Products
Explore Enzai’s full suite of AI governance products designed to help organizations manage, monitor, and scale AI with confidence. From structured intake and centralized AI inventories to automated assessments and real-time oversight, Enzai provides the building blocks to embed governance directly into everyday AI workflows—without slowing innovation.
All
Whitepaper
AI Regulations
Podcasts
Product Updates
Press Coverage
Glossary
Join our podcast or collaborate on content
Reach out and we’ll see what we can produce together.
A
AI Accountability
The obligation of AI system developers and operators to ensure their systems are designed and used responsibly, adhering to ethical standards and legal requirements.
AI Alignment
The process of ensuring AI systems' goals and behaviors are aligned with human values and intentions.
AI Auditing
The systematic evaluation of AI systems to assess compliance with ethical standards, regulations, and performance metrics.
AI Bias
Systematic errors in AI outputs resulting from prejudiced training data or flawed algorithms, leading to unfair outcomes.
AI Compliance
The adherence of AI systems to applicable laws, regulations, and ethical guidelines throughout their lifecycle.
AI Ethics
The field concerned with the moral implications and responsibilities associated with the development and deployment of AI technologies.
AI Explainability
The extent to which the internal mechanics of an AI system can be understood and interpreted by humans.
AI Governance
The framework of policies, processes, and controls that guide the ethical and effective development and use of AI systems.
AI Inventory
A comprehensive, centralized catalog of all AI systems, models, and agents in use across an organization, tracking their business purpose, risk level, and ownership.
AI Literacy
The understanding of AI concepts, capabilities, and limitations, enabling informed interaction with AI technologies.
AI Monitoring
The continuous observation and analysis of AI system performance to ensure reliability, safety, and compliance.
AI Risk
The potential for AI systems to cause harm or unintended consequences, including ethical, legal, and operational risks.
AI Risk Management
The process of identifying, assessing, and mitigating risks associated with AI systems.
AI TRiSM
An acronym coined by Gartner standing for AI Trust, Risk, and Security Management; a framework that unifies governance, trustworthiness, and security into a single operational strategy.
AI Transparency
The principle that AI systems should be open and clear about their operations, decisions, and data usage.
Accuracy
The degree to which an AI system's outputs correctly reflect real-world data or intended outcomes.
Adversarial Attack
Techniques that manipulate AI models by introducing deceptive inputs to cause incorrect outputs.
Agentic AI
A class of artificial intelligence systems designed to autonomously pursue complex goals and execute multi-step actions (such as software deployment or financial transactions) with minimal human intervention.
Agentic AI Governance
The governance of autonomous AI systems capable of executing independent actions (e.g., transactions, code deployment) distinct from Predictive AI (which provides insights) and Generative AI (which creates content).
Algorithm
A set of rules or instructions given to an AI system to help it learn on its own.
Algorithmic Bias
Bias that occurs when an algorithm produces results that are systemically prejudiced due to erroneous assumptions in the machine learning process.
Algorithmic Governance
The use of algorithms to manage and regulate societal functions, potentially impacting decision-making processes.
Artificial General Intelligence
A type of AI that possesses the ability to understand, learn, and apply knowledge in a generalized way, similar to human intelligence.
Artificial Intelligence
The simulation of human intelligence processes by machines, especially computer systems, including learning, reasoning, and self-correction.
Agent Fabric
An integrated runtime substrate that hosts, orchestrates, and governs multiple AI agents alongside the models, tools, and data they depend on.
Agent Mesh
A networked topology in which AI agents discover, communicate with, and delegate work to one another through a shared infrastructure layer.
AI Assistant
A conversational AI system designed to help users complete tasks through natural language interaction, typically powered by a large language model.
AI Bill of Materials (AIBOM)
A structured inventory listing the components that make up an AI system, including foundation models, training datasets, libraries, and dependencies - the AI equivalent of a Software Bill of Materials (SBOM).
AI Footprint
The total set of AI systems, models, agents, and embedded AI features in use across an organization at any given time, including sanctioned and shadow systems.
AI Sprawl
The uncontrolled expansion of AI systems across an organization, typically driven by easy access to AI tools and a lack of effective intake and inventory processes.
Article 25 (EU AI Act)
The EU AI Act provision creating a direct obligation chain between providers and deployers of high-risk AI systems, including responsibility transfer when systems are substantially modified.
Article 50 (EU AI Act)
The EU AI Act provision setting transparency obligations for AI systems that interact with people, generate synthetic content, or produce deepfakes.
Acceptable Use Policy (AUP)
A set of rules applied by an organization that outlines the permitted and prohibited ways employees may interact with company-provided AI tools.
Accredited Certification
A certificate issued by a certification body that has been formally recognized by a national accreditation body (like ANAB or UKAS) as competent to audit against a specific standard.
Action Preview
A governance requirement where an AI agent must display exactly what an irreversible operation will do before a human provides final approval.
Action Whitelisting
A security and governance control that specifies the only permitted tools, APIs, and actions an AI agent is allowed to execute.
Agent Goal Hijack (ASI01)
A vulnerability where an attacker manipulates an agent's objectives or decision pathways to redirect its autonomous behavior toward unintended outcomes.
Agentic Policy Engine
A runtime software component that intercepts agent actions and evaluates them against a set of deterministic governance rules before execution.
AI Governance for Financial Services
The specialized application of AI risk management frameworks to meet the rigorous prudential and conduct requirements of the banking and insurance sectors.
AI Governance Software
Specialized enterprise tools used to automate the inventory, risk assessment, and regulatory compliance of artificial intelligence systems.
EU AI Liability Directive
A proposed EU directive aimed at simplifying the process for claimants to seek damages caused by AI systems by introducing a rebuttable presumption of causality.
Artificial Intelligence Management System (AIMS)
A set of interrelated or interacting elements of an organization to establish policies, objectives, and processes for the responsible development or use of AI.
AI System Impact Assessment
A formal process to evaluate the potential consequences of an AI system's deployment on individuals, groups, and society at large.
Artificial Intelligence and Data Act (AIDA)
Canada's federal regulatory framework (part of Bill C-27) aimed at ensuring high-impact AI systems are developed and used safely and without bias.
Amnesty Program
A time-limited governance initiative where employees are invited to disclose unsanctioned AI tool usage without fear of disciplinary action.
Annex I Products
A list of products already regulated by EU health and safety law (e.g., machinery, medical devices) where AI integrated under the EU AI Act is automatically classified as high-risk.
Annex III Categories
A specific list of high-risk AI application areas defined by the EU AI Act that trigger mandatory compliance obligations.
API Traffic Analysis
The technical process of monitoring and inspecting network calls made to external AI service providers.
Article 6(3) Exception
A self-determination mechanism under the EU AI Act allowing providers to classify an Annex III AI system as not high-risk if it poses no significant harm.
Australia Safe & Responsible AI Policy
The Australian federal policy governing the use of AI within the public service and government agencies.
Automated AI Governance
The use of software and API integrations to perform continuous, real-time compliance checks and risk monitoring without manual intervention.
B
Backpropagation
A training algorithm used in neural networks that adjusts weights by propagating errors backward from the output layer to minimize loss.
Batch Learning
A machine learning approach where the model is trained on the entire dataset at once, as opposed to incremental learning.
Benchmarking
The process of comparing AI system performance against standard metrics or other systems to assess effectiveness.
Bias
Systematic errors in AI outputs resulting from prejudiced training data or flawed algorithms, leading to unfair outcomes.
Bias Amplification
The phenomenon where AI systems exacerbate existing biases present in the training data, leading to increasingly skewed outcomes.
Bias Audit
An evaluation process to detect and mitigate biases in AI systems, ensuring fairness and compliance with ethical standards.
Bias Detection
The process of identifying biases in AI models by analyzing their outputs and decision-making processes.
Bias Mitigation
Techniques applied during AI development to reduce or eliminate biases in models and datasets.
Black Box Model
An AI system whose internal workings are not transparent or interpretable, making it difficult to understand how decisions are made.
Bot
A software application that performs automated tasks, often used in AI for tasks like customer service or data collection.
Brussels Effect
The phenomenon whereby EU regulation becomes the global default through market access requirements, even for organizations headquartered outside the EU.
Brazil AI Bill (PL 2338/2023)
Brazil's primary legislative effort to establish a national framework for AI rights and governance.
C
Causal Inference
A method in AI and statistics used to determine cause-and-effect relationships, helping to understand the impact of interventions or changes in variables.
Chatbot
An AI-powered software application designed to simulate human conversation, often used in customer service and information acquisition.
Classification
A supervised learning technique in machine learning where the model predicts the category or class label of new observations based on training data.
Cognitive Bias
Systematic patterns of deviation from norm or rationality in judgment, which can influence AI decision-making if present in training data.
Cognitive Computing
A subset of AI that simulates human thought processes in a computerized model, aiming to solve complex problems without human assistance.
Cognitive Load
The total amount of mental effort being used in the working memory, considered in AI to design systems that do not overwhelm users.
Compliance Framework
A structured set of guidelines and best practices that organizations follow to ensure their AI systems meet regulatory and ethical standards.
Compliance Risk
The potential for legal or regulatory sanctions, financial loss, or reputational damage an organization faces when it fails to comply with laws, regulations, or prescribed practices.
Computer Vision
A field of AI that trains computers to interpret and process visual information from the world, such as images and videos.
Concept Drift
The change in the statistical properties of the target variable, which the model is trying to predict, over time, leading to model degradation.
Confidence Interval
A range of values, derived from sample statistics, that is likely to contain the value of an unknown population parameter, used in AI to express uncertainty.
Conformity Assessment
A process to determine whether an AI system meets specified requirements, standards, or regulations, often involving testing and certification.
Continuous Learning
An AI system's ability to continuously learn and adapt from new data inputs without human intervention, improving over time.
Controllability
The extent to which humans can direct, influence, or override the decisions and behaviors of an AI system.
Cross-Validation
A model validation technique for assessing how the results of a statistical analysis will generalize to an independent dataset.
Cybersecurity
The practice of protecting systems, networks, and programs from digital attacks, crucial in safeguarding AI systems against threats.
COREPER Mandate
The negotiating authority granted by EU member state ambassadors (Committee of Permanent Representatives) to the rotating Council Presidency for trilogue negotiations on EU legislation.
California AB 1008
An amendment to the CCPA clarifying that personal information includes data generated or output by AI systems.
California AB 3030
A California law requiring transparency when Generative AI is used to communicate with patients in a healthcare setting.
California ADMT Regulations
Rules under the California Consumer Privacy Act (CCPA) governing Automated Decision-Making Technology (ADMT).
California FEHA AI Regulations
State regulations under the Fair Employment and Housing Act (FEHA) targeting AI-driven discrimination in the workplace.
California AI Transparency Act (SB 942)
Legislation requiring large providers of generative AI systems to provide detection tools and embed latent and manifest disclosures in AI-generated content.
Cascading Failure (ASI08)
A failure mode where an error or malicious input in one AI agent's reasoning triggers a chain reaction of failures across multiple connected agents or systems.
CE Marking
A mandatory certification mark that indicates an AI system's conformity with health, safety, and environmental protection standards for products sold within the EEA.
Change Notification Window
A contractual period during which a vendor must inform a customer of material updates to an AI model before those updates are deployed in production.
China Interim GenAI Measures
Regulatory requirements for generative AI services provided to the Chinese public.
Council of Europe AI Convention
The first legally binding international treaty on AI, focusing on the protection of human rights, democracy, and the rule of law.
Colorado AI Act (SB24-205)
The first broad U.S. state law requiring developers and deployers of high-risk AI systems to implement duty of care standards and conduct annual impact assessments.
Internal Control (Conformity Assessment)
A process under the EU AI Act where a provider self-verifies that their high-risk AI system meets all regulatory requirements without requiring a third-party audit.
Cryptographic Agent Identity
A verifiable digital credential (often a Decentralized Identifier or DID) that uniquely identifies an AI agent and its authority level.
D
Data Drift
The change in model input data over time, which can lead to model performance degradation if not monitored and addressed.
Data Ethics
The branch of ethics that evaluates data practices with respect to the moral obligations of gathering, protecting, and using personally identifiable information.
Data Governance
The overall management of data availability, usability, integrity, and security in an enterprise, ensuring that data is handled properly throughout its lifecycle.
Data Lifecycle Management
The policy-based management of data flow throughout its lifecycle: from creation and initial storage to the time it becomes obsolete and is deleted.
Data Minimization
The principle of collecting only the data that is necessary for a specific purpose, reducing the risk of misuse or breach.
Data Privacy
The aspect of information technology that deals with the ability to control what data is shared and with whom, ensuring personal data is handled appropriately.
Data Protection
The process of safeguarding important information from corruption, compromise, or loss, ensuring compliance with data protection laws and regulations.
Data Quality
The condition of data based on factors such as accuracy, completeness, reliability, and relevance, crucial for effective AI model performance.
Data Residency
The physical or geographic location of an organization's data, which can have implications for compliance with data protection laws.
Data Sovereignty
The concept that data is subject to the laws and governance structures within the nation it is collected, stored, or processed.
Data Subject
An individual whose personal data is collected, held, or processed, particularly relevant in the context of data protection laws like GDPR.
De-identification
The process of removing or obscuring personal identifiers from data sets, making it difficult to identify individuals, used to protect privacy.
Deep Learning
A subset of machine learning involving neural networks with multiple layers, enabling the modeling of complex patterns in data.
Deepfake
Synthetic media in which a person in an existing image or video is replaced with someone else's likeness, created using deep learning techniques.
Differential Privacy
A system for publicly sharing information about a dataset by describing patterns of groups within the dataset while withholding information about individuals.
Discrimination
In AI, refers to unfair treatment of individuals or groups based on biases in data or algorithms, leading to unequal outcomes.
Distributed Learning
A machine learning approach where training data is distributed across multiple devices or locations, and models are trained collaboratively without sharing raw data.
Domain Adaptation
A technique in machine learning where a model trained in one domain is adapted to work in a different but related domain.
Dynamic Risk Assessment
The continuous process of identifying and evaluating risks in real-time, allowing for timely responses to emerging threats in AI systems.
Data Ingestion Risk
The danger that sensitive or proprietary information will be permanently absorbed into an AI model's training set during a user's interaction.
Data Provenance
A documented record of the origin, ownership, and lifecycle of a dataset used to train or fine-tune an AI model.
EU Digital Omnibus on AI
A 2025/2026 legislative package designed to streamline and harmonize technical standards, conformity assessments, and enforcement timelines across the EU AI Act and related digital safety laws.
Dual-Use Foundation Model
An AI model that is trained on a vast amount of data and has high-level performance that could be used for both civilian and harmful or military purposes.
E
Edge AI
The deployment of AI algorithms on edge devices, enabling data processing and decision-making at the source of data generation.
Edge Analytics
The analysis of data at the edge of the network, near the source of data generation, reducing latency and bandwidth usage.
Ensemble Learning
A machine learning paradigm where multiple models are trained and combined to solve the same problem, improving overall performance.
Entity Resolution
The process of identifying and linking records that refer to the same real-world entity across different datasets.
Enzai
An enterprise AI governance platform that enables organizations to inventory, assess, and control their AI systems, ensuring maxmize AI adoption while minimizing AI risk.
Ethical AI
The practice of designing, developing, and deploying AI systems in a manner that aligns with ethical principles and values, ensuring fairness, accountability, and transparency.
Ethical AI Auditing
The process of systematically evaluating AI systems to ensure they comply with ethical standards and do not cause harm.
Ethical AI Certification
A formal recognition that an AI system adheres to established ethical standards and guidelines.
Ethical AI Governance
The framework of policies, procedures, and practices that ensure AI systems are developed and used responsibly and ethically.
Ethical Frameworks
Structured sets of principles and guidelines designed to guide the ethical development and deployment of AI systems.
Ethical Hacking
The practice of intentionally probing systems for vulnerabilities to identify and fix security issues, ensuring the robustness of AI systems.
Ethical Impact Assessment
A systematic evaluation process to identify and address the ethical implications and potential societal impacts of AI systems before deployment.
Ethical Risk
The potential for an AI system to cause harm due to unethical behavior, including bias, discrimination, or violation of privacy.
Ethics Guidelines for Trustworthy AI
A set of guidelines developed by the European Commission's High-Level Expert Group on AI to promote trustworthy AI, focusing on human agency, technical robustness, privacy, transparency, diversity, societal well-being, and accountability.
Explainability Techniques
Methods used to interpret and understand the decisions made by AI models, such as LIME, SHAP, and saliency maps.
Explainability vs. Interpretability
While both aim to make AI decisions understandable, explainability focuses on the reasoning behind decisions, whereas interpretability relates to the transparency of the model's internal mechanics.
Explainable AI (XAI)
AI systems designed to provide human-understandable justifications for their decisions and actions, enhancing transparency and trust.
Explainable Machine Learning
Machine learning models designed to provide clear and understandable explanations for their predictions and decisions.
EU AI Office
The European Commission body established to oversee implementation and enforcement of the EU AI Act, particularly for general-purpose AI models with systemic risk.
EU Digital Omnibus
The European Union's broader 2025-2026 legislative simplification package addressing multiple digital regulations including the AI Act, GDPR provisions, the Cyber Resilience Act, and Data Act amendments.
Embedded AI
AI capabilities or features that are integrated directly into third-party software-as-a-service (SaaS) platforms or enterprise tools.
Escalation Logic
A set of predefined rules and triggers that force an AI agent to stop autonomous operation and hand control back to a human operator.
ESMA AI/ML Governance Expectations
Regulatory guidelines from the European Securities and Markets Authority regarding the use of AI and Machine Learning in financial markets.
EU AI Act
The world's first comprehensive horizontal legal framework for AI, establishing a risk-based classification system for systems deployed or used within the European Union.
EU AI Act Risk Classification
The mandatory process of assigning one of four risk levels (Unacceptable, High, Limited, Minimal) to an AI system under the EU AI Act.
Excessive Agency
A vulnerability where an AI system is granted too much autonomy, too many tools, or over-privileged access relative to its intended function.
Executive Order 14110
The Biden administration directive (signed October 2023, rescinded January 2025) that established U.S. national standards for AI safety, security, and privacy and created the U.S. AI Safety Institute at NIST.
EU AI Act High-Risk Categories
The two classifications of high-risk AI systems under the EU AI Act: standalone systems listed in Annex III (covering biometrics, critical infrastructure, employment, education, law enforcement, and other named uses), and AI embedded in regulated products listed in Annex I (covering medical devices, vehicles, machinery, and other regulated product categories).
F
Fairness
Ensuring AI systems produce unbiased, equitable outcomes across different individuals and groups, and mitigating discriminatory impacts.
