AIGP Training Material: Domain II

⚠️ One-time disclaimer (read once, then forget): AI law and policy evolve rapidly. Regulatory dates, enforcement guidance, and implementing acts may have changed since this material was prepared. Verify current applicability dates and primary-source text before sitting the exam and before relying on this material for professional advice. This is an independently prepared study aid, not an official IAPP publication and not legal advice.

1. Introduction and How to Use This Material

Domain II carries the largest single-domain weighting on the AIGP exam: 19–23 questions, split across four competencies:

II.A, Existing data privacy laws applied to AI (4–6 questions)
II.B, Other existing laws applied to AI (4–6 questions)
II.C, Main elements of AI-specific laws (6–8 questions)
II.D, Main industry standards and tools (3–5 questions)

The structure reflects two realities. First, AI does not arrive in a legal vacuum, privacy, anti-discrimination, IP, consumer protection, and product liability laws already apply. Second, a growing layer of AI-specific law sits on top of those existing regimes, with the EU AI Act as the canonical reference.

How to use this guide

The EU AI Act is the anchor for most AI-specific exam questions. Master its structure first.
Privacy concepts are presented as a single converged set, they come from GDPR but appear in similar form across regimes.
The definitions sheet, comparison tables, exam traps, knowledge check, mnemonics, and 25-fact summary are designed for revision. Work through the four competencies first, then use the revision sections in the days before the exam.

2. Competency II.A: How Existing Data Privacy Laws Apply to AI

The conceptual frame is drawn most clearly from GDPR, but parallel concepts appear in UK GDPR, Brazil's LGPD, India's DPDP Act, Singapore's PDPA, U.S. state privacy laws, and others.

2.1 Transparency, Choice, Lawful Basis, and Purpose Limitation

Transparency requires that data subjects be informed about how their personal data is collected and used. Applied to AI, transparency typically requires disclosing that AI is being used, what categories of personal data feed it (including in training), the logic involved for automated decisions, and the consequences for the individual.

Choice refers to the data subject's ability to consent, object, or withdraw, its strength depends on the lawful basis selected.

Lawful basis is the legal ground on which personal data is processed. Under GDPR, recognized bases include consent, contract, legal obligation, vital interests, public task, and legitimate interests.

Lawful basis	Typical AI implication
Consent	Must be specific, informed, freely given, and revocable. Difficult to satisfy for broad training-data uses.
Contract	Limited for AI, training a general model is rarely "necessary" for a specific contract.
Legal obligation	Applies where law requires the processing (e.g., AML monitoring).
Legitimate interests	Most commonly invoked for AI training; requires a documented balancing test. Not available to public-authority processing.
Public task	Available to public bodies acting in the public interest.
Vital interests	Narrow, protection of life.

Purpose limitation requires that personal data collected for one purpose not be used for incompatible new purposes. AI training is one of the most stressed areas: data collected to deliver a service is often repurposed to train models, and whether that is "compatible" requires case-by-case analysis.

📌 Study tip: When in doubt on an exam question about "can the company use this data to train a model," the answer almost always turns on whether (a) there is a valid lawful basis for that training use, and (b) the training is compatible with the original purpose of collection.

2.2 Data Minimization and Privacy by Design

Data minimization requires that only personal data necessary for the stated purpose be collected and processed, in obvious tension with "more data is better" for AI training. Governance responses include synthetic data, differential privacy, federated learning, aggressive de-identification, and strict retention limits.

Privacy by design requires that privacy protections be embedded in the design of the system from the outset, DPIAs before high-risk processing, architectures that minimize personal data flow, default settings favoring minimal sharing, and documented data lineage.

2.3 Controller Obligations Applied to AI

In privacy law, the controller determines the purposes and means of processing; the processor acts on the controller's instructions.

Controller obligation	How it applies to AI
Data protection impact assessment (DPIA)	Typically required for AI processing likely to result in high risk, automated decision-making, large-scale profiling, special-category data.
Use of third-party processors	Cloud-hosted model APIs and similar must be bound by data processing agreements covering security, sub-processors, and assistance.
Cross-border data transfers	Personal data leaving the originating jurisdiction (notably EU/EEA to third countries) requires a lawful transfer mechanism, adequacy decision, SCCs, BCRs, or a derogation.
Data subject rights	Access, rectification, erasure, restriction, portability, and objection. Each is complicated by AI, erasure from training data can be technically difficult; portability and access have unclear scope over model-derived inferences.
Automated decision making	GDPR Article 22 establishes rights related to solely automated decision-making with legal or similarly significant effects: with exceptions, the right not to be subject to such decisions, and to obtain human intervention, express a view, and contest the decision.
Incident management and breach notification	AI incidents involving personal data may trigger breach-notification timelines (GDPR: supervisory authority within 72 hours where feasible).
Record keeping	Records of processing activities including categories of data, purposes, recipients, retention, and security measures.

