
This lecture highlights the benefits of taking the AIGP certification course, including career advancement in AI governance, professional development, and resume enhancement. It introduces Dr. David, the instructor, emphasizing his extensive teaching experience, industry certifications, and expertise in AI governance, privacy, and risk management. The course is designed for accessibility, with no prerequisites, a flexible format, and a focus on practical learning.
This lecture introduces the Artificial Intelligence Governance Professional (AIGP) certification, offered by the IAPP. It covers AI governance principles, including compliance, risk management, and responsible AI oversight. The lecture explains the certification’s target audience, the four knowledge domains assessed in the exam, and the exam structure, which includes multiple-choice and case study questions. It also details registration costs, maintenance requirements, and the certification’s role in advancing careers in AI governance.
This lecture provides an overview of IAPP, the largest organization for privacy and AI governance professionals. Originally founded as a privacy-focused organization, IAPP rebranded in 2024 to include AI governance and digital responsibility. The lecture discusses its mission, global presence, and extensive resources for members, including training, publications, and conferences. It also introduces KnowledgeNet chapters, local networking groups that host events and provide professional development opportunities.
This lecture outlines why obtaining an Artificial Intelligence Governance Professional (AIGP) certification is critical in 2026. Rapid AI diffusion and bold predictions of "superhuman" intelligence by 2027 highlight an urgent need for adaptable governance. While 82.7% of leaders view AI as a generational transformation, 93.2% identify human factors—not technology—as the primary obstacle. Consequently, organizations are rapidly increasing budgets to address critical gaps in visibility and policy enforcement. For professionals, this field offers high job satisfaction and an average salary of $182,000. Certification demonstrates the essential expertise needed to lead responsible AI initiatives and stand out in the fastest-growing job market.
This lecture defines risk management as the identification, assessment, and mitigation of harm. It explains how to calculate risk scores based on severity and probability and introduces three types of risk controls: administrative (e.g., training), technical (e.g., firewalls), and physical (e.g., security guards). Examples include managing the risks of car accidents with seat belts and traffic laws and mitigating adversarial AI prompts through content filters. The lecture emphasizes structured approaches to risk management for ensuring safety and compliance.
This lecture focuses on AI-specific risk management, highlighting the importance of aligning AI strategies with organizational goals and compliance frameworks. It explains the AI risk management lifecycle, from identifying risks to implementing mitigation measures and integrating AI risk assessments into broader governance structures. The lecture also explores the context-specific nature of AI risk, including social impacts, jurisdictional considerations, and non-AI alternatives. Risk responses are categorized as high (avoid or modify), moderate (mitigate), or low (accept or mitigate).
This lecture explores the concept of Artificial Intelligence (AI) by contrasting it with human intelligence. Key topics include definitions of human intelligence, characteristics of AI, the Turing Test, and shared features of AI systems, such as autonomy and human involvement. The lecture emphasizes the socio-technical nature of AI, where humans and technology influence each other, and highlights the need for diverse, cross-functional teams in AI development.
This lecture introduces machine learning (ML) as a subfield of AI that uses data to train models for making decisions, inferences, and predictions. Topics include algorithms, labeled and unlabeled data, and the four ML training models: supervised, unsupervised, semi-supervised, and reinforcement learning. ML enables machines to learn patterns and relationships in data to perform intelligent tasks without explicit programming.
Supervised learning uses labeled data to train models that classify inputs or predict outcomes. Topics include classification models (e.g., spam detection) and regression models for continuous values (e.g., house prices). Techniques such as Support Vector Machines (SVM) and Support Vector Regression (SVR) are introduced. The lecture highlights the importance of large, labeled datasets for model accuracy.
Unsupervised learning processes unlabeled data to discover patterns, clusters, and associations. Semi-supervised learning combines both labeled and unlabeled data to improve model reliability while reducing costs. Applications include clustering, association rule learning, and identifying fraud through exploratory data analysis. Supervised and unsupervised methods are contrasted for their unique use cases.
Reinforcement learning simulates motivation by using rewards and punishments to train models without pre-labeled data. It focuses on maximizing rewards through iterative feedback loops. Challenges include the real-world complexity of environments and the consequences of failure. Applications like AlphaGo and autonomous vehicles highlight its strengths and limitations.
Google DeepMind documentary AlphaGo.
This lecture explores discriminative models, which classify data points into categories, and generative models, which generate new data points based on learned characteristics. Discriminative models map input features to class labels, useful for tasks like classification. Generative models aim to understand the essence of a category to create new content, forming the basis for technologies like generative AI.