Fairness Metrics
Quantitative measures (e.g., demographic parity, equalized odds) used to evaluate how fair an AI model’s predictions are across groups.
False Negative
When an AI model incorrectly predicts a negative class for an instance that is actually positive (Type II error).
False Positive
When an AI model incorrectly predicts a positive class for an instance that is actually negative (Type I error).
Fault Tolerance
The ability of an AI system to continue operating correctly even when some components fail or produce errors.
Feature Engineering
Creating, selecting or transforming raw dataset attributes into features that improve the performance of machine learning models.
Feature Extraction
The process of mapping raw data (e.g., text, images) into numerical representations (features) suitable for input into ML algorithms.
Feature Selection
Identifying and selecting the most relevant features for model training to reduce complexity and improve accuracy.
Federated Learning
A decentralized ML approach where models are trained across multiple devices or servers holding local data, without sharing raw data centrally.
Feedback Loop
A process where AI outputs are fed back as inputs, which can amplify model behavior - for better (reinforcement learning) or worse (bias reinforcement).
Fine-Tuning
Adapting a pre-trained AI model to a specific task or dataset by continuing training on new data, often improving task-specific performance.
Formal Verification
Mathematically proving that AI algorithms comply with specified correctness properties, often used in safety-critical systems.
Framework
A structured set of policies, processes, and tools guiding the governance, development, deployment, and monitoring of AI systems.
Fraud Detection
Using AI techniques (e.g., anomaly detection, pattern recognition) to identify and prevent fraudulent activities in finance, insurance, etc.
Functional Safety
Ensuring AI systems operate safely under all conditions, especially in industries like automotive or healthcare, often via redundancy and checks.
Fuzzy Logic
A logic system that handles reasoning with approximate, rather than binary true/false values - useful in control systems and uncertainty handling.
Federated AI Governance
A governance model where central policy and oversight are paired with distributed decision-making by business units or regional offices, balancing consistency with operational flexibility.
FS AI RMF (Financial Services AI Risk Management Framework)
The US Treasury's specialized AI risk management framework for financial services firms, published February 2026, adapting the NIST AI RMF for sector-specific obligations.
Fundamental Rights Impact Assessment (FRIA)
A mandatory evaluation under the EU AI Act for certain deployers to determine how the use of a high-risk AI system might impact civil liberties and human rights.
G
GDPR
The EU’s General Data Protection Regulation, establishing strict requirements for personal data collection, processing, and individual rights.
GPU
Specialized hardware accelerator for parallel computations, widely used to train and run large-scale AI models efficiently.
Gap Analysis
The process of comparing current AI governance practices against desired standards or regulations to identify areas needing improvement.
Generalization
An AI model’s ability to perform well on new, unseen data by capturing underlying patterns rather than memorizing training examples.
Generative AI
AI techniques (e.g., GANs, transformers) that create new content - text, images, or other media - often raising novel governance and IP concerns.
Global Model
A consolidated AI model trained on aggregated data from multiple sources, as opposed to localized or personalized models.
Governance
The set of policies, procedures, roles, and responsibilities that guide the ethical, legal, and effective development and deployment of AI systems.
Governance Body
A cross-functional group (e.g., legal, ethics, technical) tasked with overseeing AI governance policies and their execution within an organization.
Governance Framework
A structured model outlining how AI governance components (risk management, accountability, oversight) fit together to ensure compliance and ethical use.
Governance Maturity Model
A staged framework that assesses how advanced an organization’s AI governance practices are, from ad-hoc to optimized.
Governance Policy
A formal document that codifies rules, roles, and procedures for AI development and oversight within an organization.
Governance Scorecard
A dashboard or report card that tracks key metrics (e.g., bias incidents, compliance audits) to measure AI governance effectiveness over time.
Gradient Descent
An optimization algorithm that iteratively adjusts model parameters in the direction that minimally decreases the loss function.
Granular Consent
A data-privacy approach allowing individuals to grant or deny specific permissions for each type of data use, enhancing transparency and control.
Green AI
The practice of reducing the environmental impact of AI through energy-efficient algorithms and sustainable computing practices.
Grey Box Model
A model whose internal logic is partially transparent (some components interpretable, others opaque), balancing performance and explainability.
Ground Truth
The accurate, real-world data or labels used as a benchmark to train and evaluate AI model performance.
Guardrails
Predefined constraints or checks (technical and policy) embedded in AI systems to prevent unsafe or non-compliant behavior at runtime.
Guideline (Ethical AI)
A non-binding recommendation or best-practice document issued by organizations (e.g., IEEE, EU) to shape responsible AI development and deployment.
Goal Drift
A phenomenon where an AI agent's internal sub-goals or reasoning pathways gradually move away from the original human-provided objective.
GPAI Code of Practice
The detailed regulatory instrument outlining specific transparency, safety testing, and risk mitigation obligations for providers of General-Purpose AI (GPAI) models under the EU AI Act.
GPAI Model
A general-purpose artificial intelligence model capable of performing a wide range of distinct tasks and integrating into various applications.
H
Hallucination
When generative AI produces incorrect or fabricated information that appears plausible but has no basis in the training data.
Handling Missing Data
Techniques (e.g., imputation, deletion, modeling) for addressing gaps in datasets to maintain model integrity and fairness.
Hardware Accelerator
Specialized chips (e.g., GPUs, TPUs) designed to speed up AI computations, with implications for energy use and supply chain risk.
Harm Assessment
Evaluating potential negative impacts (physical, psychological, societal) of AI systems and defining mitigation strategies.
Harmonization
Aligning AI policies, standards, and regulations across jurisdictions to reduce conflicts and enable interoperability.
Hashing
The process of converting data into a fixed-size string of characters, used for data integrity checks and privacy-preserving record linkage.
Heterogeneous Data
Combining data of different types (text, image, sensor) or from multiple domains, which poses integration and governance challenges.
Heuristic
A rule-of-thumb or simplified decision-making strategy used to speed up AI processes, often trading optimality for efficiency.
Heuristic Evaluation
A usability inspection method where experts judge an AI system against established usability principles to identify potential issues.
High-Stakes AI
AI applications whose failures could cause significant harm (e.g., medical diagnosis, autonomous vehicles), requiring heightened governance and oversight.
Human Oversight
Mechanisms that allow designated individuals to monitor, intervene, or override AI system decisions to ensure ethical and legal compliance.
Human Rights Impact Assessment
A process to evaluate how AI systems affect fundamental rights (privacy, expression, non-discrimination) and identify mitigation measures.
Human-in-the-Loop
Involving human judgment within AI processes (training, validation, decision review) to improve accuracy and accountability.
Hybrid Model
AI systems combining multiple learning paradigms (e.g., symbolic and neural) to balance explainability and performance.
Hyperparameter
A configuration variable (e.g., learning rate, tree depth) set before model training that influences learning behavior and performance.
Hyperparameter Tuning
The process of searching for the optimal hyperparameter values (e.g., via grid search, Bayesian optimization) to maximize model performance.
Harmonized Structure
A standardized template for all ISO management system standards, formerly known as Annex SL, ensuring consistency in terminology and clause numbering.
High-Risk AI System
AI applications that have a significant potential to harm the health, safety, or fundamental rights of individuals, triggering the most stringent compliance requirements under the EU AI Act.
I
ISO/IEC JTC 1/SC 42
The joint ISO/IEC committee on Artificial Intelligence standardization, developing international AI standards for governance, risk, and interoperability.
Imbalanced Data
A dataset where one class or category significantly outnumbers others, which can lead AI models to bias toward the majority class unless mitigated.
Immutable Ledger
A tamper-evident record-keeping mechanism (e.g., blockchain) ensuring that once data are written, they cannot be altered without detection - useful for AI audit trails.
Impact Assessment
A structured evaluation to identify, analyze, and mitigate potential ethical, legal, and societal impacts of an AI system before deployment.
Implicit Bias
Unconscious or unintentional biases embedded in training data or model design that can lead to discriminatory outcomes.
Incentive Alignment
The design of reward structures and objectives so that AI systems’ goals remain consistent with human values and organizational priorities.
Inductive Bias
The set of assumptions a learning algorithm uses to generalize from observed data to unseen instances.
Inference
The process by which a trained AI model processes new data inputs to produce predictions or decisions.
Inference Engine
The component of an AI system (often in rule-based or expert systems) that applies a knowledge base to input data to draw conclusions.
Information Governance
The policies, procedures, and controls that ensure data quality, privacy, and usability across an organization’s data assets, including AI training datasets.
Information Privacy
The right of individuals to control how their personal data are collected, used, stored, and shared by AI systems.
Infrastructure as Code (IaC)
Managing and provisioning AI infrastructure (compute, storage, networking) through machine-readable configuration files, improving repeatability and auditability.
Interoperability
The ability of diverse AI systems and components to exchange, understand, and use information seamlessly, often via open standards or APIs.
Interpretability
The degree to which a human can understand the internal mechanics or decision rationale of an AI model.
Intrusion Detection
Monitoring AI infrastructure and applications for malicious activity or policy violations, triggering alerts or automated responses.
Inherited Data Risk
The regulatory and ethical liability an organization assumes when using an AI system trained on data they did not collect or vet themselves.
Intake Workflow
The standardized process and series of checks that a new AI system must pass through before being built or procured.
Intent Validation
The process of verifying that an AI agent's planned sub-actions remain consistent with the original human-provided objective.
ISO/IEC 42001
The international standard specifying requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS).
ISO/IEC 42005
The international standard providing guidance on performing AI system impact assessments.
Implementing Acts
Secondary EU legislation adopted by the European Commission to set uniform conditions for implementing primary legislation, with binding legal effect across all Member States.
J
Jacobian Matrix
In AI explainability, the matrix of all first-order partial derivatives of a model’s outputs w.r.t. its inputs, used to assess sensitivity and feature importance.
Jailbreak Attack
A type of prompt‐injection where users exploit vulnerabilities to bypass safeguards in generative AI models, potentially leading to unsafe or unauthorized outputs.
Joint Liability
Legal principle where multiple parties (e.g., developers, deployers) share responsibility for AI‐related harms, influencing contract and governance structures.
Joint Modeling
Building AI systems that jointly learn multiple tasks (e.g., speech recognition + translation), with governance needed for complexity and auditability.
Judgment Bias
Systematic errors in human or AI decision‐making processes caused by cognitive shortcuts or flawed data, requiring bias audits and mitigation.
Judicial Review
The legal process by which courts evaluate the lawfulness of decisions made or assisted by AI, ensuring accountability and due process.
Jurisdiction
The legal authority over data, AI operations, and liability, which varies by geography and impacts compliance with regional regulations (e.g., GDPR, CCPA).
Juror Automation
The use of AI to assist in jury selection or case analysis, raising ethical concerns around fairness, transparency, and legal oversight.
Justice Metrics
Quantitative measures (e.g., disparate impact, equal opportunity) used to assess fairness and nondiscrimination in AI decision‐making.
Japan Act on Promotion of AI
A Japanese law (enacted 2025) establishing basic principles for AI promotion and risk mitigation.
K
Key Performance Indicator
A quantifiable metric (e.g., model accuracy drift, bias remediation time) used to monitor and report on AI governance and compliance objectives.
Key Risk Indicator
A leading metric (e.g., frequency of out-of-scope predictions, rate of unexplainable decisions) that signals emerging AI risks before they materialize.
Know Your Customer (KYC)
Compliance processes to verify the identity, risk profile and legitimacy of individuals or entities interacting with AI systems, especially in regulated industries.
Knowledge Distillation
A method of transferring insight from a larger “teacher” model into a smaller “student” model, balancing performance with resource and governance constraints.
Knowledge Graph
A structured representation of entities and their relationships used to improve AI explainability, auditability and alignment with domain ontologies.
Knowledge Management
Practices and tools for capturing, organizing and sharing organizational knowledge (e.g., model documentation, audit logs) to ensure reproducibility and oversight.
L
Label Leakage
The inadvertent inclusion of output information in training data labels, which can inflate performance metrics and conceal true model generalization issues.
Large Language Model
A deep learning model trained on vast text corpora that can perform tasks like text generation, translation, and summarization, often requiring governance around bias and misuse.
Least Privilege
A security principle where AI components and users are granted only the minimal access rights necessary to perform their functions, reducing risk of misuse.
Legal Compliance
The practice of ensuring AI systems adhere to applicable laws, regulations, and industry standards throughout their entire lifecycle.
Liability Framework
A structured approach defining who is responsible for AI-related harms or failures, including developers, deployers, and operators.
Lifecycle Management
The coordinated processes for development, deployment, monitoring, maintenance, and retirement of AI systems to ensure ongoing compliance and risk control.
Liveness Detection
Techniques used to verify that an input (e.g., biometric) originates from a live subject rather than a spoof or replay, enhancing system security and integrity.
Localization
Adapting AI systems to local languages, regulations, cultural norms, and data residency requirements in different jurisdictions.
Log Management
The collection, storage, and analysis of system and application logs from AI workflows to support auditing, incident response, and model performance tracking.
Loss Function
A mathematical function that quantifies the difference between predicted outputs and true values, guiding model training and optimization.
Least Agency
A security and governance principle stating that AI agents should only be granted the minimum level of autonomy and tool-access necessary to complete a specific task.
M
Meaningful Human Control
A regulatory and operational standard ensuring that humans retain the ability to oversee, intervene in, and override AI decision-making processes.
Metadata Management
The practice of capturing and maintaining descriptive data (e.g., data provenance, feature definitions, model parameters) to support traceability and audits.
Metrics & KPIs
Quantitative measures (e.g., accuracy drift, fairness scores, incident response time) used to monitor AI system health, risk, and compliance objectives.
Mitigation Strategies
Planned actions (e.g., bias remediation, retraining, feature re-engineering) to address identified AI risks and compliance gaps.
Model Explainability
Techniques and documentation that make an AI model’s decision logic understandable to stakeholders and auditors.
Model Governance
The policies, roles, and controls that ensure AI models are developed, approved, and used in line with organizational standards and regulatory requirements.
Model Monitoring
Continuous tracking of an AI model’s performance, data drift, and operational metrics to detect degradation or emerging risks.
Model Retraining
The process of updating an AI model with new or refreshed data to maintain performance and compliance as data distributions evolve.
Model Risk Management
The structured process of identifying, assessing, and mitigating risks arising from AI/ML models throughout their lifecycle.
Model Validation
The evaluation activities (e.g., testing against hold-out data, stress scenarios) that confirm an AI model meets its intended purpose and performance criteria.
Multi-Stakeholder Engagement
Involving diverse groups (e.g., legal, ethics, operations, end users) in AI governance processes to ensure balanced risk oversight and alignment with business goals.
Market Surveillance Authority
The national regulatory body in each EU member state responsible for monitoring AI systems to ensure they comply with the EU AI Act.
MAS FEAT Principles
The Monetary Authority of Singapore's principles for Fairness, Ethics, Accountability, and Transparency (FEAT) in the use of AI in finance.
Mexico Federal Law on AI and Algorithms
A draft Mexican federal law on AI and algorithms proposing a risk-based classification system, the National AI Commission (CONAIA), and watermarking requirements for AI-generated content.
Minnesota CDPA (AI Provisions)
The AI-specific components of the Minnesota Consumer Data Privacy Act.
Model Card
A short, standardized document providing essential information about a machine learning model's performance, limitations, and intended use cases.
Model Disgorgement
A regulatory remedy requiring a company to delete AI models or algorithms that were developed using improperly or unlawfully acquired data.
Model Drift
The degradation of an AI model's predictive performance over time due to changes in real-world data or the environment.
N
NIST AI Risk Management Framework
A voluntary guidance from the U.S. National Institute of Standards and Technology outlining best practices for mitigating risks across AI system lifecycles.
Natural Language Processing (NLP)
Techniques and tools that enable machines to interpret, generate, and analyze human language in text or speech form.
Network Security
Measures and controls (e.g., segmentation, firewalls, intrusion detection) to protect AI infrastructure and data pipelines from unauthorized access or tampering.
Neural Architecture Search
Automated methods for designing and optimizing neural network structures to improve model performance while balancing complexity and resource constraints.
Noise Injection
Deliberate introduction of random perturbations into training data or model parameters to enhance robustness and guard against adversarial manipulation.
Novelty Detection
Techniques for identifying inputs or scenarios that differ significantly from training data, triggering review or safe-mode operation to prevent unexpected failures.
NIST AI RMF Profiles
Context-specific implementations of the NIST AI Risk Management Framework tailored to particular industries, technologies, or risk types.
Non-Human Identity (NHI)
A digital credential used by an AI agent, bot, or service to authenticate and interact with enterprise systems.
Notified Body
An independent third-party organization designated by an EU member state to assess the conformity of certain high-risk AI systems under the EU AI Act.
NYC Local Law 144
A New York City law requiring annual bias audits for AI tools used in employment decisions.
O
Observability
The capability to infer an AI system’s internal state and behavior through collection and analysis of logs, metrics, and outputs for effective monitoring and troubleshooting.
Ongoing Monitoring
Continuous tracking of AI system performance, data drift, bias metrics, and security events to detect and address emerging risks over time.
Opacity
The absence of transparency in how an AI model arrives at decisions or predictions, posing challenges for trust and regulatory compliance.
Operational Resilience
The ability of AI systems and their supporting infrastructure to anticipate, withstand, recover from, and adapt to disruptions or adverse events.
Orchestration
The automated coordination of AI workflows and services - data ingestion, model training, deployment - ensuring compliance with policies and resource governance.
Outlier Detection
Techniques to identify data points or model predictions that deviate significantly from expected patterns, triggering review or mitigation actions.
Overfitting
A modeling issue where an AI system learns noise or idiosyncrasies in training data, reducing its ability to generalize to new, unseen data.
Oversight
The structured process of review, approval, and accountability for AI development and deployment, typically involving cross-functional governance bodies.
Ownership
The clear assignment of responsibility and authority over AI assets - data, models, processes - to ensure accountability throughout the system lifecycle.
OMB Memorandum M-25-21
A federal directive specifying AI governance and risk management requirements for US government agencies.
Operational Autonomy
The ability of an AI system to perform multi-step tasks and make decisions without human intervention at each stage.
Output Risk
The operational, legal, and reputational danger arising from the use of incorrect, biased, or harmful content generated by an AI system.
OWASP Agentic Top 10
A formal taxonomy of the ten most critical security risks specific to autonomous AI agents and their application environments.
P
Permissioning
The management of user and system access rights to AI data and functions, ensuring least-privilege and preventing unauthorized use.
Pilot Testing
A limited-scope trial of an AI system in a controlled environment to assess performance, risks, and governance controls before full-scale deployment.
