms in generated content.
- Organizations: regulatory/legal exposure, reputational damage, financial loss, IP and confidentiality leakage.
- Society: erosion of trust in information, concentration of power, labor displacement, environmental cost.
The BoK names three categories to know: misalignment with objectives (optimizing a proxy that diverges from intent), ethics and bias risk, and complexity and scalability (small harms compounding across millions of decisions).
AI-specific security threats
- Prompt injection — input data carries instructions that override intended LLM behavior.
- Data poisoning — training data is manipulated so the model misbehaves on chosen inputs.
- Model extraction — querying a model enough to copy it.
- Membership inference — determining whether a record was in the training data.
- Adversarial examples — inputs crafted to be misclassified while looking normal.
- Model inversion — reconstructing sensitive training data from outputs.
2.3 Unique Characteristics of AI That Drive the Need for Governance
| Characteristic | Why it matters for governance |
|---|---|
| Complexity | Billions of parameters; traditional code review/testing doesn't scale. |
| Opacity | Developers often can't explain a specific output; explanations may be legally required yet unavailable. |
| Autonomy | Agentic systems act without step-by-step direction; accountability must be designed in upfront. |
| Speed and scale | Millions of decisions per second; a single flaw propagates fast and far. |
| Potential for harm/misuse | Dual-use capabilities; governance must address foreseeable misuse, not just intended use. |
| Data dependency | Data flaws become model flaws; data governance is a prerequisite, not separable. |
| Probabilistic outputs | Statistical estimates, not guaranteed answers; testing and communication must reflect uncertainty. |
2.4 Common Principles of Responsible AI
| Principle | What it requires |
|---|---|
| Fairness | No systematic disadvantage on protected/unjustified characteristics; choose the applicable fairness metric. |
| Safety and reliability | Perform as intended across the life cycle, fail gracefully, avoid foreseeable harm. |
| Privacy and security | Lawful, protected data; models hardened against extraction/inversion. |
| Transparency and explainability | Stakeholders know when AI is used, what data, and — where feasible — how decisions are reached. |
| Accountability | Responsibility assigned to identifiable roles; a defensible record of decisions. |
| Human-centricity | Augment human agency, respect rights, preserve meaningful oversight for consequential decisions. |
These principles can be in tension (transparency vs. security; one fairness metric vs. another). A core skill is recognizing the trade-offs and documenting how they were resolved.
📌 Study tip: If asked for the responsible-AI principles as listed in the BoK, anchor on the six it names. Contestability, sustainability, and inclusiveness appear in other frameworks but are not in the BoK's named list.
3. Competency I.B — Establishing and Communicating Organizational Expectations
Principles only matter if someone owns them. Competency I.B translates responsible-AI principles into an operating model: who is responsible, how they collaborate, how the organization learns about it, and how the model is tailored to context.
3.1 Roles and Responsibilities of AI Governance Stakeholders
| Role | Typical responsibilities |
|---|---|
| Board of directors | Strategic oversight, approves AI risk appetite, holds management accountable. |
| Executive leadership / Chief AI Officer | Operationalizes board direction, allocates resources, owns the program. |
| AI governance lead / committee | Day-to-day operation, policy suite, intake/review, reporting. |
| Legal and compliance | Maps applicable laws to controls; reviews contracts; regulatory engagement. |
| Privacy office | DPIAs, lawful basis, data subject rights; overlaps with AI impact assessments. |
| Information security | Threat modeling, red teaming, secure development, model hardening. |
| Data governance | Lineage, quality, classification, lawful use of data feeding AI. |
| Ethics / responsible-AI function | Turns principles into review criteria; convenes ethics reviews. |
| Business / product owners | Define use case and benefit; own residual risk after controls. |
| Engineering / data science | Build, train, test, monitor, document. |
| Internal audit | Independent assurance the program operates as designed. |
| HR | Workforce training, acceptable-use, governance of HR-related AI. |
3.2 Cross-Functional Collaboration
AI cuts across every silo — one use case can raise privacy, security, employment, IP, contract, and ethical questions at once. Effective programs include a standing committee with broad representation, a defined intake process before significant investment, documented escalation paths, and diversity of expertise by design.
3.3 Training and Awareness Programs
- All employees: what AI is, acceptable-use, how to report risks, generative-AI hygiene.
- Builders/data scientists: responsible-AI in technical practice — bias testing, explainability, secure development.
- Reviewers/committee: impact-assessment methodology, risk classification, applicable laws.
- Executives/board: strategic and reputational implications, regulatory landscape, risk posture.