Foundation models are large-scale neural networks trained on massive datasets that can be repurposed for various tasks. Key topics include neural networks, transfer learning, and fine-tuning. Types of foundation models include large language models (LLMs), vision models, and audio models. These models save time and resources by enabling generalized, adaptable, and scalable AI solutions.
Short explainer video on how neural networks work.
This lecture introduces three categories of AI: Artificial Narrow Intelligence (ANI), which performs specific tasks (e.g., AlphaGo); Artificial General Intelligence (AGI), with human-level capabilities (not yet realized); and Artificial Super Intelligence (ASI), which surpasses human intelligence (theoretical). These categories highlight AI’s progression and potential.
Expert systems mimic human decision-making using a knowledge base, inference engine, and user interface, supporting tasks like tax preparation. Fuzzy logic introduces reasoning under uncertainty, using linguistic variables and rules (e.g., if-then statements). Applications include automatic vehicle braking and systems that manage vague or imprecise inputs.
This lecture examines the interaction of AI with the physical world through robotics. Topics include Industry 4.0 (the Fourth Industrial Revolution), machine perception (e.g., using sensors), and Robotic Process Automation (RPA) for repetitive tasks. AI-enabled robotics drives automation, interconnectivity, and enhanced perception in industrial and consumer applications.
This lecture covers linear and statistical models, decision trees, deep learning, and various applications like computer vision, speech recognition, and NLP. Topics include their strengths, challenges, and use cases, such as decision trees for classification and neural networks for complex nonlinear tasks like image and language processing.
Large Language Models (LLMs) utilize deep learning to process text. They are characterized by massive parameters, enabling tasks like generating text or understanding context. Topics include parameters, weights, training types (generative and discriminative), and multimodal capabilities for diverse inputs and outputs. Examples include ChatGPT and other generative AI.
SLMs are specialized, cost-effective language models with compact architectures (fewer than 1 billion parameters). They are faster to train, require less storage, and offer enhanced security by being deployable on private infrastructures. Examples include Mistral 7B and Microsoft’s Phi-2.
This lecture explores key AI applications such as recommendation systems, recognition tasks (e.g., facial recognition), anomaly detection, forecasting, goal-driven optimization (e.g., supply chains), interaction support (e.g., chatbots), and personalization for tailored user experiences.
Compute infrastructure underpins AI, including CPUs, GPUs, and specialized processors. Topics include supercomputers like El Capitan, serverless computing, high-performance computing clusters, and trusted execution environments that secure data and maintain privacy.
This lecture discusses data storage stages and networking requirements. Topics include structured vs. unstructured data, high-speed networks for data delivery, and alternatives like edge computing and IoT. Efficient data movement is critical for AI training and inference.
Software supports AI applications and platforms for design, development, and deployment. Topics include open-source frameworks, fine-tuning for task-specific models, and tools from providers like AWS and Google Cloud. Software democratizes AI development through cost-effective and customizable solutions.
Emerging technologies drive AI, including mobile devices, metaverse, cloud computing, IoT, and AR/VR. Other enablers like blockchain, privacy-enhancing technologies, and social media expand data availability and fuel AI growth.
This lecture examines risks to individuals and groups, including civil rights, economic opportunity, privacy breaches, and safety concerns. Specific harms include biases in employment, housing, and education. Group harms include unreliable facial recognition, mass surveillance, and exacerbation of socio-economic divides.
This lecture explores societal risks such as threats to democracy, trust in institutions, misinformation, and disinformation. It highlights deepfakes, echo chambers, and profiling as key issues, emphasizing the role of AI in manipulating public perception and compromising safety through autonomous weapons.
This lecture addresses the reputational, cultural, economic, and legal risks faced by institutions, including AI exceptionalism and regulatory fines. Ecosystem harms involve natural resource depletion and environmental impacts. Positive applications like weather forecasting and disaster management are also discussed.
This lecture defines alignment as the match between AI objectives and human values, with examples of intended, specified, and emergent goals. Misalignment is explored through inner (programmed goals vs. system behavior) and outer (human intentions vs. objectives) misalignment.
This lecture categorizes biases in AI, including algorithmic, computational, societal, and implicit biases. It also covers issues like overfitting, underfitting, and edge cases. Biases can lead to unfair outcomes, systemic discrimination, and reduced model reliability.
This lecture presents socio-technical harms and the CSET AI Harm Taxonomy. Five themes—representational, allocative, quality-of-service, interpersonal, and societal—are discussed to anticipate risks and mitigate negative impacts. The CSET framework provides a structured approach to analyzing AI incidents.