⚠️ Common mistake: The phrase "right to explanation" is widely used in commentary but is not a verbatim GDPR term. Article 22 establishes rights related to solely automated decision-making, and recitals reference meaningful information about the logic involved. For exam purposes, prefer the phrasing "rights related to solely automated decision-making" over "right to explanation."

2.4 Sensitive and Special Categories of Data

GDPR's "special categories" include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used to uniquely identify a person, health data, and data concerning sex life or sexual orientation. Children's data and, in many regimes, financial data and government-issued identifiers receive separate heightened protections.

For AI, special-category data raises three specific issues:

Biometric AI (face, voice, gait recognition) processes special-category data by nature.
Inference of special categories, a model that infers health, orientation, or political views from non-sensitive inputs may bring processing into special-category scope.
Web-scraped data, public availability does not strip data of its protected status.

3. Competency II.B: How Other Existing Laws Apply to AI

Four other bodies of existing law are called out in the BoK: intellectual property, nondiscrimination, consumer protection, and product liability.

3.1 Intellectual Property Laws and AI

IP issues split into three buckets: inputs (training data), the model, and outputs.

Training data inputs. Copyright restricts reproduction, adaptation, and distribution of protected works. Positions vary by jurisdiction:

United States: Fair use is the central doctrine for AI training, with outcomes case-by-case.
European Union: Text-and-data-mining exceptions exist with rightsholder opt-out. The EU AI Act adds training-data summary obligations for GPAI providers.
UK and Japan: Have their own TDM frameworks with different scope and opt-out mechanics.

The model itself. Often protected as a trade secret or by contract. Patentability of AI-related inventions varies; the prevailing answer across major jurisdictions is that the inventor must be a natural person.

Outputs. Copyrightability of AI-generated outputs varies. The U.S. position requires human authorship; other jurisdictions take different approaches.

🎯 Exam Plus, Fair Use Litigation: Several high-profile lawsuits (authors and publishers vs. AI labs) are working through U.S. courts. Outcomes will shape the practical scope of fair use for training. For the AIGP exam, conceptual awareness of the doctrine is sufficient; do not memorize specific case outcomes.

3.2 Nondiscrimination Laws and AI

Existing anti-discrimination law reaches AI systems whose outputs affect access to opportunities or services. The BoK names employment, credit, lending, housing, and insurance.

Context	Existing law commonly applies via
Employment	Title VII, ADA, ADEA (U.S.); Equal Treatment Directives (EU); equivalents elsewhere. Both disparate treatment and disparate impact apply.
Credit and lending	Equal Credit Opportunity Act, Fair Housing Act (U.S.); consumer credit directives (EU). Adverse-action notice rules often require explainability.
Housing	Fair-housing laws covering tenant screening, rental pricing, and advertising.
Insurance	Sector regulation supplements general nondiscrimination law.

Two doctrines recur:

Disparate treatment, intentional differential treatment on the basis of a protected characteristic.
Disparate impact, a facially neutral practice producing a substantially disproportionate adverse effect on a protected class, not justified by a sufficiently strong business reason.

AI is particularly susceptible to disparate-impact challenges because models trained on historical data can replicate historical patterns of disadvantage without any protected attribute as an input.

Sector-specific AI rules overlay these doctrines, notably NYC Local Law 144 (bias audits for automated employment decision tools used to screen NYC candidates) and the Colorado AI Act (high-risk AI used in consequential decisions; developer and deployer duties).

3.3 Consumer Protection Laws and AI

Consumer protection regimes prohibit unfair, deceptive, or abusive practices. Applied to AI:

Deceptive AI claims, marketing a model as more accurate, fairer, or safer than it is. The FTC has signaled active enforcement under existing deception authority.
Dark patterns and manipulative interfaces, AI-personalized nudging into harmful or non-consensual choices.
Synthetic media and impersonation, deepfakes used to defraud or impersonate.
Failure to disclose AI use, in some jurisdictions, undisclosed AI interaction is itself deceptive.
Algorithmic pricing, personalized pricing crossing into deception or anti-competitive territory.

3.4 Product Liability Laws and AI

Three classic defect theories apply to AI:

Manufacturing defect, the specific instance differs from intended design (less common for software, more relevant for AI-embedded physical products).
Design defect, the design itself is unreasonably dangerous, or a safer alternative was available.
Failure to warn, inadequate warnings or instructions about foreseeable risks.

The EU's revised Product Liability Directive expressly extends product liability to software including AI, and adjusts evidentiary burdens to address opacity.