Policy Enforcement
The automated or manual mechanisms that ensure AI operations adhere to organizational policies, regulatory rules, and ethical guidelines.
Post-Deployment Monitoring
Ongoing observation of AI system behavior and environment after release to detect degradation, drift, or compliance breaches.
Predictive Maintenance
AI-driven monitoring and analysis to forecast component or system failures, ensuring operational resilience and risk mitigation in critical environments.
Privacy Impact Assessment
A structured analysis to identify and mitigate privacy risks associated with AI systems, covering data collection, use, sharing, and retention.
Privacy by Design
An approach that embeds data protection and user privacy considerations into AI system architecture and processes from the outset.
Process Automation
Use of AI and workflow tools to streamline governance, compliance checks, and risk mitigation activities, reducing manual effort and error.
Presumption of Conformity
A legal mechanism under EU AI Act and other regimes whereby compliance with a harmonized standard (e.g., a published EN standard) provides a rebuttable assumption that the underlying regulation is satisfied.
Parametric Knowledge
The information learned by an AI model during its training process and stored within its weights and parameters.
Paved Road Governance
A strategy that encourages compliance by making sanctioned, secure workflows easier to follow than unsanctioned alternatives.
PRA SS1/23 (Model Risk Management)
The UK Prudential Regulation Authority's statement on model risk management for banks and insurers.
Probabilistic System
A system where outputs are based on statistical likelihood rather than deterministic, fixed logic.
Q
Qualitative Assessment
The subjective review of AI system behaviors, decisions, and documentation by experts to identify ethical, legal, or reputational concerns not captured quantitatively.
Quality Assurance
The systematic processes and checks to ensure AI models and data pipelines meet defined standards for accuracy, reliability, and ethical compliance.
Quality Control
The ongoing verification of AI outputs and processes against benchmarks and test cases to catch defects, bias incidents, or policy violations.
Quantitative Risk Assessment
A data-driven evaluation of potential AI threats, estimating likelihoods and impacts numerically to prioritize mitigation efforts.
Quantum Computing
The emerging computational paradigm that leverages quantum mechanics, posing new governance challenges around security, standardization, and risk.
Query Logging
The practice of recording AI system inputs and user queries to enable audit trails, detect misuse, and support accountability.
Query Privacy
Techniques and policies to protect sensitive information in user queries, ensuring that logged inputs do not compromise personal or proprietary data.
Questionnaire Framework
A structured set of governance-focused questions used during design, procurement, or deployment to ensure AI systems align with policy requirements.
Quorum for Governance Board
The minimum number of governance committee members required to be present to make official decisions on AI risk, policy approvals, or audit outcomes.
Quota Management
The controls and limits placed on AI resource usage (e.g., API calls, compute time) to enforce governance policies and prevent runaway costs or abuse.
R
Recourse
Mechanisms that allow affected individuals to challenge or seek remedy for AI-driven decisions that impact their rights or interests.
Red Teaming
A proactive testing approach where internal or external experts simulate attacks or misuse scenarios to uncover vulnerabilities in AI systems.
Regulatory Compliance
Ensuring AI systems adhere to applicable laws, regulations, and industry standards (e.g., GDPR, FDA, financial oversight) throughout their operation.
Reproducibility
The capacity to consistently regenerate AI model results using the same data, code, and configurations, ensuring transparency and auditability.
Responsibility Assignment Matrix
A tool (e.g., RACI) that clarifies roles and accountabilities for each governance activity - who’s Responsible, Accountable, Consulted, and Informed.
Responsible AI
The practice of designing, developing, and deploying AI systems in ways that are ethical, transparent, and accountable to stakeholders and society.
Risk Assessment
The process of identifying, analyzing, and prioritizing potential harms or failures in AI systems to determine appropriate mitigation strategies.
Risk Management Framework
A structured set of guidelines and processes for systematically addressing AI risks across the system lifecycle, from design through retirement.
Robustness
The ability of an AI system to maintain reliable performance under a variety of challenging or adversarial conditions.
Root Cause Analysis
A structured investigation to determine the underlying reasons for AI system failures or unexpected behaviors, guiding corrective actions.
Reasoning Chain
The multi-step logical process an AI agent follows to move from an initial objective to a final action or output.
S
Sanctioned Use Policy
Defined rules and controls that specify approved contexts, users, and purposes for AI system operation to prevent misuse.
Security by Design
Integrating security controls and best practices into AI systems from the earliest design phases to prevent vulnerabilities and data breaches.
Shadow AI
The unsanctioned use of AI models, agents, or tools by employees without IT approval, creating hidden security vulnerabilities through data leakage and unauthorized autonomous actions.
Societal Impact Assessment
A structured evaluation of how an AI system affects social, economic, and cultural aspects of communities, identifying potential harms and benefits.
Software Development Lifecycle
The end-to-end process (requirements, design, build, test, deploy, monitor) for AI applications, incorporating governance and compliance checks at each stage.
Stakeholder Engagement
The process of involving affected parties (e.g., users, regulators, impacted communities) in AI development and oversight to ensure diverse perspectives and buy-in.
Surveillance Risk
The threat that AI systems may be exploited for invasive monitoring of individuals or groups, infringing on privacy and civil liberties.
Synthetic Data
Artificially generated datasets that mimic real data distributions, used to augment training sets while protecting privacy.
Shadow Agents
Unsanctioned autonomous AI agents deployed within an organization without governance team awareness, capable of taking actions that affect business systems and external parties.
Singapore Model AI Governance Framework
A voluntary guidance framework from Singapore's IMDA and PDPC for responsible AI deployment.
South Korea AI Basic Act
South Korea's comprehensive legal framework for AI development and trust.
SR 11-7 (Model Risk Management)
The foundational US Federal Reserve guidance for managing risks associated with the use of models in banking.
Statement of Applicability (SoA)
A document that identifies which ISO 42001 Annex A controls are relevant to an organization's AI Management System and explains why others were excluded.
Substantial Modification
A change to an AI system after it has been placed on the market that affects its compliance or intended purpose under the EU AI Act.
System of Record
The authoritative data source for a given data element or piece of information within an organization.
Systemic Risk Threshold
The technical or capability-based limit (e.g., 10^25 FLOPs) that classifies a General-Purpose AI model as posing a high level of risk to society.
T
Tail Risk
The potential for rare, extreme outcomes in AI behavior or decision-making that fall outside normal expectations and require special mitigation planning.
Testing & Validation
The systematic process of evaluating AI models against benchmarks, edge cases, and stress conditions to ensure they meet performance, safety, and compliance criteria.
Third-Party Risk
The exposure arising from reliance on external data providers, model vendors, or service platforms that may introduce compliance or security vulnerabilities.
Threshold Setting
Defining boundaries or cut-off values in AI decision rules (e.g., confidence scores) to balance risks like false positives versus false negatives.
Traceability
The ability to track and document each step in the AI lifecycle - from data collection through model development to deployment - to support auditing and forensics.
Training Dataset
The curated collection of labeled or unlabeled data used to teach an AI model the relationships and patterns it must learn to perform its task.
Transfer Learning
A technique where a model developed for one task is adapted for a related task, reducing development time but requiring governance of inherited biases.
Transparency
The practice of making AI system processes, decision logic, and data usage clear and understandable to stakeholders for accountability.
Trustworthy AI
AI systems designed and operated in a manner that is ethical, reliable, safe, and aligned with human values and societal norms.
Trilogue
The informal three-way negotiation between the European Commission, the Council of the European Union, and the European Parliament used to reach political agreement on EU legislation before formal adoption.
U
Underfitting
A modeling issue where an AI system is too simple to capture underlying data patterns, resulting in poor performance on both training and new data.
Uniformity
Ensuring consistent application of policies, controls, and standards across all AI systems to avoid governance gaps or uneven risk management.
Unsupervised Learning
A machine learning approach where models identify patterns or groupings in unlabeled data without explicit outcome guidance.
Uptime Monitoring
Continuous tracking of AI system availability and performance to detect outages or degradation that could impact critical operations or compliance obligations.
Use Case Governance
The practice of defining, approving, and monitoring specific AI use cases to ensure each aligns with organizational policies, ethical standards, and risk appetite.
User Consent
The process of obtaining and recording explicit permission from individuals before collecting, processing, or using their personal data in AI systems.
Utility
A measure of how valuable or effective an AI system is in achieving its intended objectives, balanced against any associated risks or resource costs.
UK AI Opportunities Action Plan
The UK government's strategic roadmap for maximizing AI benefits while establishing targeted, binding safety rules.
V
Validation
The process of confirming that an AI model performs accurately and reliably on intended tasks and meets defined performance criteria.
Variance Monitoring
Tracking fluctuations in AI model outputs or performance metrics over time to detect drift and infer potential degradation or risk.
Vendor Risk Management
Assessing and monitoring third-party suppliers of AI components or services to identify and mitigate potential compliance, security, or ethical risks.
Version Control
The practice of managing and tracking changes to AI code, models, and datasets over time to ensure reproducibility and auditability.
Veto Authority
The formal right held by a governance body or stakeholder to block or require changes to AI deployments that pose unacceptable risks.
Vigilance Monitoring
Continuous surveillance of AI behavior and external signals (e.g., regulatory updates) to promptly identify and respond to emerging risks or non-compliance.
Vision AI Oversight
The governance processes specific to computer vision systems, ensuring data quality, bias checks, and transparency in image/video-based decision-making.
Vulnerability Assessment
Identifying, analyzing, and prioritizing security weaknesses in AI infrastructure and applications to guide remediation efforts.
Version Pinning
The practice of locking an AI system to a specific, tested version of a foundation model to prevent silent updates from changing system behavior.
W
Watchdog Monitoring
Independent runtime checks that observe AI decisions and trigger alerts or interventions when policies or thresholds are violated.
Weight Auditing
Examining model weights and structures for anomalies, backdoors, or biases that could indicate tampering or unintended behaviors.
White-Box Testing
Assessing AI systems with full knowledge of internal workings (code, parameters, architecture) to verify correctness, security, and compliance.
Whitelist/Blacklist Policy
Governance rule defining allowed (whitelist) and disallowed (blacklist) inputs, features, or operations to enforce compliance and prevent misuse.
Whitelisting
Allowing only pre-approved data sources, libraries, or model components in AI pipelines to reduce risk from unvetted or malicious elements.
Workflow Orchestration
Automating and sequencing AI lifecycle tasks (data ingestion, training, validation, deployment) to enforce governance policies and ensure consistency.
Workload Segregation
Separating AI compute environments (e.g., dev, test, prod) and data domains to limit blast radius of failures or security breaches.
Worst-Case Analysis
Evaluating the most extreme potential failures or abuses of an AI system to inform robust risk mitigation and contingency planning.
Write-Once Read-Many (WORM) Storage
Immutable storage ensuring logs, audit trails, and model artifacts cannot be altered once written, supporting non-repudiation and forensic review.
Watermarking
The practice of embedding detectable, machine-readable provenance markers in AI-generated output, such as images, audio, video, and synthetic text, so downstream consumers and platforms can identify content as AI-generated.
X
X-Validation
A model validation technique (often abbreviated “X-Val”) that partitions data into folds to rigorously assess model generalization and detect overfitting.
XAI (Explainable AI)
Techniques and methods that make an AI model’s decision process transparent and understandable to humans, supporting accountability and compliance.
XAI Audit
A review process that evaluates whether AI explainability outputs meet internal policies and regulatory requirements, ensuring sufficient transparency.
XAI Framework
A structured approach or set of guidelines that organizations use to implement, measure, and govern explainability practices across their AI systems.
XAI Metrics
Quantitative or qualitative measures (e.g., feature importance scores, explanation fidelity) used to assess the quality and reliability of AI explanations.
Y
YARA Rules
A set of signature-based detection patterns used to scan AI pipelines and artifacts for known malicious code or tampering.
Yearly Compliance Review
An annual evaluation of AI governance processes, policies, and systems to ensure continued alignment with regulations and internal standards.
Z
Zero Defect Tolerance
A governance principle aiming for no errors or policy violations in AI outputs, supported by rigorous testing, monitoring, and continuous improvement cycles.
Zero-Day Vulnerability
A previously unknown security flaw in AI software or infrastructure that can be exploited before a patch or mitigation is available.
Zero-Shot Learning
A model capability to correctly handle tasks or classify data it was never explicitly trained on by leveraging generalized knowledge representations.
Zone-Based Access Control
A network or data governance approach that divides resources into zones with distinct policies, restricting AI system access according to data sensitivity.
All
Whitepaper
AI Regulations
Podcasts
Product Updates
Press Coverage
Glossary
Join our podcast or collaborate on content
Reach out and we’ll see what we can produce together.
A
AI Accountability
The obligation of AI system developers and operators to ensure their systems are designed and used responsibly, adhering to ethical standards and legal requirements.
AI Alignment
The process of ensuring AI systems' goals and behaviors are aligned with human values and intentions.
AI Auditing
The systematic evaluation of AI systems to assess compliance with ethical standards, regulations, and performance metrics.
AI Bias
Systematic errors in AI outputs resulting from prejudiced training data or flawed algorithms, leading to unfair outcomes.
AI Compliance
The adherence of AI systems to applicable laws, regulations, and ethical guidelines throughout their lifecycle.
AI Ethics
The field concerned with the moral implications and responsibilities associated with the development and deployment of AI technologies.
AI Explainability
The extent to which the internal mechanics of an AI system can be understood and interpreted by humans.
AI Governance
The framework of policies, processes, and controls that guide the ethical and effective development and use of AI systems.
AI Inventory
A comprehensive, centralized catalog of all AI systems, models, and agents in use across an organization, tracking their business purpose, risk level, and ownership.
AI Literacy
The understanding of AI concepts, capabilities, and limitations, enabling informed interaction with AI technologies.
AI Monitoring
The continuous observation and analysis of AI system performance to ensure reliability, safety, and compliance.
AI Risk
The potential for AI systems to cause harm or unintended consequences, including ethical, legal, and operational risks.
AI Risk Management
The process of identifying, assessing, and mitigating risks associated with AI systems.
AI TRiSM
An acronym coined by Gartner standing for AI Trust, Risk, and Security Management; a framework that unifies governance, trustworthiness, and security into a single operational strategy.
AI Transparency
The principle that AI systems should be open and clear about their operations, decisions, and data usage.
Accuracy
The degree to which an AI system's outputs correctly reflect real-world data or intended outcomes.
Adversarial Attack
Techniques that manipulate AI models by introducing deceptive inputs to cause incorrect outputs.
Agentic AI
A class of artificial intelligence systems designed to autonomously pursue complex goals and execute multi-step actions (such as software deployment or financial transactions) with minimal human intervention.
Agentic AI Governance
The governance of autonomous AI systems capable of executing independent actions (e.g., transactions, code deployment) distinct from Predictive AI (which provides insights) and Generative AI (which creates content).
Algorithm
A set of rules or instructions given to an AI system to help it learn on its own.
Algorithmic Bias
Bias that occurs when an algorithm produces results that are systemically prejudiced due to erroneous assumptions in the machine learning process.
Algorithmic Governance
The use of algorithms to manage and regulate societal functions, potentially impacting decision-making processes.
Artificial General Intelligence
A type of AI that possesses the ability to understand, learn, and apply knowledge in a generalized way, similar to human intelligence.
Artificial Intelligence
The simulation of human intelligence processes by machines, especially computer systems, including learning, reasoning, and self-correction.
Agent Fabric
An integrated runtime substrate that hosts, orchestrates, and governs multiple AI agents alongside the models, tools, and data they depend on.
Agent Mesh
A networked topology in which AI agents discover, communicate with, and delegate work to one another through a shared infrastructure layer.
AI Assistant
A conversational AI system designed to help users complete tasks through natural language interaction, typically powered by a large language model.
AI Bill of Materials (AIBOM)
A structured inventory listing the components that make up an AI system, including foundation models, training datasets, libraries, and dependencies - the AI equivalent of a Software Bill of Materials (SBOM).
AI Footprint
The total set of AI systems, models, agents, and embedded AI features in use across an organization at any given time, including sanctioned and shadow systems.
AI Sprawl
The uncontrolled expansion of AI systems across an organization, typically driven by easy access to AI tools and a lack of effective intake and inventory processes.
Article 25 (EU AI Act)
The EU AI Act provision creating a direct obligation chain between providers and deployers of high-risk AI systems, including responsibility transfer when systems are substantially modified.
Article 50 (EU AI Act)
The EU AI Act provision setting transparency obligations for AI systems that interact with people, generate synthetic content, or produce deepfakes.
Acceptable Use Policy (AUP)
A set of rules applied by an organization that outlines the permitted and prohibited ways employees may interact with company-provided AI tools.
Accredited Certification
A certificate issued by a certification body that has been formally recognized by a national accreditation body (like ANAB or UKAS) as competent to audit against a specific standard.
Action Preview
A governance requirement where an AI agent must display exactly what an irreversible operation will do before a human provides final approval.
Action Whitelisting
A security and governance control that specifies the only permitted tools, APIs, and actions an AI agent is allowed to execute.
Agent Goal Hijack (ASI01)
A vulnerability where an attacker manipulates an agent's objectives or decision pathways to redirect its autonomous behavior toward unintended outcomes.
Agentic Policy Engine
A runtime software component that intercepts agent actions and evaluates them against a set of deterministic governance rules before execution.
AI Governance for Financial Services
The specialized application of AI risk management frameworks to meet the rigorous prudential and conduct requirements of the banking and insurance sectors.
AI Governance Software
Specialized enterprise tools used to automate the inventory, risk assessment, and regulatory compliance of artificial intelligence systems.
EU AI Liability Directive
A proposed EU directive aimed at simplifying the process for claimants to seek damages caused by AI systems by introducing a rebuttable presumption of causality.
Artificial Intelligence Management System (AIMS)
A set of interrelated or interacting elements of an organization to establish policies, objectives, and processes for the responsible development or use of AI.
AI System Impact Assessment
A formal process to evaluate the potential consequences of an AI system's deployment on individuals, groups, and society at large.
Artificial Intelligence and Data Act (AIDA)
Canada's federal regulatory framework (part of Bill C-27) aimed at ensuring high-impact AI systems are developed and used safely and without bias.
Amnesty Program
A time-limited governance initiative where employees are invited to disclose unsanctioned AI tool usage without fear of disciplinary action.
Annex I Products
A list of products already regulated by EU health and safety law (e.g., machinery, medical devices) where AI integrated under the EU AI Act is automatically classified as high-risk.
Annex III Categories
A specific list of high-risk AI application areas defined by the EU AI Act that trigger mandatory compliance obligations.
API Traffic Analysis
The technical process of monitoring and inspecting network calls made to external AI service providers.