Sociotechnical Harms of Algorithmic Systems: Scoping a Taxonomy for Harm Reduction
This lecture identifies features of AI systems that necessitate unique governance approaches, including complexity, opacity, autonomy, speed, and potential for harm. Topics cover regulatory challenges, interpretability, and deterministic versus probabilistic outputs. The emphasis is on balancing innovation with accountability and transparency.
This lecture introduces a structured approach to identifying and managing risks associated with artificial intelligence. It covers security risks specific to generative AI and general systems, privacy concerns, and operational and business impacts. The session then walks through how to build an AI risk assessment process, key assessment considerations, and alignment with emerging standards such as ISO 42005, providing a practical framework for responsible AI governance.
This lecture outlines risks specific to generative AI, such as hallucinations, deepfakes, data poisoning, and filter bubbles. These risks undermine trust, spread misinformation, and compromise data integrity. Adversarial attacks and data leakage are also discussed.
General AI poses risks like power concentration, adversarial attacks, and misuse of transfer learning. Topics include model inversion, extraction, and poisoning, as well as ethical concerns like monopolies and algorithmic exceptionalism that erode freedoms.
This lecture explores privacy risks, including data persistence, repurposing, and spillover. It introduces privacy harm taxonomies, such as MITRE’s PANOPTIC framework, which maps harms and identifies mitigation strategies. Transparency and consent are emphasized for ethical AI use.
Operational risks include hardware and environmental impacts, while business risks span reputational damage, economic challenges, and legal liabilities. Topics include vendor dependencies, IP infringement, and cultural issues like over-reliance on AI.
This lecture explains how to design a practical AI risk assessment process within an organization. It covers aligning risk strategies across business functions, conducting structured risk assessments, and building repeatable processes using existing tools and frameworks. The session also introduces different genres of AI impact assessments and shows how to customize them based on use case, industry, and regulatory context.
This lecture focuses on the key decisions that shape AI risk management at the use-case level. Topics include resource allocation, defining organizational risk tolerance, categorizing risks, and using impact and risk assessments to quantify severity. Emphasis is placed on how these factors influence risk responses and governance decisions.
This lecture introduces ISO 42005:2025 and its role in guiding AI impact assessments. It explains the purpose of the standard, how it supports responsible AI development, and its focus on identifying and mitigating risks early in the system lifecycle. Key sections such as privacy, bias, transparency, accountability, and societal impact are reviewed.
This lecture defines key terms in AI ethics, including accountability, explainability, fairness, and transparency. It highlights the importance of contestability, reliability, and robustness in building trustworthy and ethical AI systems.
This lecture clarifies commonly used but often conflated AI governance terms. It distinguishes ethical AI as values and principles, responsible AI as organizational actions and processes, and trustworthy AI as the measurable outcome. The session helps participants understand how values translate into governance practices and system-level results.
This lecture outlines core principles to consider when planning and designing AI systems. Topics include lawfulness, safety, bias mitigation, transparency, user choice, human intervention, and security. The session emphasizes how these principles help reduce harm, protect individuals, and build trust throughout the AI lifecycle.
This lecture introduces Ethics by Design as a way to identify and address ethical issues early in the AI planning and design stage. It presents six core principles, including human agency, fairness, transparency, and accountability, and explains how organizations can mitigate ethical risk through principles, oversight, and policies. The focus is on embedding ethics into strategy and day-to-day decision-making.
Trustworthy AI emphasizes human-centric, accountable, and transparent systems that operate legally and fairly. Topics include operationalizing these principles through leadership buy-in, creating technical standards, and embedding AI into responsible governance frameworks.
This lecture provides a high-level roadmap for developing an organizational AI strategy. It focuses on defining the organization’s role, tailoring strategy to business context, implementing oversight and accountability policies, and assessing AI use cases. The session connects strategic intent with governance structures needed to support responsible AI adoption.
This lecture explains the different AI operator roles under the Non-EU AI Act, including developers, providers, deployers, and users. It clarifies how responsibilities differ across roles and uses practical examples to show how a single AI system can involve multiple operators. The goal is to help organizations understand where they fit and what obligations may apply.
This lecture builds on the operator overview by examining the specific obligations and needs of developers, providers, deployers, and users. It covers documentation, risk mitigation, incident reporting, acceptable use policies, and feedback mechanisms, highlighting how governance responsibilities vary across the AI lifecycle.
This lecture explores how to customize AI governance based on organizational size, maturity, industry, and strategic objectives. It emphasizes assessing risk tolerance and aligning governance with the ubiquity of AI in products and services, highlighting a cost-benefit approach.