🎯 Exam Plus, AI Liability Directive: A separate EU AI Liability Directive has been proposed but its legislative path has been volatile. Conceptual awareness suffices; do not memorize specific provisions for the AIGP exam.

4. Competency II.C: Main Elements of AI-Specific Laws

Competency II.C is the heaviest single competency in Domain II (6–8 questions). The EU AI Act is the canonical reference.

4.1 The EU AI Act Risk Pyramid

                +-----------------+
                |   PROHIBITED    |   banned outright
                +-----------------+
              +---------------------+
              |     HIGH-RISK       |   permitted but heavily regulated
              +---------------------+
            +-------------------------+
            |      LIMITED RISK       |   transparency obligations only
            +-------------------------+
          +-----------------------------+
          |        MINIMAL RISK         |   no mandatory obligations
          +-----------------------------+

Tier	Treatment	Examples
Prohibited (unacceptable risk)	Banned outright	Social scoring by public authorities; manipulative or exploitative systems causing significant harm; certain real-time remote biometric identification in public spaces (narrow law-enforcement exceptions); untargeted scraping of facial images to build databases; emotion recognition in workplaces and educational institutions (with exceptions).
High-risk	Permitted with substantial pre-market obligations	Two paths: (1) AI as a safety component in products under existing EU product-safety harmonization, and (2) standalone AI in Annex III domains, biometrics, critical infrastructure, education, employment, essential private/public services, law enforcement, migration/border, administration of justice.
Limited risk	Transparency obligations only	Chatbots (must disclose AI), emotion recognition or biometric categorization (notice required), AI-generated or manipulated content including deepfakes (labeling required, narrow exceptions).
Minimal risk	No mandatory obligations	Spam filters, recommendation engines for general entertainment, AI in video games, etc., the majority of commercial AI.

📌 Study tip: If the exam describes a system and asks for its EU AI Act classification, walk the tiers in order: (1) prohibited? (2) safety component or Annex III → high-risk? (3) interacts with humans / recognizes emotions / generates synthetic content → limited risk transparency? (4) otherwise minimal risk.

4.2 EU AI Act Phased Applicability Timeline

The Act entered into force in August 2024. Its obligations apply in phases:

Aug 2024  --- Entry into force
   |
   |  +6 months
   v
~Feb 2025 --- PROHIBITED PRACTICES apply
              AI literacy obligations begin
   |
   |  +12 months
   v
~Aug 2025 --- GPAI MODEL OBLIGATIONS apply
              Governance bodies operational
              Penalties applicable
   |
   |  +24 months
   v
~Aug 2026 --- MOST OTHER PROVISIONS apply
              (including most high-risk system rules
              under Annex III)
   |
   |  +36 months
   v
~Aug 2027 --- HIGH-RISK AI EMBEDDED IN
              REGULATED PRODUCTS (Annex I /
              existing product-safety harmonization)

📌 Study tip: The structure to remember: prohibitions first, GPAI next, most high-risk rules after, product-embedded high-risk last. Exact calendar dates matter less than the order and the gaps between phases.

4.3 Core Compliance Obligations for High-Risk Systems

For systems classified as high-risk, providers must satisfy a substantial set of obligations before placing the system on the market.

Obligation	What it typically requires
Risk management system	Ongoing process throughout the lifecycle, identify, analyze, estimate, evaluate, mitigate, test.
Data and data governance	Training, validation, and test datasets meet quality criteria, relevance, representativeness, accuracy so far as possible, with documented governance practices.
Technical documentation	Sufficient to demonstrate compliance; system description, design choices, training methodology, performance metrics, known limitations. Kept up to date.
Record keeping (logging)	Automatic logging to enable traceability of the system's functioning over its lifecycle.
Conformity assessment	Pre-market evaluation that the system meets the Act's requirements. May be self-assessed or, for certain categories, performed by a notified body. Often results in CE marking.
Fundamental rights impact assessment (FRIA)	Required of certain deployers of high-risk AI (notably public bodies and some essential-service providers), evaluating impacts on fundamental rights. Distinct from DPIA.
Post-market monitoring	Ongoing collection and analysis of system performance after deployment, with corrective action.

🧠 Mnemonic, Provider obligations: "RD-TLC-P" R, Risk management D, Data governance T, Technical documentation L, Logging (record keeping) C, Conformity assessment P, Post-market monitoring

4.4 Human Oversight, Transparency, and Quality Management

Human oversight. High-risk AI must be designed so natural persons can effectively oversee it, understand capabilities and limitations, monitor operation, interpret output correctly, decide not to use or override it, and intervene or interrupt.