3.4 Tailoring Governance to Organizational Context
Differentiate the program by company size, maturity, industry, products and services, objectives, and risk tolerance. There is no one-size-fits-all program — a 20-person startup using one off-the-shelf chatbot is not a bank training proprietary credit models.
3.5 Developers, Providers, Deployers, and Users
| Role | What they do | Governance focus |
|---|---|---|
| Developer | Designs and builds the model/system. | Data rights, training rigor, documentation, intrinsic safety. |
| Provider | Places the system on the market under its name. | Conformity/impact assessments, public docs, post-market monitoring. |
| Deployer | Uses the system in its activities. | Use-case fit, deployment controls, user training, in-context monitoring. |
| User | Interacts with or is subject to the output. | Transparency, redress, ability to contest consequential decisions. |
These labels describe tasks, not legal categories — though some laws (notably the EU AI Act) attach obligations to them. A deployer cannot assume the developer's documentation discharges all responsibility.
3.6 Pillars of an AI Governance Program
- Governance structure — board, executive sponsor, committee, roles, reporting lines.
- Policies and standards — responsible-AI policy, lifecycle policies, updated existing policies.
- Risk management — taxonomy, impact assessments, scoring, mitigation, residual-risk acceptance.
- Lifecycle controls — gate reviews and required artifacts at each stage.
- Training and awareness — tiered and refreshed as the landscape evolves.
- Monitoring and assurance — performance, drift, fairness, security monitoring; audits; red teaming.
- Incident management — definition, escalation, root-cause analysis, external reporting, feedback into policy.
4. Competency I.C — Policies and Procedures Across the AI Life Cycle
4.1 Life-Cycle-Aligned Policies
| Stage | Key policy topics |
|---|---|
| Use case assessment | Intake, business justification, prohibited uses, risk screening, escalation. |
| Risk management | Identification, probability/severity, mitigation hierarchy, sign-off thresholds. |
| Ethics by design | Fairness, transparency, human oversight embedded from the outset. |
| Data acquisition and use | Lawful basis, minimization, sensitive-category handling, dataset documentation. |
| Model development | Architecture, approved models/libraries, secure development, version control. |
| Training and testing | Train/validation/test splits, bias and security testing, sign-off before promotion. |
| Deployment and monitoring | Release criteria, model cards, drift/fairness metrics, retraining triggers. |
| Documentation and reporting | Required artifacts, transparency disclosures, regulator-ready evidence. |
| Incident management | Definition, escalation, root cause, external reporting, lessons learned. |
Each policy should specify: who owns it, who must comply, what is required, how compliance is evidenced, and what happens when it isn't met.
4.2 Updating Existing Policies for AI
Update — don't duplicate — existing policies: data privacy (lawful basis for training data, automated-decision rights), information security (prompt injection, poisoning, extraction), data governance (provenance, synthetic-data classification), intellectual property (input/output ownership, license compliance), acceptable use (generative tools with confidential data), and records management (retain model versions, datasets, decision logs).
4.3 Third-Party Risk Management
- Pre-contract due diligence — provider's governance, security, data practices, incident history.
- Contractual protections — responsibility allocation, audit rights, data-use restrictions, IP indemnities, transparency, change-notification, termination/exit.
- Ongoing monitoring — reassess after material model updates.
- Supply-chain visibility — follow the chain to upstream foundation-model providers.
- HR and acceptable use — cover shadow AI and access on onboarding/offboarding.
📌 Study tip: Domain I carries 16–20 questions. I.C is the heaviest single competency (6–8), with strong overlap into Domain III. Master the life-cycle stage list and the existing-policy-update categories.
5. Knowledge Check Questions
1. Why does AI require governance beyond traditional software governance? A. It's always more expensive. B. It exhibits opacity, autonomy, and probabilistic outputs that traditional governance doesn't address. C. It's only used in regulated industries. D. It never uses personal data.
Answer: B. AI's characteristics create gaps conventional software, data, and privacy programs don't fully cover.
2. Human-centricity most directly requires that: A. AI never makes any decision affecting a person. B. AI is built only by humans. C. AI augments human agency and preserves meaningful oversight, especially for consequential decisions. D. Every output is human-reviewed.
Answer: C. It preserves meaningful oversight; it does not prohibit AI decisions or mandate review of every output.
3. An organization deploys a third-party AI hiring tool. It is acting primarily as the: A. Developer. B. Provider. C. Deployer. D. User.
Answer: C. The deployer uses an AI system in its activities; it did not build or place the tool on the market.