This lecture focuses on establishing oversight and accountability policies as a core part of AI strategy. It explains why oversight must be integrated throughout the AI development lifecycle and reviews key areas such as use case assessment, risk management, ethics by design, deployment, monitoring, documentation, and incident management.
This lecture introduces use case assessment as a structured way to evaluate an AI project’s viability, risks, and ethical implications. Using the Map, Measure, and Manage approach from the NIST AI Risk Management Framework, it explains how to document system context, assess risk severity and likelihood, and implement appropriate risk responses throughout the AI lifecycle.
This lecture presents a high-level roadmap for establishing AI governance within an organization. It outlines the major stages, including building the scaffolding, establishing a governance framework, involving stakeholders, providing training, and operationalizing a responsible AI culture. The focus is on sequencing governance efforts in a practical, sustainable way.
This lecture focuses on setting the foundation for an AI governance body. It covers building on existing governance structures, fostering cross-functional collaboration, defining roles and responsibilities, creating incentives, and selecting appropriate governance models such as centralized, decentralized, or hybrid approaches.
This lecture explains how organizations operationalize AI principles through governance frameworks. It distinguishes principles from frameworks and explores how to tailor a framework based on values, risk tolerance, industry, jurisdiction, and organizational capacity. The goal is to create a practical structure for consistent and responsible AI use.
This lecture emphasizes the importance of early and ongoing stakeholder engagement in AI governance. It identifies key roles across technical, legal, ethical, and business functions, discusses leadership buy-in, and introduces tools such as the MITRE AI Maturity Model to assess readiness and guide engagement over time.
This lecture focuses on building effective, ongoing AI training and awareness programs tailored to an organization’s strategy and specific AI use cases. It outlines key content areas, including AI literacy, system purpose and limitations, risks, acceptable use policies, and security and privacy considerations. The session emphasizes informed, responsible AI use rather than deep technical expertise.
This lecture explores how organizations can embed responsible AI into everyday practice. It covers creating a culture that values trust and accountability, defining responsible AI as a discipline, aligning performance metrics, and using shared standards and vocabulary. The session also explains how to operationalize this culture through standards, playbooks, policies, and ongoing monitoring.
Domain 1 lecture notes in three formats: color, black and white, and review slides only.
This lecture provides an overview of the evolving legal and regulatory landscape for AI. It maps key areas of regulation, including privacy, intellectual property, product safety, and emerging AI-specific laws such as the EU AI Act. The session helps participants understand how different legal regimes fit together and what organizations need to monitor when deploying AI globally.
This lecture examines global approaches to AI regulation, including comprehensive AI laws, sector-specific rules, and amendments to existing legislation. It highlights differences in risk-based and rights-based models, areas of regulatory overlap, and the challenges of misalignment across jurisdictions. The session concludes with strategies for harmonizing compliance across regimes.
This lecture categorizes AI products into two groups: those performing old functions in new ways (e.g., credit scoring) and those enabling entirely new functions (e.g., synthetic content generation). It highlights compliance with existing laws and regulations, especially in highly regulated sectors like finance and healthcare.
This lecture introduces the Fair Information Practices (FIPs), a set of guidelines for handling data with privacy, security, and fairness. Core principles include access, purpose specification, data minimization, accountability, and use limitation. Originating in the 1973 HEW Report, FIPs have influenced global privacy standards like the OECD Guidelines.
This lecture applies FIPs principles to AI, focusing on notice, choice and consent, purpose limitation, and data minimization. It emphasizes informing users about AI interactions, collecting only necessary data, and ensuring consent is voluntary and informed through clear communication.
This lecture discusses Privacy by Design (PbD) and Privacy by Default (PbDD), foundational principles in modern data protection. PbD embeds privacy into systems during their development lifecycle, while PbDD ensures strict privacy settings by default. Seven principles, such as transparency and proactive measures, guide their implementation.
This lecture outlines privacy requirements for AI operators, including compliance with laws like GDPR and CCPA. Key topics include conducting Privacy Impact Assessments (PIAs), maintaining human oversight, managing data governance, and ensuring data disposition policies align with privacy regulations.
This lecture covers the GDPR, the EU’s comprehensive privacy legislation. Key principles include lawfulness, fairness, and transparency. Topics explore GDPR’s applicability to AI, focusing on articles addressing automated decision-making (ADM), data pseudonymization, and consent requirements.
This lecture covers sensitive data categories under laws like GDPR and CCPA, including health, genetic, and biometric data. Topics include the legal bases for processing, safeguards like DPIAs, and best practices such as collecting data directly from individuals or creating proxies to protect privacy.