Transparency and notification. Providers must accompany high-risk systems with instructions for use addressed to deployers, intended purpose, performance characteristics, known limitations, oversight measures, computational requirements. Specific transparency duties also apply to limited-risk systems.

Quality management system (QMS). Providers of high-risk AI must operate a QMS covering compliance strategy, design and development procedures, examination and testing procedures, technical specifications and standards applied, data management, post-market monitoring, incident reporting, communications with authorities, record-keeping, and resource management. Often aligned with ISO/IEC 42001.

4.5 General-Purpose AI Models

The EU AI Act treats general-purpose AI (GPAI) models as a distinct category with their own obligations:

All GPAI providers: Technical documentation, information to downstream providers, compliance with EU copyright law including the TDM opt-out, and publication of a sufficiently detailed summary of training data.
GPAI with systemic risk: Additional obligations for the most capable models, model evaluation, adversarial testing, systemic risk assessment and mitigation, serious incident reporting, cybersecurity protections.

🎯 Exam Plus, Systemic-risk compute thresholds: The Act and its implementing measures identify systemic-risk GPAI by reference to compute thresholds and other criteria. Conceptual awareness of "systemic-risk GPAI gets extra obligations" is sufficient for AIGP, detailed thresholds are unlikely to be tested in numerical form.

4.6 Enforcement and Penalties

The EU AI Act has a tiered penalty structure:

Highest tier, most serious violations, particularly prohibited practices.
Middle tier, violations of obligations applicable to high-risk systems and other operators.
Lower tier, supplying incorrect, incomplete, or misleading information to authorities.
SME / startup adjustments, scaled penalties.

Enforcement is shared between national competent authorities (market surveillance) and the AI Office at EU level, with particular AI Office responsibility over GPAI.

4.7 Roles Under the EU AI Act

The Act distinguishes among providers, deployers, importers, and distributors. Critically, a deployer can become a provider by, for example, putting its own name on a system, substantially modifying it, or modifying its intended purpose to bring it into high-risk scope.

Role	Core obligations (high-level)
Provider	Develops or has developed an AI system or GPAI model and places it on the EU market under its own name. Bears the bulk of pre-market obligations.
Deployer	Uses an AI system under its authority (other than personal non-professional use). Uses per instructions, ensures human oversight, monitors, logs, and conducts FRIA in defined cases.
Importer	Places on the EU market an AI system from a non-EU provider. Verifies conformity assessment, documentation, CE marking.
Distributor	Makes the system available without being provider or importer. Verifies CE marking and accompanying documentation.

4.8 Other AI-Specific Laws: Awareness Level

The BoK also names other AI laws. For the exam, awareness-level recognition is sufficient.

Law	What to know
South Korean AI Basic Law	Combines AI promotion with risk-based obligations for "high-impact AI." Notification, human-oversight, and risk-management obligations broadly track international consensus, with specifics that differ from the EU.
Colorado AI Act	First U.S. state comprehensive AI law. Targets "high-risk artificial intelligence systems" affecting consequential decisions. Imposes developer and deployer duties around consumer notification, bias-risk impact assessments, and adverse-impact reporting.
NYC Local Law 144	Requires bias audits of automated employment decision tools used to screen NYC candidates.
U.S. federal landscape	No single comprehensive federal AI statute. Sectoral regulator guidance (FTC, EEOC, CFPB), executive actions, and NIST framework adoption are the main instruments.

5. Competency II.D: Main Industry Standards and Tools

5.1 OECD AI Principles

The OECD AI Principles, first adopted in 2019 and updated in 2024, set out values-based principles and recommendations for governments.

Values-based principles:

Inclusive growth, sustainable development, and well-being.
Human rights and democratic values, including fairness and privacy.
Transparency and explainability.
Robustness, security, and safety.
Accountability.

Recommendations for policymakers:

Investing in AI research and development.
Fostering an inclusive AI-enabling ecosystem.
Shaping an enabling interoperable governance and policy environment.
Building human capacity and preparing for labor-market transformation.
International cooperation for trustworthy AI.

5.2 NIST AI Risk Management Framework

The NIST AI RMF 1.0, released January 2023, is a voluntary framework organized around four core functions, applied iteratively with Govern at the center:

                +-------------+
                |   GOVERN    |  (cross-cutting,
                |  (center)   |   continuous)
                +-------------+
                       |
        +--------------+--------------+
        v              v              v
   +---------+   +----------+   +----------+
   |   MAP   |-->| MEASURE  |-->|  MANAGE  |
   +---------+   +----------+   +----------+
        ^                              |
        +------------------------------+
                  (iterative)

Function	Purpose
Govern	Cultivate a culture of risk management, policies, processes, accountability, workforce competencies. Cross-cutting.
Map	Establish context, categorize the system, identify purpose and stakeholders, understand capabilities and limitations.
Measure	Analyze, assess, benchmark, and monitor AI risk and impacts using quantitative and qualitative methods.
Manage	Allocate resources to identified risks; respond, recover, and communicate about incidents.