Article 6(3) Exception
A self-determination mechanism under the EU AI Act allowing providers to classify an Annex III AI system as not high-risk if it poses no significant harm.
Australia Safe & Responsible AI Policy
The Australian federal policy governing the use of AI within the public service and government agencies.
Automated AI Governance
The use of software and API integrations to perform continuous, real-time compliance checks and risk monitoring without manual intervention.
B
Backpropagation
A training algorithm used in neural networks that adjusts weights by propagating errors backward from the output layer to minimize loss.
Batch Learning
A machine learning approach where the model is trained on the entire dataset at once, as opposed to incremental learning.
Benchmarking
The process of comparing AI system performance against standard metrics or other systems to assess effectiveness.
Bias
Systematic errors in AI outputs resulting from prejudiced training data or flawed algorithms, leading to unfair outcomes.
Bias Amplification
The phenomenon where AI systems exacerbate existing biases present in the training data, leading to increasingly skewed outcomes.
Bias Audit
An evaluation process to detect and mitigate biases in AI systems, ensuring fairness and compliance with ethical standards.
Bias Detection
The process of identifying biases in AI models by analyzing their outputs and decision-making processes.
Bias Mitigation
Techniques applied during AI development to reduce or eliminate biases in models and datasets.
Black Box Model
An AI system whose internal workings are not transparent or interpretable, making it difficult to understand how decisions are made.
Bot
A software application that performs automated tasks, often used in AI for tasks like customer service or data collection.
Brussels Effect
The phenomenon whereby EU regulation becomes the global default through market access requirements, even for organizations headquartered outside the EU.
Brazil AI Bill (PL 2338/2023)
Brazil's primary legislative effort to establish a national framework for AI rights and governance.
C
Causal Inference
A method in AI and statistics used to determine cause-and-effect relationships, helping to understand the impact of interventions or changes in variables.
Chatbot
An AI-powered software application designed to simulate human conversation, often used in customer service and information acquisition.
Classification
A supervised learning technique in machine learning where the model predicts the category or class label of new observations based on training data.
Cognitive Bias
Systematic patterns of deviation from norm or rationality in judgment, which can influence AI decision-making if present in training data.
Cognitive Computing
A subset of AI that simulates human thought processes in a computerized model, aiming to solve complex problems without human assistance.
Cognitive Load
The total amount of mental effort being used in the working memory, considered in AI to design systems that do not overwhelm users.
Compliance Framework
A structured set of guidelines and best practices that organizations follow to ensure their AI systems meet regulatory and ethical standards.
Compliance Risk
The potential for legal or regulatory sanctions, financial loss, or reputational damage an organization faces when it fails to comply with laws, regulations, or prescribed practices.
Computer Vision
A field of AI that trains computers to interpret and process visual information from the world, such as images and videos.
Concept Drift
The change in the statistical properties of the target variable, which the model is trying to predict, over time, leading to model degradation.
Confidence Interval
A range of values, derived from sample statistics, that is likely to contain the value of an unknown population parameter, used in AI to express uncertainty.
Conformity Assessment
A process to determine whether an AI system meets specified requirements, standards, or regulations, often involving testing and certification.
Continuous Learning
An AI system's ability to continuously learn and adapt from new data inputs without human intervention, improving over time.
Controllability
The extent to which humans can direct, influence, or override the decisions and behaviors of an AI system.
Cross-Validation
A model validation technique for assessing how the results of a statistical analysis will generalize to an independent dataset.
Cybersecurity
The practice of protecting systems, networks, and programs from digital attacks, crucial in safeguarding AI systems against threats.
COREPER Mandate
The negotiating authority granted by EU member state ambassadors (Committee of Permanent Representatives) to the rotating Council Presidency for trilogue negotiations on EU legislation.
California AB 1008
An amendment to the CCPA clarifying that personal information includes data generated or output by AI systems.
California AB 3030
A California law requiring transparency when Generative AI is used to communicate with patients in a healthcare setting.
California ADMT Regulations
Rules under the California Consumer Privacy Act (CCPA) governing Automated Decision-Making Technology (ADMT).
California FEHA AI Regulations
State regulations under the Fair Employment and Housing Act (FEHA) targeting AI-driven discrimination in the workplace.
California AI Transparency Act (SB 942)
Legislation requiring large providers of generative AI systems to provide detection tools and embed latent and manifest disclosures in AI-generated content.
Cascading Failure (ASI08)
A failure mode where an error or malicious input in one AI agent's reasoning triggers a chain reaction of failures across multiple connected agents or systems.
CE Marking
A mandatory certification mark that indicates an AI system's conformity with health, safety, and environmental protection standards for products sold within the EEA.
Change Notification Window
A contractual period during which a vendor must inform a customer of material updates to an AI model before those updates are deployed in production.
China Interim GenAI Measures
Regulatory requirements for generative AI services provided to the Chinese public.
Council of Europe AI Convention
The first legally binding international treaty on AI, focusing on the protection of human rights, democracy, and the rule of law.
Colorado AI Act (SB24-205)
The first broad U.S. state law requiring developers and deployers of high-risk AI systems to implement duty of care standards and conduct annual impact assessments.
Internal Control (Conformity Assessment)
A process under the EU AI Act where a provider self-verifies that their high-risk AI system meets all regulatory requirements without requiring a third-party audit.
Cryptographic Agent Identity
A verifiable digital credential (often a Decentralized Identifier or DID) that uniquely identifies an AI agent and its authority level.
D
Data Drift
The change in model input data over time, which can lead to model performance degradation if not monitored and addressed.
Data Ethics
The branch of ethics that evaluates data practices with respect to the moral obligations of gathering, protecting, and using personally identifiable information.
Data Governance
The overall management of data availability, usability, integrity, and security in an enterprise, ensuring that data is handled properly throughout its lifecycle.
Data Lifecycle Management
The policy-based management of data flow throughout its lifecycle: from creation and initial storage to the time it becomes obsolete and is deleted.
Data Minimization
The principle of collecting only the data that is necessary for a specific purpose, reducing the risk of misuse or breach.
Data Privacy
The aspect of information technology that deals with the ability to control what data is shared and with whom, ensuring personal data is handled appropriately.
Data Protection
The process of safeguarding important information from corruption, compromise, or loss, ensuring compliance with data protection laws and regulations.
Data Quality
The condition of data based on factors such as accuracy, completeness, reliability, and relevance, crucial for effective AI model performance.
Data Residency
The physical or geographic location of an organization's data, which can have implications for compliance with data protection laws.
Data Sovereignty
The concept that data is subject to the laws and governance structures within the nation it is collected, stored, or processed.
Data Subject
An individual whose personal data is collected, held, or processed, particularly relevant in the context of data protection laws like GDPR.
De-identification
The process of removing or obscuring personal identifiers from data sets, making it difficult to identify individuals, used to protect privacy.
Deep Learning
A subset of machine learning involving neural networks with multiple layers, enabling the modeling of complex patterns in data.
Deepfake
Synthetic media in which a person in an existing image or video is replaced with someone else's likeness, created using deep learning techniques.
Differential Privacy
A system for publicly sharing information about a dataset by describing patterns of groups within the dataset while withholding information about individuals.
Discrimination
In AI, refers to unfair treatment of individuals or groups based on biases in data or algorithms, leading to unequal outcomes.
Distributed Learning
A machine learning approach where training data is distributed across multiple devices or locations, and models are trained collaboratively without sharing raw data.
Domain Adaptation
A technique in machine learning where a model trained in one domain is adapted to work in a different but related domain.
Dynamic Risk Assessment
The continuous process of identifying and evaluating risks in real-time, allowing for timely responses to emerging threats in AI systems.
Data Ingestion Risk
The danger that sensitive or proprietary information will be permanently absorbed into an AI model's training set during a user's interaction.
Data Provenance
A documented record of the origin, ownership, and lifecycle of a dataset used to train or fine-tune an AI model.
EU Digital Omnibus on AI
A 2025/2026 legislative package designed to streamline and harmonize technical standards, conformity assessments, and enforcement timelines across the EU AI Act and related digital safety laws.
Dual-Use Foundation Model
An AI model that is trained on a vast amount of data and has high-level performance that could be used for both civilian and harmful or military purposes.
E
Edge AI
The deployment of AI algorithms on edge devices, enabling data processing and decision-making at the source of data generation.
Edge Analytics
The analysis of data at the edge of the network, near the source of data generation, reducing latency and bandwidth usage.
Ensemble Learning
A machine learning paradigm where multiple models are trained and combined to solve the same problem, improving overall performance.
Entity Resolution
The process of identifying and linking records that refer to the same real-world entity across different datasets.
Enzai
An enterprise AI governance platform that enables organizations to inventory, assess, and control their AI systems, ensuring maxmize AI adoption while minimizing AI risk.
Ethical AI
The practice of designing, developing, and deploying AI systems in a manner that aligns with ethical principles and values, ensuring fairness, accountability, and transparency.
Ethical AI Auditing
The process of systematically evaluating AI systems to ensure they comply with ethical standards and do not cause harm.
Ethical AI Certification
A formal recognition that an AI system adheres to established ethical standards and guidelines.
Ethical AI Governance
The framework of policies, procedures, and practices that ensure AI systems are developed and used responsibly and ethically.
Ethical Frameworks
Structured sets of principles and guidelines designed to guide the ethical development and deployment of AI systems.
Ethical Hacking
The practice of intentionally probing systems for vulnerabilities to identify and fix security issues, ensuring the robustness of AI systems.
Ethical Impact Assessment
A systematic evaluation process to identify and address the ethical implications and potential societal impacts of AI systems before deployment.
Ethical Risk
The potential for an AI system to cause harm due to unethical behavior, including bias, discrimination, or violation of privacy.
Ethics Guidelines for Trustworthy AI
A set of guidelines developed by the European Commission's High-Level Expert Group on AI to promote trustworthy AI, focusing on human agency, technical robustness, privacy, transparency, diversity, societal well-being, and accountability.
Explainability Techniques
Methods used to interpret and understand the decisions made by AI models, such as LIME, SHAP, and saliency maps.
Explainability vs. Interpretability
While both aim to make AI decisions understandable, explainability focuses on the reasoning behind decisions, whereas interpretability relates to the transparency of the model's internal mechanics.
Explainable AI (XAI)
AI systems designed to provide human-understandable justifications for their decisions and actions, enhancing transparency and trust.
Explainable Machine Learning
Machine learning models designed to provide clear and understandable explanations for their predictions and decisions.
EU AI Office
The European Commission body established to oversee implementation and enforcement of the EU AI Act, particularly for general-purpose AI models with systemic risk.
EU Digital Omnibus
The European Union's broader 2025-2026 legislative simplification package addressing multiple digital regulations including the AI Act, GDPR provisions, the Cyber Resilience Act, and Data Act amendments.
Embedded AI
AI capabilities or features that are integrated directly into third-party software-as-a-service (SaaS) platforms or enterprise tools.
Escalation Logic
A set of predefined rules and triggers that force an AI agent to stop autonomous operation and hand control back to a human operator.
ESMA AI/ML Governance Expectations
Regulatory guidelines from the European Securities and Markets Authority regarding the use of AI and Machine Learning in financial markets.
EU AI Act
The world's first comprehensive horizontal legal framework for AI, establishing a risk-based classification system for systems deployed or used within the European Union.
EU AI Act Risk Classification
The mandatory process of assigning one of four risk levels (Unacceptable, High, Limited, Minimal) to an AI system under the EU AI Act.
Excessive Agency
A vulnerability where an AI system is granted too much autonomy, too many tools, or over-privileged access relative to its intended function.
Executive Order 14110
The Biden administration directive (signed October 2023, rescinded January 2025) that established U.S. national standards for AI safety, security, and privacy and created the U.S. AI Safety Institute at NIST.
EU AI Act High-Risk Categories
The two classifications of high-risk AI systems under the EU AI Act: standalone systems listed in Annex III (covering biometrics, critical infrastructure, employment, education, law enforcement, and other named uses), and AI embedded in regulated products listed in Annex I (covering medical devices, vehicles, machinery, and other regulated product categories).
F
Fairness
Ensuring AI systems produce unbiased, equitable outcomes across different individuals and groups, and mitigating discriminatory impacts.
Fairness Metrics
Quantitative measures (e.g., demographic parity, equalized odds) used to evaluate how fair an AI model’s predictions are across groups.
False Negative
When an AI model incorrectly predicts a negative class for an instance that is actually positive (Type II error).
False Positive
When an AI model incorrectly predicts a positive class for an instance that is actually negative (Type I error).
Fault Tolerance
The ability of an AI system to continue operating correctly even when some components fail or produce errors.
Feature Engineering
Creating, selecting or transforming raw dataset attributes into features that improve the performance of machine learning models.
Feature Extraction
The process of mapping raw data (e.g., text, images) into numerical representations (features) suitable for input into ML algorithms.
Feature Selection
Identifying and selecting the most relevant features for model training to reduce complexity and improve accuracy.
Federated Learning
A decentralized ML approach where models are trained across multiple devices or servers holding local data, without sharing raw data centrally.
Feedback Loop
A process where AI outputs are fed back as inputs, which can amplify model behavior - for better (reinforcement learning) or worse (bias reinforcement).
Fine-Tuning
Adapting a pre-trained AI model to a specific task or dataset by continuing training on new data, often improving task-specific performance.
Formal Verification
Mathematically proving that AI algorithms comply with specified correctness properties, often used in safety-critical systems.
Framework
A structured set of policies, processes, and tools guiding the governance, development, deployment, and monitoring of AI systems.
Fraud Detection
Using AI techniques (e.g., anomaly detection, pattern recognition) to identify and prevent fraudulent activities in finance, insurance, etc.
Functional Safety
Ensuring AI systems operate safely under all conditions, especially in industries like automotive or healthcare, often via redundancy and checks.
Fuzzy Logic
A logic system that handles reasoning with approximate, rather than binary true/false values - useful in control systems and uncertainty handling.
Federated AI Governance
A governance model where central policy and oversight are paired with distributed decision-making by business units or regional offices, balancing consistency with operational flexibility.
FS AI RMF (Financial Services AI Risk Management Framework)
The US Treasury's specialized AI risk management framework for financial services firms, published February 2026, adapting the NIST AI RMF for sector-specific obligations.
Fundamental Rights Impact Assessment (FRIA)
A mandatory evaluation under the EU AI Act for certain deployers to determine how the use of a high-risk AI system might impact civil liberties and human rights.
G
GDPR
The EU’s General Data Protection Regulation, establishing strict requirements for personal data collection, processing, and individual rights.
GPU
Specialized hardware accelerator for parallel computations, widely used to train and run large-scale AI models efficiently.
Gap Analysis
The process of comparing current AI governance practices against desired standards or regulations to identify areas needing improvement.
Generalization
An AI model’s ability to perform well on new, unseen data by capturing underlying patterns rather than memorizing training examples.
Generative AI
AI techniques (e.g., GANs, transformers) that create new content - text, images, or other media - often raising novel governance and IP concerns.
Global Model
A consolidated AI model trained on aggregated data from multiple sources, as opposed to localized or personalized models.
Governance
The set of policies, procedures, roles, and responsibilities that guide the ethical, legal, and effective development and deployment of AI systems.
Governance Body
A cross-functional group (e.g., legal, ethics, technical) tasked with overseeing AI governance policies and their execution within an organization.
Governance Framework
A structured model outlining how AI governance components (risk management, accountability, oversight) fit together to ensure compliance and ethical use.
Governance Maturity Model
A staged framework that assesses how advanced an organization’s AI governance practices are, from ad-hoc to optimized.
Governance Policy
A formal document that codifies rules, roles, and procedures for AI development and oversight within an organization.
Governance Scorecard
A dashboard or report card that tracks key metrics (e.g., bias incidents, compliance audits) to measure AI governance effectiveness over time.
Gradient Descent
An optimization algorithm that iteratively adjusts model parameters in the direction that minimally decreases the loss function.
Granular Consent
A data-privacy approach allowing individuals to grant or deny specific permissions for each type of data use, enhancing transparency and control.
Green AI
The practice of reducing the environmental impact of AI through energy-efficient algorithms and sustainable computing practices.
Grey Box Model
A model whose internal logic is partially transparent (some components interpretable, others opaque), balancing performance and explainability.
Ground Truth
The accurate, real-world data or labels used as a benchmark to train and evaluate AI model performance.
Guardrails
Predefined constraints or checks (technical and policy) embedded in AI systems to prevent unsafe or non-compliant behavior at runtime.
Guideline (Ethical AI)
A non-binding recommendation or best-practice document issued by organizations (e.g., IEEE, EU) to shape responsible AI development and deployment.
Goal Drift
A phenomenon where an AI agent's internal sub-goals or reasoning pathways gradually move away from the original human-provided objective.
GPAI Code of Practice
The detailed regulatory instrument outlining specific transparency, safety testing, and risk mitigation obligations for providers of General-Purpose AI (GPAI) models under the EU AI Act.
GPAI Model
A general-purpose artificial intelligence model capable of performing a wide range of distinct tasks and integrating into various applications.
H
Hallucination
When generative AI produces incorrect or fabricated information that appears plausible but has no basis in the training data.
Handling Missing Data
Techniques (e.g., imputation, deletion, modeling) for addressing gaps in datasets to maintain model integrity and fairness.
Hardware Accelerator
Specialized chips (e.g., GPUs, TPUs) designed to speed up AI computations, with implications for energy use and supply chain risk.
Harm Assessment
Evaluating potential negative impacts (physical, psychological, societal) of AI systems and defining mitigation strategies.
Harmonization
Aligning AI policies, standards, and regulations across jurisdictions to reduce conflicts and enable interoperability.
Hashing
The process of converting data into a fixed-size string of characters, used for data integrity checks and privacy-preserving record linkage.
Heterogeneous Data
Combining data of different types (text, image, sensor) or from multiple domains, which poses integration and governance challenges.
Heuristic
A rule-of-thumb or simplified decision-making strategy used to speed up AI processes, often trading optimality for efficiency.
Heuristic Evaluation
A usability inspection method where experts judge an AI system against established usability principles to identify potential issues.
High-Stakes AI
AI applications whose failures could cause significant harm (e.g., medical diagnosis, autonomous vehicles), requiring heightened governance and oversight.
Human Oversight
Mechanisms that allow designated individuals to monitor, intervene, or override AI system decisions to ensure ethical and legal compliance.
Human Rights Impact Assessment
A process to evaluate how AI systems affect fundamental rights (privacy, expression, non-discrimination) and identify mitigation measures.
Human-in-the-Loop
Involving human judgment within AI processes (training, validation, decision review) to improve accuracy and accountability.