This lecture explains the responsibilities of data controllers under GDPR, including conducting DPIAs, managing third-party processors, and ensuring cross-border data transfers comply with regulations. It also covers data subject rights, incident management, breach notification, and record-keeping for accountability.
This lecture analyzes EDPB Opinion 28/2024 and its implications for AI systems that process personal data. It addresses when AI models can be considered anonymous, the use of legitimate interest as a legal basis for training models, and the consequences of unlawful data processing. The focus is on GDPR compliance throughout the AI lifecycle.
This lecture introduces intellectual property (IP), including patents, trademarks, copyrights, and trade secrets. Topics include derivative works, fair use, and legal challenges regarding AI outputs, such as whether AI-generated works qualify for IP protections and who can be considered an “inventor”.
This lecture explores unresolved intellectual property questions raised by AI systems. Topics include authorship and ownership of AI outputs, copyright challenges related to training data, patent law and AI inventorship, trademark risks, and licensing requirements. The session uses real-world cases to illustrate legal uncertainty and compliance risks.
This lecture addresses licensing of AI models and data, focusing on ownership, indemnification, and licensing agreements. It emphasizes assigning rights, defining liability, and ensuring metrics like reliability and robustness in licensing contracts to manage AI-specific challenges.
This lecture focuses on AI in employment and compliance with the U.S. Equal Employment Opportunity Commission (EEOC). Topics include Title VII of the Civil Rights Act, “adverse impact” on protected groups, and the EEOC’s Algorithmic Fairness Initiative to ensure hiring technologies align with federal civil rights laws.
This lecture outlines the Federal Trade Commission’s (FTC) role in protecting consumers from unfair or deceptive acts. Topics include the FTC’s jurisdiction over laws like COPPA and FCRA, its unfairness authority criteria, and enforcement of consumer protection through regulatory actions.
This lecture explores automated decision-making (ADM) and its regulation under laws like the Fair Credit Reporting Act (FCRA) and Equal Credit Opportunity Act (ECOA). It discusses FTC recommendations for transparency, nondiscrimination, and accountability in ADM systems.
This lecture introduces the Federal Reserve’s SR 11-7 guidance on model risk management, which addresses the development, validation, and governance of statistical models in banking. The guiding principle is “effective challenge” to identify and mitigate risks in model use.
This lecture reviews the Occupational Safety and Health Administration’s (OSHA) guidelines for industrial robot systems. It highlights safety standards and hazard analysis practices established to ensure safe working conditions in industries using robotics.
This lecture focuses on the Food and Drug Administration’s (FDA) regulation of AI-enabled medical devices, categorized as Software as a Medical Device (SaMD). Topics include examples like MRI analysis tools, risk classifications (Class I to III), and the regulatory processes for approval.
This lecture explores nondiscrimination laws in healthcare, insurance, and employment sectors. Topics include Section 1557 of the ACA, NAIC guidelines for responsible AI in insurance, and EEOC guidance on AI hiring tools, emphasizing compliance and bias mitigation.
This lecture covers U.S. product liability laws as they apply to AI, including challenges with autonomous systems and explainability. It discusses traditional liability theories (strict liability, negligence, breach of warranty) and key case studies like Corelogic and Meta Platforms.
This lecture reviews EU liability frameworks, including fault and strict liability regimes. It explores the General Product Safety Regulation, the Reformed Product Liability Directive, and the proposed AI Liability Directive, which aim to address AI-specific issues like opacity and complexity.
This lecture introduces the Digital Services Act (DSA), an EU law effective August 2023 that targets online platforms to prevent illegal and harmful activities. It emphasizes transparency in recommender systems and online advertising, including user access to ad parameters and profiling information.
This lecture explains the structure of the EU AI Act, which comprises 113 articles, 13 annexes, and 180 recitals. Articles outline obligations and rights, annexes provide technical details, and recitals clarify legislative intent. A timeline for implementation is included.
This lecture outlines the objectives and scope of the EU AI Act, aiming for safe, transparent, and trustworthy AI. It introduces key terms like AI systems and General Purpose AI (GPAI), discussing their definitions, scope exceptions, and regulatory obligations for global operators.
This lecture identifies roles in AI system regulation, including providers, deployers, distributors, importers, and authorized representatives. Each role has specific obligations under the EU AI Act, with providers facing the most stringent requirements.
This lecture explores the risk-based approach of the EU AI Act, categorizing AI systems into four risk levels: unacceptable, high, limited, and minimal. It explains how market surveillance authorities enforce compliance and safety based on risk severity and probability.
This lecture explores AI systems classified as prohibited under the EU AI Act, including social credit scoring, manipulative behavior, untargeted biometric scraping, and predictive policing. It also outlines exceptions, such as law enforcement use in pre-approved scenarios like imminent threat detection.