Each function decomposes into categories and subcategories with suggested actions in the NIST AI RMF Playbook. NIST has also published a Generative AI Profile applying the RMF to GenAI-specific risks.

🧠 Mnemonic, NIST AI RMF: "Go MMM" Govern (always on, in the center) → Map → Measure → Manage

5.3 Core ISO AI Standards

Standard	Scope
ISO/IEC 22989	AI concepts and terminology. Foundational vocabulary used across the ISO AI family.
ISO/IEC 42001	AI management system. Requirements for establishing, implementing, maintaining, and improving an AIMS. Certifiable, parallel to ISO 27001 and ISO 9001.
ISO/IEC 42005	AI system impact assessment. Guidance on conducting impact assessments, process, scope, stakeholders, documentation.

🧠 Mnemonic, ISO AI standards: "2-4-4" 22989 = terminology · 42001 = management system (certifiable) · 42005 = impact assessment

6. EU AI Act Definitions Sheet

Candidates often confuse these terms. Memorize the distinctions.

Term	What it means under the EU AI Act (in plain language)
AI system	A machine-based system that, for explicit or implicit objectives, infers from input how to generate outputs (predictions, content, recommendations, decisions) that can influence physical or virtual environments, with varying levels of autonomy and adaptiveness.
General-purpose AI (GPAI) model	An AI model trained on broad data at scale, designed for generality of output, capable of competently performing a wide range of distinct tasks, that can be integrated into many downstream systems.
GPAI model with systemic risk	A GPAI model identified as having capabilities with significant impact on the EU market, for example, by reference to compute thresholds. Subject to additional obligations beyond regular GPAI duties.
Foundation model	An informal/industry term largely overlapping with GPAI model. The AI Act uses "GPAI model" as the legal term.
High-risk AI system	AI either (a) used as a safety component in products under existing EU harmonization law, or (b) listed in Annex III (biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice).
Prohibited AI practice	A use of AI banned outright under the Act, certain manipulation, social scoring, untargeted biometric scraping, etc.
Limited-risk system	An AI system subject to transparency obligations because of how it interacts with people (chatbots, emotion recognition, biometric categorization, generated/manipulated content).

📌 Study tip: "Foundation model" and "GPAI model" are largely the same thing in practice. GPAI is the term the EU AI Act actually uses; reach for that one on the exam.

7. Comparison Tables

7.1 GDPR vs. EU AI Act

Aspect	GDPR	EU AI Act
Subject of regulation	Personal data	AI systems and GPAI models
Primary obligated role	Controller	Provider
Secondary obligated role	Processor	Deployer
Impact assessment	DPIA (Data Protection Impact Assessment)	FRIA (Fundamental Rights Impact Assessment) for certain deployers; conformity assessment for providers
Legal basis required	Lawful basis for processing	Risk classification determines obligations
Cross-border mechanism	Adequacy / SCCs / BCRs	CE marking and conformity for non-EU systems entering EU
Headline rights	Access, erasure, portability, objection, automated-decision rights	Transparency to users; deployer must enable human oversight; redress through national authorities
Enforcement	National supervisory authorities + EDPB	National competent authorities + AI Office (esp. GPAI)

7.2 DPIA vs. FRIA

Aspect	DPIA (GDPR)	FRIA (EU AI Act)
Triggered by	Processing likely to result in high risk to data subjects' rights and freedoms	Deployment of certain high-risk AI systems by specified deployers (notably public bodies and certain essential-service providers)
Performed by	Controller	Deployer
Scope of analysis	Privacy and data protection risks	Broader fundamental rights impacts
Relationship	Required where personal data is involved	May be required in addition to DPIA, the two are complementary, not substitutes

7.3 NIST AI RMF vs. ISO/IEC 42001

Aspect	NIST AI RMF	ISO/IEC 42001
Type	Voluntary framework	Management system standard
Origin	U.S. (NIST)	International (ISO/IEC)
Certifiable?	No	Yes
Structure	Four functions: Govern, Map, Measure, Manage	Plan-Do-Check-Act management cycle
Best used for	Risk-based, principle-driven adoption, guides how to think about AI risk	Demonstrating an auditable, certifiable AIMS
Complementary?	Yes, many organizations adopt both	Yes, many organizations adopt both