Hybrid Model
AI systems combining multiple learning paradigms (e.g., symbolic and neural) to balance explainability and performance.
Hyperparameter
A configuration variable (e.g., learning rate, tree depth) set before model training that influences learning behavior and performance.
Hyperparameter Tuning
The process of searching for the optimal hyperparameter values (e.g., via grid search, Bayesian optimization) to maximize model performance.
Harmonized Structure
A standardized template for all ISO management system standards, formerly known as Annex SL, ensuring consistency in terminology and clause numbering.
High-Risk AI System
AI applications that have a significant potential to harm the health, safety, or fundamental rights of individuals, triggering the most stringent compliance requirements under the EU AI Act.
I
ISO/IEC JTC 1/SC 42
The joint ISO/IEC committee on Artificial Intelligence standardization, developing international AI standards for governance, risk, and interoperability.
Imbalanced Data
A dataset where one class or category significantly outnumbers others, which can lead AI models to bias toward the majority class unless mitigated.
Immutable Ledger
A tamper-evident record-keeping mechanism (e.g., blockchain) ensuring that once data are written, they cannot be altered without detection - useful for AI audit trails.
Impact Assessment
A structured evaluation to identify, analyze, and mitigate potential ethical, legal, and societal impacts of an AI system before deployment.
Implicit Bias
Unconscious or unintentional biases embedded in training data or model design that can lead to discriminatory outcomes.
Incentive Alignment
The design of reward structures and objectives so that AI systems’ goals remain consistent with human values and organizational priorities.
Inductive Bias
The set of assumptions a learning algorithm uses to generalize from observed data to unseen instances.
Inference
The process by which a trained AI model processes new data inputs to produce predictions or decisions.
Inference Engine
The component of an AI system (often in rule-based or expert systems) that applies a knowledge base to input data to draw conclusions.
Information Governance
The policies, procedures, and controls that ensure data quality, privacy, and usability across an organization’s data assets, including AI training datasets.
Information Privacy
The right of individuals to control how their personal data are collected, used, stored, and shared by AI systems.
Infrastructure as Code (IaC)
Managing and provisioning AI infrastructure (compute, storage, networking) through machine-readable configuration files, improving repeatability and auditability.
Interoperability
The ability of diverse AI systems and components to exchange, understand, and use information seamlessly, often via open standards or APIs.
Interpretability
The degree to which a human can understand the internal mechanics or decision rationale of an AI model.
Intrusion Detection
Monitoring AI infrastructure and applications for malicious activity or policy violations, triggering alerts or automated responses.
Inherited Data Risk
The regulatory and ethical liability an organization assumes when using an AI system trained on data they did not collect or vet themselves.
Intake Workflow
The standardized process and series of checks that a new AI system must pass through before being built or procured.
Intent Validation
The process of verifying that an AI agent's planned sub-actions remain consistent with the original human-provided objective.
ISO/IEC 42001
The international standard specifying requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS).
ISO/IEC 42005
The international standard providing guidance on performing AI system impact assessments.
Implementing Acts
Secondary EU legislation adopted by the European Commission to set uniform conditions for implementing primary legislation, with binding legal effect across all Member States.
J
Jacobian Matrix
In AI explainability, the matrix of all first-order partial derivatives of a model’s outputs w.r.t. its inputs, used to assess sensitivity and feature importance.
Jailbreak Attack
A type of prompt‐injection where users exploit vulnerabilities to bypass safeguards in generative AI models, potentially leading to unsafe or unauthorized outputs.
Joint Liability
Legal principle where multiple parties (e.g., developers, deployers) share responsibility for AI‐related harms, influencing contract and governance structures.
Joint Modeling
Building AI systems that jointly learn multiple tasks (e.g., speech recognition + translation), with governance needed for complexity and auditability.
Judgment Bias
Systematic errors in human or AI decision‐making processes caused by cognitive shortcuts or flawed data, requiring bias audits and mitigation.
Judicial Review
The legal process by which courts evaluate the lawfulness of decisions made or assisted by AI, ensuring accountability and due process.
Jurisdiction
The legal authority over data, AI operations, and liability, which varies by geography and impacts compliance with regional regulations (e.g., GDPR, CCPA).
Juror Automation
The use of AI to assist in jury selection or case analysis, raising ethical concerns around fairness, transparency, and legal oversight.
Justice Metrics
Quantitative measures (e.g., disparate impact, equal opportunity) used to assess fairness and nondiscrimination in AI decision‐making.
Japan Act on Promotion of AI
A Japanese law (enacted 2025) establishing basic principles for AI promotion and risk mitigation.
K
Key Performance Indicator
A quantifiable metric (e.g., model accuracy drift, bias remediation time) used to monitor and report on AI governance and compliance objectives.
Key Risk Indicator
A leading metric (e.g., frequency of out-of-scope predictions, rate of unexplainable decisions) that signals emerging AI risks before they materialize.
Know Your Customer (KYC)
Compliance processes to verify the identity, risk profile and legitimacy of individuals or entities interacting with AI systems, especially in regulated industries.
Knowledge Distillation
A method of transferring insight from a larger “teacher” model into a smaller “student” model, balancing performance with resource and governance constraints.
Knowledge Graph
A structured representation of entities and their relationships used to improve AI explainability, auditability and alignment with domain ontologies.
Knowledge Management
Practices and tools for capturing, organizing and sharing organizational knowledge (e.g., model documentation, audit logs) to ensure reproducibility and oversight.
L
Label Leakage
The inadvertent inclusion of output information in training data labels, which can inflate performance metrics and conceal true model generalization issues.
Large Language Model
A deep learning model trained on vast text corpora that can perform tasks like text generation, translation, and summarization, often requiring governance around bias and misuse.
Least Privilege
A security principle where AI components and users are granted only the minimal access rights necessary to perform their functions, reducing risk of misuse.
Legal Compliance
The practice of ensuring AI systems adhere to applicable laws, regulations, and industry standards throughout their entire lifecycle.
Liability Framework
A structured approach defining who is responsible for AI-related harms or failures, including developers, deployers, and operators.
Lifecycle Management
The coordinated processes for development, deployment, monitoring, maintenance, and retirement of AI systems to ensure ongoing compliance and risk control.
Liveness Detection
Techniques used to verify that an input (e.g., biometric) originates from a live subject rather than a spoof or replay, enhancing system security and integrity.
Localization
Adapting AI systems to local languages, regulations, cultural norms, and data residency requirements in different jurisdictions.
Log Management
The collection, storage, and analysis of system and application logs from AI workflows to support auditing, incident response, and model performance tracking.
Loss Function
A mathematical function that quantifies the difference between predicted outputs and true values, guiding model training and optimization.
Least Agency
A security and governance principle stating that AI agents should only be granted the minimum level of autonomy and tool-access necessary to complete a specific task.
M
Meaningful Human Control
A regulatory and operational standard ensuring that humans retain the ability to oversee, intervene in, and override AI decision-making processes.
Metadata Management
The practice of capturing and maintaining descriptive data (e.g., data provenance, feature definitions, model parameters) to support traceability and audits.
Metrics & KPIs
Quantitative measures (e.g., accuracy drift, fairness scores, incident response time) used to monitor AI system health, risk, and compliance objectives.
Mitigation Strategies
Planned actions (e.g., bias remediation, retraining, feature re-engineering) to address identified AI risks and compliance gaps.
Model Explainability
Techniques and documentation that make an AI model’s decision logic understandable to stakeholders and auditors.
Model Governance
The policies, roles, and controls that ensure AI models are developed, approved, and used in line with organizational standards and regulatory requirements.
Model Monitoring
Continuous tracking of an AI model’s performance, data drift, and operational metrics to detect degradation or emerging risks.
Model Retraining
The process of updating an AI model with new or refreshed data to maintain performance and compliance as data distributions evolve.
Model Risk Management
The structured process of identifying, assessing, and mitigating risks arising from AI/ML models throughout their lifecycle.
Model Validation
The evaluation activities (e.g., testing against hold-out data, stress scenarios) that confirm an AI model meets its intended purpose and performance criteria.
Multi-Stakeholder Engagement
Involving diverse groups (e.g., legal, ethics, operations, end users) in AI governance processes to ensure balanced risk oversight and alignment with business goals.
Market Surveillance Authority
The national regulatory body in each EU member state responsible for monitoring AI systems to ensure they comply with the EU AI Act.
MAS FEAT Principles
The Monetary Authority of Singapore's principles for Fairness, Ethics, Accountability, and Transparency (FEAT) in the use of AI in finance.
Mexico Federal Law on AI and Algorithms
A draft Mexican federal law on AI and algorithms proposing a risk-based classification system, the National AI Commission (CONAIA), and watermarking requirements for AI-generated content.
Minnesota CDPA (AI Provisions)
The AI-specific components of the Minnesota Consumer Data Privacy Act.
Model Card
A short, standardized document providing essential information about a machine learning model's performance, limitations, and intended use cases.
Model Disgorgement
A regulatory remedy requiring a company to delete AI models or algorithms that were developed using improperly or unlawfully acquired data.
Model Drift
The degradation of an AI model's predictive performance over time due to changes in real-world data or the environment.
N
NIST AI Risk Management Framework
A voluntary guidance from the U.S. National Institute of Standards and Technology outlining best practices for mitigating risks across AI system lifecycles.
Natural Language Processing (NLP)
Techniques and tools that enable machines to interpret, generate, and analyze human language in text or speech form.
Network Security
Measures and controls (e.g., segmentation, firewalls, intrusion detection) to protect AI infrastructure and data pipelines from unauthorized access or tampering.
Neural Architecture Search
Automated methods for designing and optimizing neural network structures to improve model performance while balancing complexity and resource constraints.
Noise Injection
Deliberate introduction of random perturbations into training data or model parameters to enhance robustness and guard against adversarial manipulation.
Novelty Detection
Techniques for identifying inputs or scenarios that differ significantly from training data, triggering review or safe-mode operation to prevent unexpected failures.
NIST AI RMF Profiles
Context-specific implementations of the NIST AI Risk Management Framework tailored to particular industries, technologies, or risk types.
Non-Human Identity (NHI)
A digital credential used by an AI agent, bot, or service to authenticate and interact with enterprise systems.
Notified Body
An independent third-party organization designated by an EU member state to assess the conformity of certain high-risk AI systems under the EU AI Act.
NYC Local Law 144
A New York City law requiring annual bias audits for AI tools used in employment decisions.
O
Observability
The capability to infer an AI system’s internal state and behavior through collection and analysis of logs, metrics, and outputs for effective monitoring and troubleshooting.
Ongoing Monitoring
Continuous tracking of AI system performance, data drift, bias metrics, and security events to detect and address emerging risks over time.
Opacity
The absence of transparency in how an AI model arrives at decisions or predictions, posing challenges for trust and regulatory compliance.
Operational Resilience
The ability of AI systems and their supporting infrastructure to anticipate, withstand, recover from, and adapt to disruptions or adverse events.
Orchestration
The automated coordination of AI workflows and services - data ingestion, model training, deployment - ensuring compliance with policies and resource governance.
Outlier Detection
Techniques to identify data points or model predictions that deviate significantly from expected patterns, triggering review or mitigation actions.
Overfitting
A modeling issue where an AI system learns noise or idiosyncrasies in training data, reducing its ability to generalize to new, unseen data.
Oversight
The structured process of review, approval, and accountability for AI development and deployment, typically involving cross-functional governance bodies.
Ownership
The clear assignment of responsibility and authority over AI assets - data, models, processes - to ensure accountability throughout the system lifecycle.
OMB Memorandum M-25-21
A federal directive specifying AI governance and risk management requirements for US government agencies.
Operational Autonomy
The ability of an AI system to perform multi-step tasks and make decisions without human intervention at each stage.
Output Risk
The operational, legal, and reputational danger arising from the use of incorrect, biased, or harmful content generated by an AI system.
OWASP Agentic Top 10
A formal taxonomy of the ten most critical security risks specific to autonomous AI agents and their application environments.
P
Permissioning
The management of user and system access rights to AI data and functions, ensuring least-privilege and preventing unauthorized use.
Pilot Testing
A limited-scope trial of an AI system in a controlled environment to assess performance, risks, and governance controls before full-scale deployment.
Policy Enforcement
The automated or manual mechanisms that ensure AI operations adhere to organizational policies, regulatory rules, and ethical guidelines.
Post-Deployment Monitoring
Ongoing observation of AI system behavior and environment after release to detect degradation, drift, or compliance breaches.
Predictive Maintenance
AI-driven monitoring and analysis to forecast component or system failures, ensuring operational resilience and risk mitigation in critical environments.
Privacy Impact Assessment
A structured analysis to identify and mitigate privacy risks associated with AI systems, covering data collection, use, sharing, and retention.
Privacy by Design
An approach that embeds data protection and user privacy considerations into AI system architecture and processes from the outset.
Process Automation
Use of AI and workflow tools to streamline governance, compliance checks, and risk mitigation activities, reducing manual effort and error.
Presumption of Conformity
A legal mechanism under EU AI Act and other regimes whereby compliance with a harmonized standard (e.g., a published EN standard) provides a rebuttable assumption that the underlying regulation is satisfied.
Parametric Knowledge
The information learned by an AI model during its training process and stored within its weights and parameters.
Paved Road Governance
A strategy that encourages compliance by making sanctioned, secure workflows easier to follow than unsanctioned alternatives.
PRA SS1/23 (Model Risk Management)
The UK Prudential Regulation Authority's statement on model risk management for banks and insurers.
Probabilistic System
A system where outputs are based on statistical likelihood rather than deterministic, fixed logic.
Q
Qualitative Assessment
The subjective review of AI system behaviors, decisions, and documentation by experts to identify ethical, legal, or reputational concerns not captured quantitatively.
Quality Assurance
The systematic processes and checks to ensure AI models and data pipelines meet defined standards for accuracy, reliability, and ethical compliance.
Quality Control
The ongoing verification of AI outputs and processes against benchmarks and test cases to catch defects, bias incidents, or policy violations.
Quantitative Risk Assessment
A data-driven evaluation of potential AI threats, estimating likelihoods and impacts numerically to prioritize mitigation efforts.
Quantum Computing
The emerging computational paradigm that leverages quantum mechanics, posing new governance challenges around security, standardization, and risk.
Query Logging
The practice of recording AI system inputs and user queries to enable audit trails, detect misuse, and support accountability.
Query Privacy
Techniques and policies to protect sensitive information in user queries, ensuring that logged inputs do not compromise personal or proprietary data.
Questionnaire Framework
A structured set of governance-focused questions used during design, procurement, or deployment to ensure AI systems align with policy requirements.
Quorum for Governance Board
The minimum number of governance committee members required to be present to make official decisions on AI risk, policy approvals, or audit outcomes.
Quota Management
The controls and limits placed on AI resource usage (e.g., API calls, compute time) to enforce governance policies and prevent runaway costs or abuse.
R
Recourse
Mechanisms that allow affected individuals to challenge or seek remedy for AI-driven decisions that impact their rights or interests.
Red Teaming
A proactive testing approach where internal or external experts simulate attacks or misuse scenarios to uncover vulnerabilities in AI systems.
Regulatory Compliance
Ensuring AI systems adhere to applicable laws, regulations, and industry standards (e.g., GDPR, FDA, financial oversight) throughout their operation.
Reproducibility
The capacity to consistently regenerate AI model results using the same data, code, and configurations, ensuring transparency and auditability.
Responsibility Assignment Matrix
A tool (e.g., RACI) that clarifies roles and accountabilities for each governance activity - who’s Responsible, Accountable, Consulted, and Informed.
Responsible AI
The practice of designing, developing, and deploying AI systems in ways that are ethical, transparent, and accountable to stakeholders and society.
Risk Assessment
The process of identifying, analyzing, and prioritizing potential harms or failures in AI systems to determine appropriate mitigation strategies.
Risk Management Framework
A structured set of guidelines and processes for systematically addressing AI risks across the system lifecycle, from design through retirement.
Robustness
The ability of an AI system to maintain reliable performance under a variety of challenging or adversarial conditions.
Root Cause Analysis
A structured investigation to determine the underlying reasons for AI system failures or unexpected behaviors, guiding corrective actions.
Reasoning Chain
The multi-step logical process an AI agent follows to move from an initial objective to a final action or output.
S
Sanctioned Use Policy
Defined rules and controls that specify approved contexts, users, and purposes for AI system operation to prevent misuse.
Security by Design
Integrating security controls and best practices into AI systems from the earliest design phases to prevent vulnerabilities and data breaches.
Shadow AI
The unsanctioned use of AI models, agents, or tools by employees without IT approval, creating hidden security vulnerabilities through data leakage and unauthorized autonomous actions.
Societal Impact Assessment
A structured evaluation of how an AI system affects social, economic, and cultural aspects of communities, identifying potential harms and benefits.
Software Development Lifecycle
The end-to-end process (requirements, design, build, test, deploy, monitor) for AI applications, incorporating governance and compliance checks at each stage.
Stakeholder Engagement
The process of involving affected parties (e.g., users, regulators, impacted communities) in AI development and oversight to ensure diverse perspectives and buy-in.
Surveillance Risk
The threat that AI systems may be exploited for invasive monitoring of individuals or groups, infringing on privacy and civil liberties.
Synthetic Data
Artificially generated datasets that mimic real data distributions, used to augment training sets while protecting privacy.
Shadow Agents
Unsanctioned autonomous AI agents deployed within an organization without governance team awareness, capable of taking actions that affect business systems and external parties.
Singapore Model AI Governance Framework
A voluntary guidance framework from Singapore's IMDA and PDPC for responsible AI deployment.
South Korea AI Basic Act
South Korea's comprehensive legal framework for AI development and trust.
SR 11-7 (Model Risk Management)
The foundational US Federal Reserve guidance for managing risks associated with the use of models in banking.
Statement of Applicability (SoA)
A document that identifies which ISO 42001 Annex A controls are relevant to an organization's AI Management System and explains why others were excluded.
Substantial Modification
A change to an AI system after it has been placed on the market that affects its compliance or intended purpose under the EU AI Act.
System of Record
The authoritative data source for a given data element or piece of information within an organization.
Systemic Risk Threshold
The technical or capability-based limit (e.g., 10^25 FLOPs) that classifies a General-Purpose AI model as posing a high level of risk to society.
T
Tail Risk
The potential for rare, extreme outcomes in AI behavior or decision-making that fall outside normal expectations and require special mitigation planning.
Testing & Validation
The systematic process of evaluating AI models against benchmarks, edge cases, and stress conditions to ensure they meet performance, safety, and compliance criteria.
Third-Party Risk
The exposure arising from reliance on external data providers, model vendors, or service platforms that may introduce compliance or security vulnerabilities.