This lecture focuses on high-risk AI systems as defined in Annex III of the EU AI Act. Examples include systems for biometric identification, critical infrastructure, and employment decisions. It highlights mandatory risk management, transparency, and safety requirements for these systems.
This lecture covers AI systems deemed limited risk under the EU AI Act, like chatbots and generative models (e.g., ChatGPT). Transparency obligations include informing users they’re interacting with AI and marking AI-generated outputs in a machine-readable format.
This lecture details compliance requirements for providers of high-risk AI systems under the EU AI Act. Topics include risk management, data governance, technical documentation, transparency, human oversight, and quality management systems.
This lecture introduces the EU AI Act’s AI literacy requirements, which mandate providers and deployers ensure their staff have a sufficient understanding of AI systems. Topics include technical foundations, critical evaluation, ethical considerations, and societal impacts.
This lecture discusses risk management and data governance for high-risk AI providers. Providers must identify, mitigate, and monitor risks, especially those affecting vulnerable groups. Data governance covers training datasets, ensuring representativeness, accuracy, and bias mitigation while complying with GDPR.
This lecture focuses on technical documentation and record-keeping. Documentation must detail system architecture, methodologies, and performance metrics. Record-keeping requirements include logging events and maintaining biometric system usage records, with specific protocols for significant modifications.
This lecture outlines obligations for transparency, human oversight, and system robustness. Providers must offer clear instructions for deployers, ensure human intervention capabilities, and maintain systems resilient to errors and cyberattacks while upholding accuracy and fairness.
This lecture covers quality-management systems (QMS), corrective actions, and cooperation with authorities. Providers must document compliance, maintain logs, and notify relevant parties in case of non-compliance or safety risks. Authorized representatives ensure adherence to EU requirements.
This lecture discusses GPAI and GPAI models with systemic risks. GPAI models are trained on vast datasets, enabling broad applications. Systemic risks are evaluated based on computational benchmarks, architecture, and dataset quality rather than specific use cases.
This lecture details obligations for GPAI providers, focusing on technical documentation, transparency, and compliance with EU copyright laws. Providers must track and mitigate risks, report incidents promptly, and cooperate with the AI Office. Open-source models have exceptions unless systemic risks are present.
This lecture outlines common obligations imposed on general-purpose AI providers across jurisdictions. It covers recurring requirements such as documentation, transparency, risk management, human oversight, incident reporting, and registration. The session also highlights shared compliance challenges, including data governance, model training and fine-tuning, monitoring, and reliance on third-party tools.
This lecture compares enforcement mechanisms of the EU AI Act and GDPR, highlighting national and EU-level authorities. Market surveillance authorities (MSAs) conduct evaluations, handle incidents, and enforce penalties. The AI Office supports GPAI oversight and coordinates investigations.
This lecture discusses individual rights under the EU AI Act, including the ability to file complaints and request explanations for AI decisions. Penalties for non-compliance include fines of up to 35 million euros or 7% of global turnover for prohibited systems.
This lecture examines how AI laws are enforced across different jurisdictions. It reviews enforcement ecosystems, including central authorities, sectoral regulators, and advisory bodies, as well as enforcement logic such as pre- and post-market controls and tiered penalties. The session also discusses monetary fines, operational restrictions, and reputational risk.
This lecture provides an overview of the responsibilities of authorized representatives under the EU AI Act. Key topics include holding a written mandate from the provider, performing due diligence to verify conformity, maintaining compliance through system registration, and retaining documentation for 10 years. Additional obligations involve reporting mandate terminations, cooperating with authorities by providing documentation, and supporting risk mitigation. These measures ensure AI systems align with EU regulations and safety standards.
This lecture outlines the responsibilities of importers, including verifying compliance documentation, retaining records for 10 years, and cooperating with authorities. Representatives must report non-compliance and assist with risk mitigation actions
This lecture outlines distributors’ responsibilities under the EU AI Act, including ensuring compliance with technical documentation, CE marking, and storage conditions. Distributors must report risks to providers, importers, and authorities and cooperate during investigations.
This lecture compares the roles of importers and distributors, focusing on due diligence, compliance, and reporting. Importers verify conformity with the EU AI Act, while distributors oversee compliance post-importation and coordinate corrective actions for non-compliant systems.
This lecture highlights deployers’ duties, including monitoring systems, ensuring human oversight, and conducting Fundamental Rights Impact Assessments (FRIA). Deployers must report incidents, maintain records, and ensure transparency when AI systems impact workers or individuals.