7.4 Provider vs. Deployer (EU AI Act)

Aspect	Provider	Deployer
What they do	Develops the system, places it on the EU market under own name	Uses the system in its activities
When obligations attach	Before and after market placement	At and after deployment
Key pre-market duties	Risk management, data governance, technical documentation, conformity assessment, CE marking	(Generally none, receives the system from provider)
Key in-use duties	Post-market monitoring, incident reporting	Use per instructions, human oversight, monitoring, logs, FRIA where applicable
Can role flip?	,	Yes: a deployer becomes a provider if it puts its own name on the system, substantially modifies it, or modifies the intended purpose into a new high-risk category

7.5 High-Risk AI vs. GPAI

Aspect	High-Risk AI	GPAI
What it is	A use case classification, the system is used in a high-risk way	A model classification, the model itself is general-purpose
Trigger	Use as safety component in regulated product, or Annex III domain	Trained on broad data, designed for generality, integrable into many downstream uses
Obligations focus	Risk management, conformity, documentation, oversight, post-market	Documentation, downstream-provider information, copyright/TDM compliance, training-data summary; systemic-risk models get more
Same system can be both?	Yes, a GPAI model integrated into a high-risk deployment can carry both sets of obligations along the chain	Yes, a GPAI model integrated into a high-risk deployment can carry both sets of obligations along the chain

8. Exam Traps

These are mistakes candidates commonly make. Read each one twice.

⚠️ Exam Trap 1, A chatbot is not automatically high-risk. A general-purpose chatbot is a limited-risk system subject to transparency obligations (disclose that it is AI). It only becomes high-risk if its specific use case falls within Annex III, for example, a chatbot used in essential service eligibility decisions.

⚠️ Exam Trap 2, A provider and a deployer may be the same organization. An organization that builds its own AI and uses it internally is both provider and deployer for that system. The roles describe tasks; one entity can occupy several.

⚠️ Exam Trap 3, High-risk AI is not prohibited. "High-risk" means regulated, not banned. Prohibited and high-risk are distinct tiers. A high-risk system can be placed on the market if it meets the Act's requirements.

⚠️ Exam Trap 4, Limited risk does not mean low accuracy. "Limited risk" refers to the system's risk classification, not its quality. A highly accurate chatbot is still limited-risk for transparency purposes.

⚠️ Exam Trap 5, GPAI is a separate track, not a risk tier. The four-tier risk pyramid (prohibited / high / limited / minimal) classifies AI systems by use. GPAI obligations attach to the model itself, independent of the four tiers. A GPAI model can be integrated into a minimal-risk app, a limited-risk app, or a high-risk app, and the GPAI obligations on the model provider apply regardless.

⚠️ Exam Trap 6, "Right to explanation" is contested phrasing. GDPR Article 22 establishes rights related to solely automated decision-making, not a verbatim "right to explanation." Choose the more accurate phrasing on the exam.

⚠️ Exam Trap 7, DPIA and FRIA are not the same. DPIA covers personal data risks under GDPR. FRIA covers broader fundamental rights impacts under the EU AI Act for certain deployers. Both may be required for the same deployment.

⚠️ Exam Trap 8, Importers and distributors have obligations too. The Act regulates four roles, not just provider and deployer. Importers and distributors must verify conformity-assessment status and accompanying documentation. Don't pick "none of the above" when an importer/distributor question appears.

⚠️ Exam Trap 9, Public availability of data does not strip privacy protection. Web-scraped personal data is still personal data. Special-category data scraped from public sources is still special-category data.

⚠️ Exam Trap 10, NIST AI RMF is not law. The framework is voluntary. References to NIST adoption in regulatory contexts do not make NIST itself a regulation.

9. Knowledge Check Questions

1. A bank wants to retrain its credit-decisioning model using customer transaction data originally collected to deliver banking services. Which two privacy law concepts are MOST directly implicated?

A. Data portability and the right to be forgotten.
B. Purpose limitation and lawful basis.
C. Breach notification timing and supervisory authority cooperation.
D. Cross-border transfer mechanisms and adequacy decisions.

Answer: B. Reusing data collected for one purpose to train a model engages purpose limitation (is the new use compatible?) and lawful basis (is there a valid basis for the training use specifically?).

2. Under the EU AI Act's risk classification, an AI system used to evaluate the creditworthiness of natural persons for consumer loans is MOST likely classified as:

A. Prohibited.
B. High-risk.
C. Limited risk.
D. Minimal risk.

Answer: B. Credit scoring for natural persons falls within Annex III high-risk categories (access to essential private services).

3. A U.S. company purchases an AI hiring tool from a European vendor and uses it to screen U.S. candidates. Its U.S. nondiscrimination exposure is BEST described as:

A. Zero, the vendor bears all responsibility under product liability.
B. Limited to deceptive-practice claims under consumer protection law.
C. Direct, anti-discrimination statutes apply to the employer's hiring decisions regardless of whether AI was used.
D. Governed exclusively by the EU AI Act because the vendor is European.