Threshold Setting
Defining boundaries or cut-off values in AI decision rules (e.g., confidence scores) to balance risks like false positives versus false negatives.
Traceability
The ability to track and document each step in the AI lifecycle - from data collection through model development to deployment - to support auditing and forensics.
Training Dataset
The curated collection of labeled or unlabeled data used to teach an AI model the relationships and patterns it must learn to perform its task.
Transfer Learning
A technique where a model developed for one task is adapted for a related task, reducing development time but requiring governance of inherited biases.
Transparency
The practice of making AI system processes, decision logic, and data usage clear and understandable to stakeholders for accountability.
Trustworthy AI
AI systems designed and operated in a manner that is ethical, reliable, safe, and aligned with human values and societal norms.
Trilogue
The informal three-way negotiation between the European Commission, the Council of the European Union, and the European Parliament used to reach political agreement on EU legislation before formal adoption.
U
Underfitting
A modeling issue where an AI system is too simple to capture underlying data patterns, resulting in poor performance on both training and new data.
Uniformity
Ensuring consistent application of policies, controls, and standards across all AI systems to avoid governance gaps or uneven risk management.
Unsupervised Learning
A machine learning approach where models identify patterns or groupings in unlabeled data without explicit outcome guidance.
Uptime Monitoring
Continuous tracking of AI system availability and performance to detect outages or degradation that could impact critical operations or compliance obligations.
Use Case Governance
The practice of defining, approving, and monitoring specific AI use cases to ensure each aligns with organizational policies, ethical standards, and risk appetite.
User Consent
The process of obtaining and recording explicit permission from individuals before collecting, processing, or using their personal data in AI systems.
Utility
A measure of how valuable or effective an AI system is in achieving its intended objectives, balanced against any associated risks or resource costs.
UK AI Opportunities Action Plan
The UK government's strategic roadmap for maximizing AI benefits while establishing targeted, binding safety rules.
V
Validation
The process of confirming that an AI model performs accurately and reliably on intended tasks and meets defined performance criteria.
Variance Monitoring
Tracking fluctuations in AI model outputs or performance metrics over time to detect drift and infer potential degradation or risk.
Vendor Risk Management
Assessing and monitoring third-party suppliers of AI components or services to identify and mitigate potential compliance, security, or ethical risks.
Version Control
The practice of managing and tracking changes to AI code, models, and datasets over time to ensure reproducibility and auditability.
Veto Authority
The formal right held by a governance body or stakeholder to block or require changes to AI deployments that pose unacceptable risks.
Vigilance Monitoring
Continuous surveillance of AI behavior and external signals (e.g., regulatory updates) to promptly identify and respond to emerging risks or non-compliance.
Vision AI Oversight
The governance processes specific to computer vision systems, ensuring data quality, bias checks, and transparency in image/video-based decision-making.
Vulnerability Assessment
Identifying, analyzing, and prioritizing security weaknesses in AI infrastructure and applications to guide remediation efforts.
Version Pinning
The practice of locking an AI system to a specific, tested version of a foundation model to prevent silent updates from changing system behavior.
W
Watchdog Monitoring
Independent runtime checks that observe AI decisions and trigger alerts or interventions when policies or thresholds are violated.
Weight Auditing
Examining model weights and structures for anomalies, backdoors, or biases that could indicate tampering or unintended behaviors.
White-Box Testing
Assessing AI systems with full knowledge of internal workings (code, parameters, architecture) to verify correctness, security, and compliance.
Whitelist/Blacklist Policy
Governance rule defining allowed (whitelist) and disallowed (blacklist) inputs, features, or operations to enforce compliance and prevent misuse.
Whitelisting
Allowing only pre-approved data sources, libraries, or model components in AI pipelines to reduce risk from unvetted or malicious elements.
Workflow Orchestration
Automating and sequencing AI lifecycle tasks (data ingestion, training, validation, deployment) to enforce governance policies and ensure consistency.
Workload Segregation
Separating AI compute environments (e.g., dev, test, prod) and data domains to limit blast radius of failures or security breaches.
Worst-Case Analysis
Evaluating the most extreme potential failures or abuses of an AI system to inform robust risk mitigation and contingency planning.
Write-Once Read-Many (WORM) Storage
Immutable storage ensuring logs, audit trails, and model artifacts cannot be altered once written, supporting non-repudiation and forensic review.
Watermarking
The practice of embedding detectable, machine-readable provenance markers in AI-generated output, such as images, audio, video, and synthetic text, so downstream consumers and platforms can identify content as AI-generated.
X
X-Validation
A model validation technique (often abbreviated “X-Val”) that partitions data into folds to rigorously assess model generalization and detect overfitting.
XAI (Explainable AI)
Techniques and methods that make an AI model’s decision process transparent and understandable to humans, supporting accountability and compliance.
XAI Audit
A review process that evaluates whether AI explainability outputs meet internal policies and regulatory requirements, ensuring sufficient transparency.
XAI Framework
A structured approach or set of guidelines that organizations use to implement, measure, and govern explainability practices across their AI systems.
XAI Metrics
Quantitative or qualitative measures (e.g., feature importance scores, explanation fidelity) used to assess the quality and reliability of AI explanations.
Y
YARA Rules
A set of signature-based detection patterns used to scan AI pipelines and artifacts for known malicious code or tampering.
Yearly Compliance Review
An annual evaluation of AI governance processes, policies, and systems to ensure continued alignment with regulations and internal standards.
Z
Zero Defect Tolerance
A governance principle aiming for no errors or policy violations in AI outputs, supported by rigorous testing, monitoring, and continuous improvement cycles.
Zero-Day Vulnerability
A previously unknown security flaw in AI software or infrastructure that can be exploited before a patch or mitigation is available.
Zero-Shot Learning
A model capability to correctly handle tasks or classify data it was never explicitly trained on by leveraging generalized knowledge representations.
Zone-Based Access Control
A network or data governance approach that divides resources into zones with distinct policies, restricting AI system access according to data sensitivity.
Whitepaper
All
AI Regulations
Podcasts
Product Updates
Press Coverage
Glossary
A
AI Accountability
The obligation of AI system developers and operators to ensure their systems are designed and used responsibly, adhering to ethical standards and legal requirements.
AI Alignment
The process of ensuring AI systems' goals and behaviors are aligned with human values and intentions.
AI Auditing
The systematic evaluation of AI systems to assess compliance with ethical standards, regulations, and performance metrics.
AI Bias
Systematic errors in AI outputs resulting from prejudiced training data or flawed algorithms, leading to unfair outcomes.
AI Compliance
The adherence of AI systems to applicable laws, regulations, and ethical guidelines throughout their lifecycle.
AI Ethics
The field concerned with the moral implications and responsibilities associated with the development and deployment of AI technologies.
AI Explainability
The extent to which the internal mechanics of an AI system can be understood and interpreted by humans.
AI Governance
The framework of policies, processes, and controls that guide the ethical and effective development and use of AI systems.
AI Inventory
A comprehensive, centralized catalog of all AI systems, models, and agents in use across an organization, tracking their business purpose, risk level, and ownership.
AI Literacy
The understanding of AI concepts, capabilities, and limitations, enabling informed interaction with AI technologies.
AI Monitoring
The continuous observation and analysis of AI system performance to ensure reliability, safety, and compliance.
AI Risk
The potential for AI systems to cause harm or unintended consequences, including ethical, legal, and operational risks.
AI Risk Management
The process of identifying, assessing, and mitigating risks associated with AI systems.
AI TRiSM
An acronym coined by Gartner standing for AI Trust, Risk, and Security Management; a framework that unifies governance, trustworthiness, and security into a single operational strategy.
AI Transparency
The principle that AI systems should be open and clear about their operations, decisions, and data usage.
Accuracy
The degree to which an AI system's outputs correctly reflect real-world data or intended outcomes.
Adversarial Attack
Techniques that manipulate AI models by introducing deceptive inputs to cause incorrect outputs.
Agentic AI
A class of artificial intelligence systems designed to autonomously pursue complex goals and execute multi-step actions (such as software deployment or financial transactions) with minimal human intervention.
Agentic AI Governance
The governance of autonomous AI systems capable of executing independent actions (e.g., transactions, code deployment) distinct from Predictive AI (which provides insights) and Generative AI (which creates content).
Algorithm
A set of rules or instructions given to an AI system to help it learn on its own.
Algorithmic Bias
Bias that occurs when an algorithm produces results that are systemically prejudiced due to erroneous assumptions in the machine learning process.
Algorithmic Governance
The use of algorithms to manage and regulate societal functions, potentially impacting decision-making processes.
Artificial General Intelligence
A type of AI that possesses the ability to understand, learn, and apply knowledge in a generalized way, similar to human intelligence.
Artificial Intelligence
The simulation of human intelligence processes by machines, especially computer systems, including learning, reasoning, and self-correction.
Agent Fabric
An integrated runtime substrate that hosts, orchestrates, and governs multiple AI agents alongside the models, tools, and data they depend on.
Agent Mesh
A networked topology in which AI agents discover, communicate with, and delegate work to one another through a shared infrastructure layer.
AI Assistant
A conversational AI system designed to help users complete tasks through natural language interaction, typically powered by a large language model.
AI Bill of Materials (AIBOM)
A structured inventory listing the components that make up an AI system, including foundation models, training datasets, libraries, and dependencies - the AI equivalent of a Software Bill of Materials (SBOM).
AI Footprint
The total set of AI systems, models, agents, and embedded AI features in use across an organization at any given time, including sanctioned and shadow systems.
AI Sprawl
The uncontrolled expansion of AI systems across an organization, typically driven by easy access to AI tools and a lack of effective intake and inventory processes.
Article 25 (EU AI Act)
The EU AI Act provision creating a direct obligation chain between providers and deployers of high-risk AI systems, including responsibility transfer when systems are substantially modified.
Article 50 (EU AI Act)
The EU AI Act provision setting transparency obligations for AI systems that interact with people, generate synthetic content, or produce deepfakes.
Acceptable Use Policy (AUP)
A set of rules applied by an organization that outlines the permitted and prohibited ways employees may interact with company-provided AI tools.
Accredited Certification
A certificate issued by a certification body that has been formally recognized by a national accreditation body (like ANAB or UKAS) as competent to audit against a specific standard.
Action Preview
A governance requirement where an AI agent must display exactly what an irreversible operation will do before a human provides final approval.
Action Whitelisting
A security and governance control that specifies the only permitted tools, APIs, and actions an AI agent is allowed to execute.
Agent Goal Hijack (ASI01)
A vulnerability where an attacker manipulates an agent's objectives or decision pathways to redirect its autonomous behavior toward unintended outcomes.
Agentic Policy Engine
A runtime software component that intercepts agent actions and evaluates them against a set of deterministic governance rules before execution.
AI Governance for Financial Services
The specialized application of AI risk management frameworks to meet the rigorous prudential and conduct requirements of the banking and insurance sectors.
AI Governance Software
Specialized enterprise tools used to automate the inventory, risk assessment, and regulatory compliance of artificial intelligence systems.
EU AI Liability Directive
A proposed EU directive aimed at simplifying the process for claimants to seek damages caused by AI systems by introducing a rebuttable presumption of causality.
Artificial Intelligence Management System (AIMS)
A set of interrelated or interacting elements of an organization to establish policies, objectives, and processes for the responsible development or use of AI.
AI System Impact Assessment
A formal process to evaluate the potential consequences of an AI system's deployment on individuals, groups, and society at large.
Artificial Intelligence and Data Act (AIDA)
Canada's federal regulatory framework (part of Bill C-27) aimed at ensuring high-impact AI systems are developed and used safely and without bias.
Amnesty Program
A time-limited governance initiative where employees are invited to disclose unsanctioned AI tool usage without fear of disciplinary action.
Annex I Products
A list of products already regulated by EU health and safety law (e.g., machinery, medical devices) where AI integrated under the EU AI Act is automatically classified as high-risk.
Annex III Categories
A specific list of high-risk AI application areas defined by the EU AI Act that trigger mandatory compliance obligations.
API Traffic Analysis
The technical process of monitoring and inspecting network calls made to external AI service providers.
Article 6(3) Exception
A self-determination mechanism under the EU AI Act allowing providers to classify an Annex III AI system as not high-risk if it poses no significant harm.
Australia Safe & Responsible AI Policy
The Australian federal policy governing the use of AI within the public service and government agencies.
Automated AI Governance
The use of software and API integrations to perform continuous, real-time compliance checks and risk monitoring without manual intervention.
B
Backpropagation
A training algorithm used in neural networks that adjusts weights by propagating errors backward from the output layer to minimize loss.
Batch Learning
A machine learning approach where the model is trained on the entire dataset at once, as opposed to incremental learning.
Benchmarking
The process of comparing AI system performance against standard metrics or other systems to assess effectiveness.
Bias
Systematic errors in AI outputs resulting from prejudiced training data or flawed algorithms, leading to unfair outcomes.
Bias Amplification
The phenomenon where AI systems exacerbate existing biases present in the training data, leading to increasingly skewed outcomes.
Bias Audit
An evaluation process to detect and mitigate biases in AI systems, ensuring fairness and compliance with ethical standards.
Bias Detection
The process of identifying biases in AI models by analyzing their outputs and decision-making processes.
Bias Mitigation
Techniques applied during AI development to reduce or eliminate biases in models and datasets.
Black Box Model
An AI system whose internal workings are not transparent or interpretable, making it difficult to understand how decisions are made.
Bot
A software application that performs automated tasks, often used in AI for tasks like customer service or data collection.
Brussels Effect
The phenomenon whereby EU regulation becomes the global default through market access requirements, even for organizations headquartered outside the EU.
Brazil AI Bill (PL 2338/2023)
Brazil's primary legislative effort to establish a national framework for AI rights and governance.
C
Causal Inference
A method in AI and statistics used to determine cause-and-effect relationships, helping to understand the impact of interventions or changes in variables.
Chatbot
An AI-powered software application designed to simulate human conversation, often used in customer service and information acquisition.
Classification
A supervised learning technique in machine learning where the model predicts the category or class label of new observations based on training data.
Cognitive Bias
Systematic patterns of deviation from norm or rationality in judgment, which can influence AI decision-making if present in training data.
Cognitive Computing
A subset of AI that simulates human thought processes in a computerized model, aiming to solve complex problems without human assistance.
Cognitive Load
The total amount of mental effort being used in the working memory, considered in AI to design systems that do not overwhelm users.
Compliance Framework
A structured set of guidelines and best practices that organizations follow to ensure their AI systems meet regulatory and ethical standards.
Compliance Risk
The potential for legal or regulatory sanctions, financial loss, or reputational damage an organization faces when it fails to comply with laws, regulations, or prescribed practices.
Computer Vision
A field of AI that trains computers to interpret and process visual information from the world, such as images and videos.
Concept Drift
The change in the statistical properties of the target variable, which the model is trying to predict, over time, leading to model degradation.
Confidence Interval
A range of values, derived from sample statistics, that is likely to contain the value of an unknown population parameter, used in AI to express uncertainty.
Conformity Assessment
A process to determine whether an AI system meets specified requirements, standards, or regulations, often involving testing and certification.
Continuous Learning
An AI system's ability to continuously learn and adapt from new data inputs without human intervention, improving over time.
Controllability
The extent to which humans can direct, influence, or override the decisions and behaviors of an AI system.
Cross-Validation
A model validation technique for assessing how the results of a statistical analysis will generalize to an independent dataset.
Cybersecurity
The practice of protecting systems, networks, and programs from digital attacks, crucial in safeguarding AI systems against threats.
COREPER Mandate
The negotiating authority granted by EU member state ambassadors (Committee of Permanent Representatives) to the rotating Council Presidency for trilogue negotiations on EU legislation.
California AB 1008
An amendment to the CCPA clarifying that personal information includes data generated or output by AI systems.
California AB 3030
A California law requiring transparency when Generative AI is used to communicate with patients in a healthcare setting.
California ADMT Regulations
Rules under the California Consumer Privacy Act (CCPA) governing Automated Decision-Making Technology (ADMT).
California FEHA AI Regulations
State regulations under the Fair Employment and Housing Act (FEHA) targeting AI-driven discrimination in the workplace.
California AI Transparency Act (SB 942)
Legislation requiring large providers of generative AI systems to provide detection tools and embed latent and manifest disclosures in AI-generated content.
Cascading Failure (ASI08)
A failure mode where an error or malicious input in one AI agent's reasoning triggers a chain reaction of failures across multiple connected agents or systems.
CE Marking
A mandatory certification mark that indicates an AI system's conformity with health, safety, and environmental protection standards for products sold within the EEA.
Change Notification Window
A contractual period during which a vendor must inform a customer of material updates to an AI model before those updates are deployed in production.
China Interim GenAI Measures
Regulatory requirements for generative AI services provided to the Chinese public.
Council of Europe AI Convention
The first legally binding international treaty on AI, focusing on the protection of human rights, democracy, and the rule of law.
Colorado AI Act (SB24-205)
The first broad U.S. state law requiring developers and deployers of high-risk AI systems to implement duty of care standards and conduct annual impact assessments.
Internal Control (Conformity Assessment)
A process under the EU AI Act where a provider self-verifies that their high-risk AI system meets all regulatory requirements without requiring a third-party audit.
Cryptographic Agent Identity
A verifiable digital credential (often a Decentralized Identifier or DID) that uniquely identifies an AI agent and its authority level.
D
Data Drift
The change in model input data over time, which can lead to model performance degradation if not monitored and addressed.
Data Ethics
The branch of ethics that evaluates data practices with respect to the moral obligations of gathering, protecting, and using personally identifiable information.
Data Governance
The overall management of data availability, usability, integrity, and security in an enterprise, ensuring that data is handled properly throughout its lifecycle.
Data Lifecycle Management
The policy-based management of data flow throughout its lifecycle: from creation and initial storage to the time it becomes obsolete and is deleted.
Data Minimization
The principle of collecting only the data that is necessary for a specific purpose, reducing the risk of misuse or breach.
Data Privacy
The aspect of information technology that deals with the ability to control what data is shared and with whom, ensuring personal data is handled appropriately.
Data Protection
The process of safeguarding important information from corruption, compromise, or loss, ensuring compliance with data protection laws and regulations.
Data Quality
The condition of data based on factors such as accuracy, completeness, reliability, and relevance, crucial for effective AI model performance.
Data Residency
The physical or geographic location of an organization's data, which can have implications for compliance with data protection laws.
Data Sovereignty
The concept that data is subject to the laws and governance structures within the nation it is collected, stored, or processed.
Data Subject
An individual whose personal data is collected, held, or processed, particularly relevant in the context of data protection laws like GDPR.