This lecture examines scenarios where deployers, importers, or distributors become providers by modifying systems or assuming significant roles. It also discusses third-party contributions to high-risk systems and contractual obligations to ensure compliance.
This lecture provides a high level overview of the EU's recent simplification omnibus, which proposes to extend the deadline for providers of high-risk systems from August 2026 to December 2027.
This lecture surveys U.S. federal AI laws, executive orders, and agency actions. It covers recent executive orders, the federal AI Action Plan, OMB guidance, and enforcement activity by agencies such as DHS, FTC, and CFPB. The focus is on how federal policy shapes AI development, deployment, and accountability.
This lecture explores the rapidly evolving state-level AI regulatory landscape in the United States. It reviews common legislative approaches and highlights key laws in states such as California, Utah, Colorado, Texas, and New York City. The session emphasizes compliance challenges created by fragmented, use-case-specific requirements.
This lecture introduces South Korea’s AI Basic Act, one of the first comprehensive AI regulations outside the EU. It explains key terms, operator roles, core requirements, and obligations for high-impact AI systems. The session highlights the Act’s extraterritorial reach and emphasis on risk management, transparency, and human oversight.
This lecture examines China’s multi-layered approach to AI regulation. Rather than a single AI law, it covers a network of regulations, standards, and policies overseen by bodies such as the Cyberspace Administration of China. Topics include algorithmic recommendation rules, generative AI measures, deep synthesis and deepfake controls, ethics regulation, and China’s broader national AI strategy.
This lecture surveys AI laws and governance frameworks in key jurisdictions outside the EU, including Japan, Brazil, Canada, India, and Singapore. It highlights differences between binding regulation and voluntary guidance, risk-based models, sectoral approaches, and international alignment efforts, with a focus on how organizations can navigate diverse national requirements.
This lecture reviews common AI risk-tier frameworks used across global regulations. It explains prohibited, high-risk, limited-risk, and minimal-risk categories, with examples of each. The session emphasizes how risk is determined by use case and how obligations increase as potential harm to safety or fundamental rights rises.
This lecture introduces the OECD AI Classification Framework, which analyzes the policy implications of AI deployment. The framework examines people and planet, economic context, data inputs, AI model types, and tasks performed. Examples like AlphaGo and ChatGPT illustrate its application.
This lecture presents the OECD AI Principles, the first intergovernmental AI standard. Core values include inclusive growth, fairness, transparency, robustness, and accountability. The principles guide trustworthy AI development, addressing risks like bias, privacy, and misinformation.
This lecture introduces key terminology for NIST’s AI Risk Management Framework (AI RMF). It defines concepts like AI actors, risk management, and TEVV (testing, evaluation, verification, validation). The framework emphasizes use-case agnosticism and a voluntary approach to risk governance.
This lecture outlines the foundational elements of the AI RMF, including characteristics of trustworthy AI (e.g., fairness, transparency, privacy) and challenges like third-party risks and system inscrutability. It emphasizes assigning roles and responsibilities to address AI-related risks effectively.
This lecture covers the core elements of the AI RMF: govern, map, measure, and manage. These functions guide organizations in establishing accountability, identifying risks, evaluating impacts, and prioritizing actions to minimize negative outcomes.
This lecture introduces the NIST AI RMF Playbook, which provides actionable guidance for implementing the framework, and the Generative AI Profile, which addresses specific risks of generative AI systems through tailored best practices.
This lecture introduces ISO/IEC 42001, a standard for AI Management Systems (AIMS) providing guidance on responsible AI use. Core elements include leadership, planning, risk assessment, and continuous improvement. The standard is industry and jurisdiction agnostic, with a harmonized structure for global adoption.
This lecture details the controls required under ISO/IEC 42001, such as AI impact assessments, data governance, and responsible use across the AI lifecycle. It emphasizes roles, documentation, and resource allocation to ensure ethical and effective AI operations.
This lecture provides a standardized framework for AI concepts and terminology, facilitating clear communication across industries. Topics include machine learning, neural networks, and societal considerations like fairness and transparency. It complements ISO/IEC 42001 by defining foundational terms.
This lecture discusses ISO 31000, a general risk management standard applicable to all sectors. It introduces eight principles (e.g., continuous improvement, inclusivity) and a structured process for identifying, evaluating, and mitigating risks across operations.
This lecture explores the IEEE 7000-21 standard, which integrates ethical considerations into system design. It focuses on human values like transparency, privacy, and fairness, alongside system values like efficiency and effectiveness, across all lifecycle stages.