4. An AI optimized for click-through that promotes harmful content best illustrates: A. Data dependency. B. Misalignment with objectives. C. Probabilistic output risk. D. Cross-border transfer risk.
Answer: B. Optimizing a proxy (clicks) that diverges from the intended outcome is the textbook misalignment example.
5. Differentiating governance by size, maturity, industry, products, objectives, and risk tolerance implies: A. Only large companies need governance. B. No one-size-fits-all; calibrate to context. C. Everyone must implement the EU AI Act. D. Risk tolerance is irrelevant once policies exist.
Answer: B. The BoK rejects a one-size-fits-all model.
6. Which is NOT a commonly enumerated responsible-AI principle in the BoK? A. Fairness. B. Transparency and explainability. C. Maximum profitability. D. Accountability.
Answer: C. Profitability is a business objective, not a responsible-AI principle.
7. The main reason to update existing privacy, security, data, and IP policies for AI is: A. To replace them with AI-only versions. B. AI creates new risks within those policies' scope that the original drafting didn't anticipate. C. Regulators require renaming. D. AI is unrelated to them.
Answer: B. AI stresses existing policy domains in new ways; evaluate and update, don't replace.
8. The strongest acceptable-use concern raised by generative AI: A. Writing notes by hand. B. Pasting confidential customer data into a public chatbot. C. Using approved spreadsheets. D. Attending vendor demos.
Answer: B. Pasting confidential/regulated data into a public AI service is a common, clearly governable risk.
6. Key Takeaways, Memory Aid, and Glossary
Key takeaways
- AI governance exists because AI's characteristics create gaps traditional governance doesn't fill.
- Risks span individuals, groups, organizations, and society; the BoK names misalignment, ethics/bias, and complexity/scalability.
- The examined responsible-AI principles: fairness; safety and reliability; privacy and security; transparency and explainability; accountability; human-centricity.
- Governance must be cross-functional and proportionate to context.
- Developer / provider / deployer / user describe tasks; one org may occupy several.
- Policies span every life-cycle stage and update — not duplicate — existing policies.
- Third-party risk is central: contracts, due diligence, monitoring, supply-chain visibility.
Memory aid: PRIDE-GOV
| Letter | Stands for |
|---|---|
| P | Principles of responsible AI. |
| R | Risks and harms (individual, group, org, societal; misalignment, bias, complexity). |
| I | AI characteristics (complexity, opacity, autonomy, scale, harm, data dependency, probabilistic). |
| D | Developer / Provider / Deployer / User roles. |
| E | Expectations — strategy, risk appetite, acceptable use, escalation, training. |
| G | Governance structure — board, executive, committee, cross-functional roles. |
| O | Oversight and accountability across the life cycle. |
| V | Vendor / third-party governance. |
Glossary
Accountability: Clear assignment of responsibility for AI outcomes to identifiable roles, supported by documentation.
Agentic AI: AI that plans and executes multi-step actions toward a goal with limited intermediate human direction.
AI life cycle: Use-case assessment, design, data acquisition, development, training/testing, deployment, monitoring, retirement.
Bias (in AI): Systematic deviation in outputs that disadvantages individuals or groups, often from training data or modeling choices.
Deployer: An entity that uses an AI system in the course of its activities.
Developer: An entity that designs and builds an AI model or system.
Explainability: A human-understandable account of why an AI system produced a specific output.
Foundation model: A large model trained on broad data, adaptable to many tasks (LLMs are a common example).
Generative AI: AI that produces new content such as text, images, audio, video, or code.
Human-centricity: Design and use of AI that respects rights, augments agency, and preserves meaningful oversight.
Impact assessment: A structured evaluation of an AI system's effects on individuals, groups, and society.
Misalignment: Optimizing for a proxy or specification that diverges from the actual intended outcome.
Model card: A standardized document describing a model's intended use, data, performance, limitations, and ethics.
Opacity: A model whose internal logic is not readily interpretable, even to its developers.
Probabilistic output: An output expressed as a likelihood or sample rather than a fixed value.
Provider: An entity that places an AI system on the market under its own name or brand.
Responsible AI: Principles and practices ensuring AI is fair, safe, transparent, accountable, privacy-respecting, and human-centric.
Risk tolerance: The amount and type of risk an organization will accept, ideally explicit and approved at executive level.
Shadow AI: Use of AI tools by employees without governance knowledge or approval.
Third-party risk: Risk arising from reliance on external providers of data, models, infrastructure, or AI capabilities.
Transparency: Disclosure about the existence, purpose, capabilities, limitations, and data use of an AI system.