De-identification
The process of removing or obscuring personal identifiers from data sets, making it difficult to identify individuals, used to protect privacy.
Deep Learning
A subset of machine learning involving neural networks with multiple layers, enabling the modeling of complex patterns in data.
Deepfake
Synthetic media in which a person in an existing image or video is replaced with someone else's likeness, created using deep learning techniques.
Differential Privacy
A system for publicly sharing information about a dataset by describing patterns of groups within the dataset while withholding information about individuals.
Discrimination
In AI, refers to unfair treatment of individuals or groups based on biases in data or algorithms, leading to unequal outcomes.
Distributed Learning
A machine learning approach where training data is distributed across multiple devices or locations, and models are trained collaboratively without sharing raw data.
Domain Adaptation
A technique in machine learning where a model trained in one domain is adapted to work in a different but related domain.
Dynamic Risk Assessment
The continuous process of identifying and evaluating risks in real-time, allowing for timely responses to emerging threats in AI systems.
Data Ingestion Risk
The danger that sensitive or proprietary information will be permanently absorbed into an AI model's training set during a user's interaction.
Data Provenance
A documented record of the origin, ownership, and lifecycle of a dataset used to train or fine-tune an AI model.
EU Digital Omnibus on AI
A 2025/2026 legislative package designed to streamline and harmonize technical standards, conformity assessments, and enforcement timelines across the EU AI Act and related digital safety laws.
Dual-Use Foundation Model
An AI model that is trained on a vast amount of data and has high-level performance that could be used for both civilian and harmful or military purposes.
E
Edge AI
The deployment of AI algorithms on edge devices, enabling data processing and decision-making at the source of data generation.
Edge Analytics
The analysis of data at the edge of the network, near the source of data generation, reducing latency and bandwidth usage.
Ensemble Learning
A machine learning paradigm where multiple models are trained and combined to solve the same problem, improving overall performance.
Entity Resolution
The process of identifying and linking records that refer to the same real-world entity across different datasets.
Enzai
An enterprise AI governance platform that enables organizations to inventory, assess, and control their AI systems, ensuring maxmize AI adoption while minimizing AI risk.
Ethical AI
The practice of designing, developing, and deploying AI systems in a manner that aligns with ethical principles and values, ensuring fairness, accountability, and transparency.
Ethical AI Auditing
The process of systematically evaluating AI systems to ensure they comply with ethical standards and do not cause harm.
Ethical AI Certification
A formal recognition that an AI system adheres to established ethical standards and guidelines.
Ethical AI Governance
The framework of policies, procedures, and practices that ensure AI systems are developed and used responsibly and ethically.
Ethical Frameworks
Structured sets of principles and guidelines designed to guide the ethical development and deployment of AI systems.
Ethical Hacking
The practice of intentionally probing systems for vulnerabilities to identify and fix security issues, ensuring the robustness of AI systems.
Ethical Impact Assessment
A systematic evaluation process to identify and address the ethical implications and potential societal impacts of AI systems before deployment.
Ethical Risk
The potential for an AI system to cause harm due to unethical behavior, including bias, discrimination, or violation of privacy.
Ethics Guidelines for Trustworthy AI
A set of guidelines developed by the European Commission's High-Level Expert Group on AI to promote trustworthy AI, focusing on human agency, technical robustness, privacy, transparency, diversity, societal well-being, and accountability.
Explainability Techniques
Methods used to interpret and understand the decisions made by AI models, such as LIME, SHAP, and saliency maps.
Explainability vs. Interpretability
While both aim to make AI decisions understandable, explainability focuses on the reasoning behind decisions, whereas interpretability relates to the transparency of the model's internal mechanics.
Explainable AI (XAI)
AI systems designed to provide human-understandable justifications for their decisions and actions, enhancing transparency and trust.
Explainable Machine Learning
Machine learning models designed to provide clear and understandable explanations for their predictions and decisions.
EU AI Office
The European Commission body established to oversee implementation and enforcement of the EU AI Act, particularly for general-purpose AI models with systemic risk.
EU Digital Omnibus
The European Union's broader 2025-2026 legislative simplification package addressing multiple digital regulations including the AI Act, GDPR provisions, the Cyber Resilience Act, and Data Act amendments.
Embedded AI
AI capabilities or features that are integrated directly into third-party software-as-a-service (SaaS) platforms or enterprise tools.
Escalation Logic
A set of predefined rules and triggers that force an AI agent to stop autonomous operation and hand control back to a human operator.
ESMA AI/ML Governance Expectations
Regulatory guidelines from the European Securities and Markets Authority regarding the use of AI and Machine Learning in financial markets.
EU AI Act
The world's first comprehensive horizontal legal framework for AI, establishing a risk-based classification system for systems deployed or used within the European Union.
EU AI Act Risk Classification
The mandatory process of assigning one of four risk levels (Unacceptable, High, Limited, Minimal) to an AI system under the EU AI Act.
Excessive Agency
A vulnerability where an AI system is granted too much autonomy, too many tools, or over-privileged access relative to its intended function.
Executive Order 14110
The Biden administration directive (signed October 2023, rescinded January 2025) that established U.S. national standards for AI safety, security, and privacy and created the U.S. AI Safety Institute at NIST.
EU AI Act High-Risk Categories
The two classifications of high-risk AI systems under the EU AI Act: standalone systems listed in Annex III (covering biometrics, critical infrastructure, employment, education, law enforcement, and other named uses), and AI embedded in regulated products listed in Annex I (covering medical devices, vehicles, machinery, and other regulated product categories).
F
Fairness
Ensuring AI systems produce unbiased, equitable outcomes across different individuals and groups, and mitigating discriminatory impacts.
Fairness Metrics
Quantitative measures (e.g., demographic parity, equalized odds) used to evaluate how fair an AI model’s predictions are across groups.
False Negative
When an AI model incorrectly predicts a negative class for an instance that is actually positive (Type II error).
False Positive
When an AI model incorrectly predicts a positive class for an instance that is actually negative (Type I error).
Fault Tolerance
The ability of an AI system to continue operating correctly even when some components fail or produce errors.
Feature Engineering
Creating, selecting or transforming raw dataset attributes into features that improve the performance of machine learning models.
Feature Extraction
The process of mapping raw data (e.g., text, images) into numerical representations (features) suitable for input into ML algorithms.
Feature Selection
Identifying and selecting the most relevant features for model training to reduce complexity and improve accuracy.
Federated Learning
A decentralized ML approach where models are trained across multiple devices or servers holding local data, without sharing raw data centrally.
Feedback Loop
A process where AI outputs are fed back as inputs, which can amplify model behavior - for better (reinforcement learning) or worse (bias reinforcement).
Fine-Tuning
Adapting a pre-trained AI model to a specific task or dataset by continuing training on new data, often improving task-specific performance.
Formal Verification
Mathematically proving that AI algorithms comply with specified correctness properties, often used in safety-critical systems.
Framework
A structured set of policies, processes, and tools guiding the governance, development, deployment, and monitoring of AI systems.
Fraud Detection
Using AI techniques (e.g., anomaly detection, pattern recognition) to identify and prevent fraudulent activities in finance, insurance, etc.
Functional Safety
Ensuring AI systems operate safely under all conditions, especially in industries like automotive or healthcare, often via redundancy and checks.
Fuzzy Logic
A logic system that handles reasoning with approximate, rather than binary true/false values - useful in control systems and uncertainty handling.
Federated AI Governance
A governance model where central policy and oversight are paired with distributed decision-making by business units or regional offices, balancing consistency with operational flexibility.
FS AI RMF (Financial Services AI Risk Management Framework)
The US Treasury's specialized AI risk management framework for financial services firms, published February 2026, adapting the NIST AI RMF for sector-specific obligations.
Fundamental Rights Impact Assessment (FRIA)
A mandatory evaluation under the EU AI Act for certain deployers to determine how the use of a high-risk AI system might impact civil liberties and human rights.
G
GDPR
The EU’s General Data Protection Regulation, establishing strict requirements for personal data collection, processing, and individual rights.
GPU
Specialized hardware accelerator for parallel computations, widely used to train and run large-scale AI models efficiently.
Gap Analysis
The process of comparing current AI governance practices against desired standards or regulations to identify areas needing improvement.
Generalization
An AI model’s ability to perform well on new, unseen data by capturing underlying patterns rather than memorizing training examples.
Generative AI
AI techniques (e.g., GANs, transformers) that create new content - text, images, or other media - often raising novel governance and IP concerns.
Global Model
A consolidated AI model trained on aggregated data from multiple sources, as opposed to localized or personalized models.
Governance
The set of policies, procedures, roles, and responsibilities that guide the ethical, legal, and effective development and deployment of AI systems.
Governance Body
A cross-functional group (e.g., legal, ethics, technical) tasked with overseeing AI governance policies and their execution within an organization.
Governance Framework
A structured model outlining how AI governance components (risk management, accountability, oversight) fit together to ensure compliance and ethical use.
Governance Maturity Model
A staged framework that assesses how advanced an organization’s AI governance practices are, from ad-hoc to optimized.
Governance Policy
A formal document that codifies rules, roles, and procedures for AI development and oversight within an organization.
Governance Scorecard
A dashboard or report card that tracks key metrics (e.g., bias incidents, compliance audits) to measure AI governance effectiveness over time.
Gradient Descent
An optimization algorithm that iteratively adjusts model parameters in the direction that minimally decreases the loss function.
Granular Consent
A data-privacy approach allowing individuals to grant or deny specific permissions for each type of data use, enhancing transparency and control.
Green AI
The practice of reducing the environmental impact of AI through energy-efficient algorithms and sustainable computing practices.
Grey Box Model
A model whose internal logic is partially transparent (some components interpretable, others opaque), balancing performance and explainability.
Ground Truth
The accurate, real-world data or labels used as a benchmark to train and evaluate AI model performance.
Guardrails
Predefined constraints or checks (technical and policy) embedded in AI systems to prevent unsafe or non-compliant behavior at runtime.
Guideline (Ethical AI)
A non-binding recommendation or best-practice document issued by organizations (e.g., IEEE, EU) to shape responsible AI development and deployment.
Goal Drift
A phenomenon where an AI agent's internal sub-goals or reasoning pathways gradually move away from the original human-provided objective.
GPAI Code of Practice
The detailed regulatory instrument outlining specific transparency, safety testing, and risk mitigation obligations for providers of General-Purpose AI (GPAI) models under the EU AI Act.
GPAI Model
A general-purpose artificial intelligence model capable of performing a wide range of distinct tasks and integrating into various applications.
H
Hallucination
When generative AI produces incorrect or fabricated information that appears plausible but has no basis in the training data.
Handling Missing Data
Techniques (e.g., imputation, deletion, modeling) for addressing gaps in datasets to maintain model integrity and fairness.
Hardware Accelerator
Specialized chips (e.g., GPUs, TPUs) designed to speed up AI computations, with implications for energy use and supply chain risk.
Harm Assessment
Evaluating potential negative impacts (physical, psychological, societal) of AI systems and defining mitigation strategies.
Harmonization
Aligning AI policies, standards, and regulations across jurisdictions to reduce conflicts and enable interoperability.
Hashing
The process of converting data into a fixed-size string of characters, used for data integrity checks and privacy-preserving record linkage.
Heterogeneous Data
Combining data of different types (text, image, sensor) or from multiple domains, which poses integration and governance challenges.
Heuristic
A rule-of-thumb or simplified decision-making strategy used to speed up AI processes, often trading optimality for efficiency.
Heuristic Evaluation
A usability inspection method where experts judge an AI system against established usability principles to identify potential issues.
High-Stakes AI
AI applications whose failures could cause significant harm (e.g., medical diagnosis, autonomous vehicles), requiring heightened governance and oversight.
Human Oversight
Mechanisms that allow designated individuals to monitor, intervene, or override AI system decisions to ensure ethical and legal compliance.
Human Rights Impact Assessment
A process to evaluate how AI systems affect fundamental rights (privacy, expression, non-discrimination) and identify mitigation measures.
Human-in-the-Loop
Involving human judgment within AI processes (training, validation, decision review) to improve accuracy and accountability.
Hybrid Model
AI systems combining multiple learning paradigms (e.g., symbolic and neural) to balance explainability and performance.
Hyperparameter
A configuration variable (e.g., learning rate, tree depth) set before model training that influences learning behavior and performance.
Hyperparameter Tuning
The process of searching for the optimal hyperparameter values (e.g., via grid search, Bayesian optimization) to maximize model performance.
Harmonized Structure
A standardized template for all ISO management system standards, formerly known as Annex SL, ensuring consistency in terminology and clause numbering.
High-Risk AI System
AI applications that have a significant potential to harm the health, safety, or fundamental rights of individuals, triggering the most stringent compliance requirements under the EU AI Act.
I
ISO/IEC JTC 1/SC 42
The joint ISO/IEC committee on Artificial Intelligence standardization, developing international AI standards for governance, risk, and interoperability.
Imbalanced Data
A dataset where one class or category significantly outnumbers others, which can lead AI models to bias toward the majority class unless mitigated.
Immutable Ledger
A tamper-evident record-keeping mechanism (e.g., blockchain) ensuring that once data are written, they cannot be altered without detection - useful for AI audit trails.
Impact Assessment
A structured evaluation to identify, analyze, and mitigate potential ethical, legal, and societal impacts of an AI system before deployment.
Implicit Bias
Unconscious or unintentional biases embedded in training data or model design that can lead to discriminatory outcomes.
Incentive Alignment
The design of reward structures and objectives so that AI systems’ goals remain consistent with human values and organizational priorities.
Inductive Bias
The set of assumptions a learning algorithm uses to generalize from observed data to unseen instances.
Inference
The process by which a trained AI model processes new data inputs to produce predictions or decisions.
Inference Engine
The component of an AI system (often in rule-based or expert systems) that applies a knowledge base to input data to draw conclusions.
Information Governance
The policies, procedures, and controls that ensure data quality, privacy, and usability across an organization’s data assets, including AI training datasets.
Information Privacy
The right of individuals to control how their personal data are collected, used, stored, and shared by AI systems.
Infrastructure as Code (IaC)
Managing and provisioning AI infrastructure (compute, storage, networking) through machine-readable configuration files, improving repeatability and auditability.
Interoperability
The ability of diverse AI systems and components to exchange, understand, and use information seamlessly, often via open standards or APIs.
Interpretability
The degree to which a human can understand the internal mechanics or decision rationale of an AI model.
Intrusion Detection
Monitoring AI infrastructure and applications for malicious activity or policy violations, triggering alerts or automated responses.
Inherited Data Risk
The regulatory and ethical liability an organization assumes when using an AI system trained on data they did not collect or vet themselves.
Intake Workflow
The standardized process and series of checks that a new AI system must pass through before being built or procured.
Intent Validation
The process of verifying that an AI agent's planned sub-actions remain consistent with the original human-provided objective.
ISO/IEC 42001
The international standard specifying requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS).
ISO/IEC 42005
The international standard providing guidance on performing AI system impact assessments.
Implementing Acts
Secondary EU legislation adopted by the European Commission to set uniform conditions for implementing primary legislation, with binding legal effect across all Member States.
J
Jacobian Matrix
In AI explainability, the matrix of all first-order partial derivatives of a model’s outputs w.r.t. its inputs, used to assess sensitivity and feature importance.
Jailbreak Attack
A type of prompt‐injection where users exploit vulnerabilities to bypass safeguards in generative AI models, potentially leading to unsafe or unauthorized outputs.
Joint Liability
Legal principle where multiple parties (e.g., developers, deployers) share responsibility for AI‐related harms, influencing contract and governance structures.
Joint Modeling
Building AI systems that jointly learn multiple tasks (e.g., speech recognition + translation), with governance needed for complexity and auditability.
Judgment Bias
Systematic errors in human or AI decision‐making processes caused by cognitive shortcuts or flawed data, requiring bias audits and mitigation.
Judicial Review
The legal process by which courts evaluate the lawfulness of decisions made or assisted by AI, ensuring accountability and due process.
Jurisdiction
The legal authority over data, AI operations, and liability, which varies by geography and impacts compliance with regional regulations (e.g., GDPR, CCPA).
Juror Automation
The use of AI to assist in jury selection or case analysis, raising ethical concerns around fairness, transparency, and legal oversight.
Justice Metrics
Quantitative measures (e.g., disparate impact, equal opportunity) used to assess fairness and nondiscrimination in AI decision‐making.
Japan Act on Promotion of AI
A Japanese law (enacted 2025) establishing basic principles for AI promotion and risk mitigation.
K
Key Performance Indicator
A quantifiable metric (e.g., model accuracy drift, bias remediation time) used to monitor and report on AI governance and compliance objectives.
Key Risk Indicator
A leading metric (e.g., frequency of out-of-scope predictions, rate of unexplainable decisions) that signals emerging AI risks before they materialize.
Know Your Customer (KYC)
Compliance processes to verify the identity, risk profile and legitimacy of individuals or entities interacting with AI systems, especially in regulated industries.
Knowledge Distillation
A method of transferring insight from a larger “teacher” model into a smaller “student” model, balancing performance with resource and governance constraints.
Knowledge Graph
A structured representation of entities and their relationships used to improve AI explainability, auditability and alignment with domain ontologies.
Knowledge Management
Practices and tools for capturing, organizing and sharing organizational knowledge (e.g., model documentation, audit logs) to ensure reproducibility and oversight.
L
Label Leakage
The inadvertent inclusion of output information in training data labels, which can inflate performance metrics and conceal true model generalization issues.
Large Language Model
A deep learning model trained on vast text corpora that can perform tasks like text generation, translation, and summarization, often requiring governance around bias and misuse.
Least Privilege
A security principle where AI components and users are granted only the minimal access rights necessary to perform their functions, reducing risk of misuse.
Legal Compliance
The practice of ensuring AI systems adhere to applicable laws, regulations, and industry standards throughout their entire lifecycle.
Liability Framework
A structured approach defining who is responsible for AI-related harms or failures, including developers, deployers, and operators.
Lifecycle Management
The coordinated processes for development, deployment, monitoring, maintenance, and retirement of AI systems to ensure ongoing compliance and risk control.
Liveness Detection
Techniques used to verify that an input (e.g., biometric) originates from a live subject rather than a spoof or replay, enhancing system security and integrity.
Localization
Adapting AI systems to local languages, regulations, cultural norms, and data residency requirements in different jurisdictions.
Log Management
The collection, storage, and analysis of system and application logs from AI workflows to support auditing, incident response, and model performance tracking.
Loss Function
A mathematical function that quantifies the difference between predicted outputs and true values, guiding model training and optimization.