Answer: C. Existing anti-discrimination law applies to the employer's decisions. Vendor contracts may allocate risk privately but do not displace the employer's direct legal exposure. NYC Local Law 144 adds procedural obligations on top.

4. The NIST AI Risk Management Framework's four core functions are:

A. Plan, Do, Check, Act.
B. Identify, Protect, Detect, Respond.
C. Govern, Map, Measure, Manage.
D. Discover, Classify, Mitigate, Audit.

Answer: C. Govern (cross-cutting), Map, Measure, Manage. Option A is PDCA; Option B is from the NIST Cybersecurity Framework.

5. An organization wants to certify its AI management system against an international standard. Which ISO/IEC standard is the appropriate target?

A. ISO/IEC 22989.
B. ISO/IEC 42001.
C. ISO/IEC 42005.
D. ISO/IEC 27001.

Answer: B. 42001 is the certifiable AI management system standard. 22989 is terminology; 42005 is impact assessment; 27001 is information security.

6. Under the EU AI Act, an importer of a high-risk AI system from a non-EU provider must verify which of the following before placing the system on the EU market?

A. That the provider has carried out the conformity assessment and accompanied the system with required documentation, including CE marking where applicable.
B. That the provider has obtained explicit consent from every EU data subject.
C. That the system has received approval from the European Court of Justice.
D. That the system uses only open-source models.

Answer: A. The importer verifies conformity-assessment status, documentation, and CE marking, not substantive compliance from scratch.

7. A company markets an AI medical-imaging tool as having "99% diagnostic accuracy" based on benchmarks that do not reflect real-world clinical conditions. Which body of existing law is MOST directly implicated, in addition to medical-device regulation?

A. Intellectual property law.
B. Cross-border data transfer law.
C. Consumer protection law (unfair and deceptive practices).
D. Trade-secret law.

Answer: C. Misleading performance claims about AI fall squarely within unfair and deceptive practices authority.

8. Which of the following is a distinct obligation for providers of general-purpose AI models under the EU AI Act?

A. Publication of a sufficiently detailed summary of the training data used.
B. Pre-approval of every downstream use case by the European Commission.
C. Disclosure of the full model weights to the public.
D. Mandatory open-sourcing of the model.

Answer: A. GPAI providers must publish a sufficiently detailed summary of training data. The Act does not require open-sourcing or per-use-case Commission approval.

10. Mnemonics and Memory Aids

10.1 Provider obligations under the EU AI Act: "RD-TLC-P"

R, Risk management system
D, Data and data governance
T, Technical documentation
L, Logging (record keeping)
C, Conformity assessment
P, Post-market monitoring

10.2 EU AI Act risk tiers: "PHLM" (top to bottom)

P, Prohibited
H, High-risk
L, Limited risk
M, Minimal risk

10.3 Annex III high-risk categories: "BICE-LMJE"

A working mnemonic for the standalone high-risk domains:

B, Biometrics
I, Infrastructure (critical)
C, Credit / essential services (private and public services)
E, Education and vocational training
L, Law enforcement
M, Migration / border control
J, Justice (administration of)
E, Employment

10.4 NIST AI RMF functions: "Go MMM"

Govern (center, cross-cutting)
Map
Measure
Manage

10.5 ISO AI standards: "2-4-4"

22989 = terminology
42001 = management system (certifiable)
42005 = impact assessment

10.6 Domain II overall: "PLATFORMS"

P, Privacy laws applied to AI
L, Liability (product liability)
A, Anti-discrimination law
T, Transparency obligations
F, Frameworks (OECD, NIST, ISO)
O, Obligations by role (provider/deployer/importer/distributor)
R, Risk classification (prohibited/high/limited/minimal)
M, Management systems (QMS, ISO 42001)
S, Sector and jurisdiction-specific laws

11. If You Remember Only These 25 Facts

For final-day revision.