Least Agency
A security and governance principle stating that AI agents should only be granted the minimum level of autonomy and tool-access necessary to complete a specific task.
M
Meaningful Human Control
A regulatory and operational standard ensuring that humans retain the ability to oversee, intervene in, and override AI decision-making processes.
Metadata Management
The practice of capturing and maintaining descriptive data (e.g., data provenance, feature definitions, model parameters) to support traceability and audits.
Metrics & KPIs
Quantitative measures (e.g., accuracy drift, fairness scores, incident response time) used to monitor AI system health, risk, and compliance objectives.
Mitigation Strategies
Planned actions (e.g., bias remediation, retraining, feature re-engineering) to address identified AI risks and compliance gaps.
Model Explainability
Techniques and documentation that make an AI model’s decision logic understandable to stakeholders and auditors.
Model Governance
The policies, roles, and controls that ensure AI models are developed, approved, and used in line with organizational standards and regulatory requirements.
Model Monitoring
Continuous tracking of an AI model’s performance, data drift, and operational metrics to detect degradation or emerging risks.
Model Retraining
The process of updating an AI model with new or refreshed data to maintain performance and compliance as data distributions evolve.
Model Risk Management
The structured process of identifying, assessing, and mitigating risks arising from AI/ML models throughout their lifecycle.
Model Validation
The evaluation activities (e.g., testing against hold-out data, stress scenarios) that confirm an AI model meets its intended purpose and performance criteria.
Multi-Stakeholder Engagement
Involving diverse groups (e.g., legal, ethics, operations, end users) in AI governance processes to ensure balanced risk oversight and alignment with business goals.
Market Surveillance Authority
The national regulatory body in each EU member state responsible for monitoring AI systems to ensure they comply with the EU AI Act.
MAS FEAT Principles
The Monetary Authority of Singapore's principles for Fairness, Ethics, Accountability, and Transparency (FEAT) in the use of AI in finance.
Mexico Federal Law on AI and Algorithms
A draft Mexican federal law on AI and algorithms proposing a risk-based classification system, the National AI Commission (CONAIA), and watermarking requirements for AI-generated content.
Minnesota CDPA (AI Provisions)
The AI-specific components of the Minnesota Consumer Data Privacy Act.
Model Card
A short, standardized document providing essential information about a machine learning model's performance, limitations, and intended use cases.
Model Disgorgement
A regulatory remedy requiring a company to delete AI models or algorithms that were developed using improperly or unlawfully acquired data.
Model Drift
The degradation of an AI model's predictive performance over time due to changes in real-world data or the environment.
N
NIST AI Risk Management Framework
A voluntary guidance from the U.S. National Institute of Standards and Technology outlining best practices for mitigating risks across AI system lifecycles.
Natural Language Processing (NLP)
Techniques and tools that enable machines to interpret, generate, and analyze human language in text or speech form.
Network Security
Measures and controls (e.g., segmentation, firewalls, intrusion detection) to protect AI infrastructure and data pipelines from unauthorized access or tampering.
Neural Architecture Search
Automated methods for designing and optimizing neural network structures to improve model performance while balancing complexity and resource constraints.
Noise Injection
Deliberate introduction of random perturbations into training data or model parameters to enhance robustness and guard against adversarial manipulation.
Novelty Detection
Techniques for identifying inputs or scenarios that differ significantly from training data, triggering review or safe-mode operation to prevent unexpected failures.
NIST AI RMF Profiles
Context-specific implementations of the NIST AI Risk Management Framework tailored to particular industries, technologies, or risk types.
Non-Human Identity (NHI)
A digital credential used by an AI agent, bot, or service to authenticate and interact with enterprise systems.
Notified Body
An independent third-party organization designated by an EU member state to assess the conformity of certain high-risk AI systems under the EU AI Act.
NYC Local Law 144
A New York City law requiring annual bias audits for AI tools used in employment decisions.
O
Observability
The capability to infer an AI system’s internal state and behavior through collection and analysis of logs, metrics, and outputs for effective monitoring and troubleshooting.
Ongoing Monitoring
Continuous tracking of AI system performance, data drift, bias metrics, and security events to detect and address emerging risks over time.
Opacity
The absence of transparency in how an AI model arrives at decisions or predictions, posing challenges for trust and regulatory compliance.
Operational Resilience
The ability of AI systems and their supporting infrastructure to anticipate, withstand, recover from, and adapt to disruptions or adverse events.
Orchestration
The automated coordination of AI workflows and services - data ingestion, model training, deployment - ensuring compliance with policies and resource governance.
Outlier Detection
Techniques to identify data points or model predictions that deviate significantly from expected patterns, triggering review or mitigation actions.
Overfitting
A modeling issue where an AI system learns noise or idiosyncrasies in training data, reducing its ability to generalize to new, unseen data.
Oversight
The structured process of review, approval, and accountability for AI development and deployment, typically involving cross-functional governance bodies.
Ownership
The clear assignment of responsibility and authority over AI assets - data, models, processes - to ensure accountability throughout the system lifecycle.
OMB Memorandum M-25-21
A federal directive specifying AI governance and risk management requirements for US government agencies.
Operational Autonomy
The ability of an AI system to perform multi-step tasks and make decisions without human intervention at each stage.
Output Risk
The operational, legal, and reputational danger arising from the use of incorrect, biased, or harmful content generated by an AI system.
OWASP Agentic Top 10
A formal taxonomy of the ten most critical security risks specific to autonomous AI agents and their application environments.
P
Permissioning
The management of user and system access rights to AI data and functions, ensuring least-privilege and preventing unauthorized use.
Pilot Testing
A limited-scope trial of an AI system in a controlled environment to assess performance, risks, and governance controls before full-scale deployment.
Policy Enforcement
The automated or manual mechanisms that ensure AI operations adhere to organizational policies, regulatory rules, and ethical guidelines.
Post-Deployment Monitoring
Ongoing observation of AI system behavior and environment after release to detect degradation, drift, or compliance breaches.
Predictive Maintenance
AI-driven monitoring and analysis to forecast component or system failures, ensuring operational resilience and risk mitigation in critical environments.
Privacy Impact Assessment
A structured analysis to identify and mitigate privacy risks associated with AI systems, covering data collection, use, sharing, and retention.
Privacy by Design
An approach that embeds data protection and user privacy considerations into AI system architecture and processes from the outset.
Process Automation
Use of AI and workflow tools to streamline governance, compliance checks, and risk mitigation activities, reducing manual effort and error.
Presumption of Conformity
A legal mechanism under EU AI Act and other regimes whereby compliance with a harmonized standard (e.g., a published EN standard) provides a rebuttable assumption that the underlying regulation is satisfied.
Parametric Knowledge
The information learned by an AI model during its training process and stored within its weights and parameters.
Paved Road Governance
A strategy that encourages compliance by making sanctioned, secure workflows easier to follow than unsanctioned alternatives.
PRA SS1/23 (Model Risk Management)
The UK Prudential Regulation Authority's statement on model risk management for banks and insurers.
Probabilistic System
A system where outputs are based on statistical likelihood rather than deterministic, fixed logic.
Q
Qualitative Assessment
The subjective review of AI system behaviors, decisions, and documentation by experts to identify ethical, legal, or reputational concerns not captured quantitatively.
Quality Assurance
The systematic processes and checks to ensure AI models and data pipelines meet defined standards for accuracy, reliability, and ethical compliance.
Quality Control
The ongoing verification of AI outputs and processes against benchmarks and test cases to catch defects, bias incidents, or policy violations.
Quantitative Risk Assessment
A data-driven evaluation of potential AI threats, estimating likelihoods and impacts numerically to prioritize mitigation efforts.
Quantum Computing
The emerging computational paradigm that leverages quantum mechanics, posing new governance challenges around security, standardization, and risk.
Query Logging
The practice of recording AI system inputs and user queries to enable audit trails, detect misuse, and support accountability.
Query Privacy
Techniques and policies to protect sensitive information in user queries, ensuring that logged inputs do not compromise personal or proprietary data.
Questionnaire Framework
A structured set of governance-focused questions used during design, procurement, or deployment to ensure AI systems align with policy requirements.
Quorum for Governance Board
The minimum number of governance committee members required to be present to make official decisions on AI risk, policy approvals, or audit outcomes.
Quota Management
The controls and limits placed on AI resource usage (e.g., API calls, compute time) to enforce governance policies and prevent runaway costs or abuse.
R
Recourse
Mechanisms that allow affected individuals to challenge or seek remedy for AI-driven decisions that impact their rights or interests.
Red Teaming
A proactive testing approach where internal or external experts simulate attacks or misuse scenarios to uncover vulnerabilities in AI systems.
Regulatory Compliance
Ensuring AI systems adhere to applicable laws, regulations, and industry standards (e.g., GDPR, FDA, financial oversight) throughout their operation.
Reproducibility
The capacity to consistently regenerate AI model results using the same data, code, and configurations, ensuring transparency and auditability.
Responsibility Assignment Matrix
A tool (e.g., RACI) that clarifies roles and accountabilities for each governance activity - who’s Responsible, Accountable, Consulted, and Informed.
Responsible AI
The practice of designing, developing, and deploying AI systems in ways that are ethical, transparent, and accountable to stakeholders and society.
Risk Assessment
The process of identifying, analyzing, and prioritizing potential harms or failures in AI systems to determine appropriate mitigation strategies.
Risk Management Framework
A structured set of guidelines and processes for systematically addressing AI risks across the system lifecycle, from design through retirement.
Robustness
The ability of an AI system to maintain reliable performance under a variety of challenging or adversarial conditions.
Root Cause Analysis
A structured investigation to determine the underlying reasons for AI system failures or unexpected behaviors, guiding corrective actions.
Reasoning Chain
The multi-step logical process an AI agent follows to move from an initial objective to a final action or output.
S
Sanctioned Use Policy
Defined rules and controls that specify approved contexts, users, and purposes for AI system operation to prevent misuse.
Security by Design
Integrating security controls and best practices into AI systems from the earliest design phases to prevent vulnerabilities and data breaches.
Shadow AI
The unsanctioned use of AI models, agents, or tools by employees without IT approval, creating hidden security vulnerabilities through data leakage and unauthorized autonomous actions.
Societal Impact Assessment
A structured evaluation of how an AI system affects social, economic, and cultural aspects of communities, identifying potential harms and benefits.
Software Development Lifecycle
The end-to-end process (requirements, design, build, test, deploy, monitor) for AI applications, incorporating governance and compliance checks at each stage.
Stakeholder Engagement
The process of involving affected parties (e.g., users, regulators, impacted communities) in AI development and oversight to ensure diverse perspectives and buy-in.
Surveillance Risk
The threat that AI systems may be exploited for invasive monitoring of individuals or groups, infringing on privacy and civil liberties.
Synthetic Data
Artificially generated datasets that mimic real data distributions, used to augment training sets while protecting privacy.
Shadow Agents
Unsanctioned autonomous AI agents deployed within an organization without governance team awareness, capable of taking actions that affect business systems and external parties.
Singapore Model AI Governance Framework
A voluntary guidance framework from Singapore's IMDA and PDPC for responsible AI deployment.
South Korea AI Basic Act
South Korea's comprehensive legal framework for AI development and trust.
SR 11-7 (Model Risk Management)
The foundational US Federal Reserve guidance for managing risks associated with the use of models in banking.
Statement of Applicability (SoA)
A document that identifies which ISO 42001 Annex A controls are relevant to an organization's AI Management System and explains why others were excluded.
Substantial Modification
A change to an AI system after it has been placed on the market that affects its compliance or intended purpose under the EU AI Act.
System of Record
The authoritative data source for a given data element or piece of information within an organization.
Systemic Risk Threshold
The technical or capability-based limit (e.g., 10^25 FLOPs) that classifies a General-Purpose AI model as posing a high level of risk to society.
T
Tail Risk
The potential for rare, extreme outcomes in AI behavior or decision-making that fall outside normal expectations and require special mitigation planning.
Testing & Validation
The systematic process of evaluating AI models against benchmarks, edge cases, and stress conditions to ensure they meet performance, safety, and compliance criteria.
Third-Party Risk
The exposure arising from reliance on external data providers, model vendors, or service platforms that may introduce compliance or security vulnerabilities.
Threshold Setting
Defining boundaries or cut-off values in AI decision rules (e.g., confidence scores) to balance risks like false positives versus false negatives.
Traceability
The ability to track and document each step in the AI lifecycle - from data collection through model development to deployment - to support auditing and forensics.
Training Dataset
The curated collection of labeled or unlabeled data used to teach an AI model the relationships and patterns it must learn to perform its task.
Transfer Learning
A technique where a model developed for one task is adapted for a related task, reducing development time but requiring governance of inherited biases.
Transparency
The practice of making AI system processes, decision logic, and data usage clear and understandable to stakeholders for accountability.
Trustworthy AI
AI systems designed and operated in a manner that is ethical, reliable, safe, and aligned with human values and societal norms.
Trilogue
The informal three-way negotiation between the European Commission, the Council of the European Union, and the European Parliament used to reach political agreement on EU legislation before formal adoption.
U
Underfitting
A modeling issue where an AI system is too simple to capture underlying data patterns, resulting in poor performance on both training and new data.
Uniformity
Ensuring consistent application of policies, controls, and standards across all AI systems to avoid governance gaps or uneven risk management.
Unsupervised Learning
A machine learning approach where models identify patterns or groupings in unlabeled data without explicit outcome guidance.
Uptime Monitoring
Continuous tracking of AI system availability and performance to detect outages or degradation that could impact critical operations or compliance obligations.
Use Case Governance
The practice of defining, approving, and monitoring specific AI use cases to ensure each aligns with organizational policies, ethical standards, and risk appetite.
User Consent
The process of obtaining and recording explicit permission from individuals before collecting, processing, or using their personal data in AI systems.
Utility
A measure of how valuable or effective an AI system is in achieving its intended objectives, balanced against any associated risks or resource costs.
UK AI Opportunities Action Plan
The UK government's strategic roadmap for maximizing AI benefits while establishing targeted, binding safety rules.
V
Validation
The process of confirming that an AI model performs accurately and reliably on intended tasks and meets defined performance criteria.
Variance Monitoring
Tracking fluctuations in AI model outputs or performance metrics over time to detect drift and infer potential degradation or risk.
Vendor Risk Management
Assessing and monitoring third-party suppliers of AI components or services to identify and mitigate potential compliance, security, or ethical risks.
Version Control
The practice of managing and tracking changes to AI code, models, and datasets over time to ensure reproducibility and auditability.
Veto Authority
The formal right held by a governance body or stakeholder to block or require changes to AI deployments that pose unacceptable risks.
Vigilance Monitoring
Continuous surveillance of AI behavior and external signals (e.g., regulatory updates) to promptly identify and respond to emerging risks or non-compliance.
Vision AI Oversight
The governance processes specific to computer vision systems, ensuring data quality, bias checks, and transparency in image/video-based decision-making.
Vulnerability Assessment
Identifying, analyzing, and prioritizing security weaknesses in AI infrastructure and applications to guide remediation efforts.
Version Pinning
The practice of locking an AI system to a specific, tested version of a foundation model to prevent silent updates from changing system behavior.
W
Watchdog Monitoring
Independent runtime checks that observe AI decisions and trigger alerts or interventions when policies or thresholds are violated.
Weight Auditing
Examining model weights and structures for anomalies, backdoors, or biases that could indicate tampering or unintended behaviors.
White-Box Testing
Assessing AI systems with full knowledge of internal workings (code, parameters, architecture) to verify correctness, security, and compliance.
Whitelist/Blacklist Policy
Governance rule defining allowed (whitelist) and disallowed (blacklist) inputs, features, or operations to enforce compliance and prevent misuse.
Whitelisting
Allowing only pre-approved data sources, libraries, or model components in AI pipelines to reduce risk from unvetted or malicious elements.
Workflow Orchestration
Automating and sequencing AI lifecycle tasks (data ingestion, training, validation, deployment) to enforce governance policies and ensure consistency.
Workload Segregation
Separating AI compute environments (e.g., dev, test, prod) and data domains to limit blast radius of failures or security breaches.
Worst-Case Analysis
Evaluating the most extreme potential failures or abuses of an AI system to inform robust risk mitigation and contingency planning.
Write-Once Read-Many (WORM) Storage
Immutable storage ensuring logs, audit trails, and model artifacts cannot be altered once written, supporting non-repudiation and forensic review.
Watermarking
The practice of embedding detectable, machine-readable provenance markers in AI-generated output, such as images, audio, video, and synthetic text, so downstream consumers and platforms can identify content as AI-generated.
X
X-Validation
A model validation technique (often abbreviated “X-Val”) that partitions data into folds to rigorously assess model generalization and detect overfitting.
XAI (Explainable AI)
Techniques and methods that make an AI model’s decision process transparent and understandable to humans, supporting accountability and compliance.
XAI Audit
A review process that evaluates whether AI explainability outputs meet internal policies and regulatory requirements, ensuring sufficient transparency.
XAI Framework
A structured approach or set of guidelines that organizations use to implement, measure, and govern explainability practices across their AI systems.
XAI Metrics
Quantitative or qualitative measures (e.g., feature importance scores, explanation fidelity) used to assess the quality and reliability of AI explanations.
Y
YARA Rules
A set of signature-based detection patterns used to scan AI pipelines and artifacts for known malicious code or tampering.
Yearly Compliance Review
An annual evaluation of AI governance processes, policies, and systems to ensure continued alignment with regulations and internal standards.
Z
Zero Defect Tolerance
A governance principle aiming for no errors or policy violations in AI outputs, supported by rigorous testing, monitoring, and continuous improvement cycles.
Zero-Day Vulnerability
A previously unknown security flaw in AI software or infrastructure that can be exploited before a patch or mitigation is available.
Zero-Shot Learning
A model capability to correctly handle tasks or classify data it was never explicitly trained on by leveraging generalized knowledge representations.
Zone-Based Access Control
A network or data governance approach that divides resources into zones with distinct policies, restricting AI system access according to data sensitivity.
Join our Newsletter
By signing up, you agree to the Enzai Privacy Policy
Join our Newsletter
By signing up, you agree to the Enzai Privacy Policy
Join our Newsletter
By signing up, you agree to the Enzai Privacy Policy
Join our Newsletter
By signing up, you agree to the Enzai Privacy Policy
AI Governance
AI Governance
Infrastructure
Infrastructure
engineered for Trust.
engineered for Trust.
Empower your organization to adopt, govern, and monitor AI with enterprise-grade confidence. Built for regulated organizations operating at scale.
Seamlessly connect your existing systems, policies, and AI workflows — all in one unified platform.
Seamlessly connect your existing systems, policies, and AI workflows — all in one unified platform.