GDPR lawful bases for AI: consent, contract, legal obligation, vital interests, public task, legitimate interests.
Purpose limitation and lawful basis are the two most-tested privacy concepts in AI contexts.
DPIA is required for AI processing likely to result in high risk to data subjects.
Article 22 establishes rights related to solely automated decision-making, not a verbatim "right to explanation."
Special categories under GDPR include biometric data used for identification, health data, and others. Inference of special categories can bring processing into special-category scope.
Anti-discrimination law reaches AI through disparate-treatment and disparate-impact theories, employment, credit, housing, insurance.
NYC Local Law 144 requires bias audits of automated employment decision tools.
Colorado AI Act addresses high-risk AI systems with developer and deployer duties.
Consumer protection law (e.g., FTC) reaches deceptive AI claims and undisclosed AI use.
EU Product Liability Directive (revised) extends product liability to software including AI.
EU AI Act risk pyramid: Prohibited → High-Risk → Limited → Minimal.
Prohibited practices include social scoring by public authorities, manipulative systems, untargeted biometric scraping, and certain real-time biometric ID in public spaces.
High-risk = (a) safety component in regulated products or (b) Annex III standalone domains.
Annex III domains: biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice.
Limited risk = transparency obligations only (chatbots, deepfakes, biometric categorization, emotion recognition).
Provider obligations (RD-TLC-P): Risk management, Data governance, Technical documentation, Logging, Conformity assessment, Post-market monitoring.
Deployers use the system, ensure human oversight, monitor, and conduct FRIA where applicable.
A deployer becomes a provider by branding, substantial modification, or repurposing into a high-risk category.
GPAI is a separate track from the risk pyramid. All GPAI providers owe training-data summary and downstream-info duties; systemic-risk GPAI owes more.
CE marking indicates EU AI Act conformity for in-scope high-risk systems.
AI Office has particular responsibility for GPAI at EU level.
EU AI Act phasing: entry into force Aug 2024 → prohibitions ~6mo → GPAI ~12mo → most other rules ~24mo → product-embedded high-risk ~36mo.
OECD AI Principles = 5 values + 5 policymaker recommendations.
NIST AI RMF functions: Govern (center), Map, Measure, Manage. Voluntary, not law.
ISO 22989 terminology · 42001 management system (certifiable) · 42005 impact assessment.

12. Glossary

AI Office: EU-level body with particular responsibility for general-purpose AI models under the EU AI Act.

AIMS (AI Management System): A managed organizational system for governing AI activities, often built to ISO/IEC 42001.

Annex III (EU AI Act): Annex enumerating standalone high-risk AI use cases, biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice.

CE marking: A marking indicating conformity to applicable EU requirements, including the EU AI Act's conformity-assessment requirements for in-scope high-risk systems.

Conformity assessment: Pre-market evaluation that an AI system meets EU AI Act requirements. May be self-assessed or, for certain categories, performed by a notified body.

Controller (data controller): Entity that determines the purposes and means of personal data processing under privacy law.

Data minimization: Privacy law principle that personal data collected and processed should be limited to what is necessary for the stated purpose.

Deployer (EU AI Act): A natural or legal person using an AI system under its authority, other than personal non-professional use.

Disparate impact: A facially neutral practice producing a substantially disproportionate adverse effect on a protected class, without sufficient justification.

Disparate treatment: Intentionally treating individuals less favorably on the basis of a protected characteristic.

DPIA (Data Protection Impact Assessment): Structured assessment of privacy risks under GDPR for processing likely to result in high risk.

FRIA (Fundamental Rights Impact Assessment): Assessment required of certain deployers of high-risk AI under the EU AI Act, evaluating impacts on fundamental rights.

General-purpose AI (GPAI) model: Under the EU AI Act, an AI model trained on broad data at scale, designed for generality of output, capable of competently performing a wide range of distinct tasks.

Importer (EU AI Act): A person established in the EU that places on the EU market an AI system from a non-EU provider.

ISO/IEC 22989: International standard establishing AI terminology and concepts.

ISO/IEC 42001: International standard specifying requirements for an AI management system. Certifiable.

ISO/IEC 42005: International standard providing guidance on AI system impact assessment.

Lawful basis: Legal ground (consent, contract, legal obligation, vital interests, public task, legitimate interests) on which personal data is processed.

NIST AI RMF: Voluntary U.S. National Institute of Standards and Technology framework, organized around Govern, Map, Measure, Manage.

Notified body: Organization designated by a national authority to perform third-party conformity assessment for certain high-risk AI systems.

OECD AI Principles: Values-based principles for trustworthy AI plus recommendations to policymakers, adopted by the OECD.

Processor (data processor): Entity processing personal data on behalf of a controller, under the controller's instructions.

Prohibited AI practice: Use of AI banned outright under the EU AI Act.

Provider (EU AI Act): Entity that develops an AI system or GPAI model and places it on the EU market under its own name or trademark.

Purpose limitation: Privacy law principle that personal data collected for specified, explicit, and legitimate purposes shall not be further processed incompatibly.

Special categories of personal data: GDPR-defined categories receiving heightened protection, racial/ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data used for identification, health data, sex life, sexual orientation.

Systemic risk (GPAI): Risk specific to the most capable GPAI models, identified by compute threshold or by designation, triggering additional EU AI Act obligations.