This lecture explains HUDERAF, created by the Council of Europe to assess AI systems’ compliance with human rights, democracy, and the rule of law. Key components include proportionality-based risk management, stakeholder involvement, and principles such as non-discrimination and transparency.
Domain 2 lecture notes in three formats: color, black and white, and review slides only. Because this domain is so long, I've divided the notes into four sections by competency as listed in the AIGP Body of Knowledge.
This lecture provides a high-level overview of the AI development life cycle, emphasizing that AI development is iterative rather than linear. It walks through the seven stages, from plan and design through deployment, monitoring, and retirement, highlighting key activities such as testing, evaluation, validation, and ongoing risk management.
This lecture breaks down the plan and design stage into five practical sub-stages. It covers defining the business problem, identifying AI use cases, determining scope, evaluating data availability, and establishing governance structures. The focus is on ensuring AI is an appropriate solution and aligned with organizational goals from the start.
This lecture focuses on supporting activities that occur during the plan and design stage. Topics include stakeholder engagement, establishing operational controls, and performing impact and risk assessments. The session emphasizes early coordination across business functions and clear ownership of risk, oversight, and incident response.
This lecture introduces different risk assessment strategies used throughout the AI development life cycle. It covers use case evaluation, stakeholder mapping, probability and severity harm matrices, risk mitigation hierarchies, benchmarking, and pre-deployment pilots. The emphasis is on identifying, quantifying, and addressing risks before deployment.
This lecture discusses methods for calculating risk scores, including the 3x3 harms matrix and confusion matrix. It explains how to quantify risk based on severity and probability, and introduces tools like HUDERIA’s Risk Index Number (RIN) and the Risk Mitigation Hierarchy.
This lecture introduces the data collection and preparation stage of the AI development life cycle. It covers key questions around data requirements, quality, format, and preparation, including the 5 V’s of data and data wrangling activities such as cleansing and labeling. The focus is on ensuring data is fit for purpose before model development begins.
This lecture explains core data group concepts used in AI model development, including training, validation, and testing datasets. It also introduces key performance concepts such as overfitting, underfitting, ground truth, and accuracy metrics, helping participants understand how data choices affect model reliability and real-world performance.
This lecture expands on essential data concepts such as transformation, pre- and post-processing, labeling, integrity, observability, unseen data, and synthetic data. It highlights how data quality, monitoring, and labeling practices directly influence model performance, fairness, and long-term system alignment.
This lecture examines the full data life cycle, from collection and use to storage, sharing, and destruction. It emphasizes cross-functional data governance and oversight across training, validation, deployment, monitoring, drift detection, and decommissioning, with attention to legal, privacy, security, and operational requirements.
This lecture focuses on feature engineering as a way to improve model performance and explainability. It explains how raw data is transformed into meaningful features, introduces feature flags, and discusses benefits such as reduced cost, improved accuracy, and better alignment between model behavior and real-world signals.
This lecture covers the strategic management of data assets, including data provenance and lineage. Topics include tracking data origins, transformations, and dependencies, as well as compliance with jurisdictional requirements like data localization and regulatory frameworks.
This lecture compares structured, semi-structured, and unstructured data formats commonly used in AI systems. It explains how each format differs in structure, usability, and analytical complexity, with practical examples such as databases, emails, and multimedia content. The session highlights how data format choices affect model design, tooling, and processing requirements.
This lecture introduces PETs like homomorphic encryption, secure multi-party computation, federated learning, and differential privacy. These technologies help protect sensitive data during AI training and operations by enhancing privacy, but with some utility trade off.
This lecture covers how AI models are selected, trained, and prepared for evaluation. It explains model architecture selection, the training process, and the roles of validation and testing data. The session also introduces performance metrics and thresholds, emphasizing how accuracy, precision, recall, and fairness measures are used to assess readiness for real-world use.
This lecture explores AI system architectures, including feedforward, convolutional, recurrent, and graph neural networks, as well as transformers. It also discusses ensemble methods like stacking, bagging, and boosting, which combine models to enhance performance.
This lecture examines oversight mechanisms for AI systems, including frameworks like AI assurance and audits. Key topics include human involvement in oversight (in, on, or out of the loop) and the Three Lines of Defense (3LOD) model for managing and mitigating AI risks.
This lecture covers testing strategies for AI systems, such as bias detection, robustness, and adversarial testing. Documentation practices include maintaining model cards, counterfactual explanations, and risk tracking to meet compliance and improve accountability.
This lecture highlights tools for evaluating AI models, including model cards, benchmarks, and datasheets for datasets. These tools improve transparency, assess model performance, and document data motivations, collection processes, and recommended uses.
This lecture covers conformity assessments (CAs) and Data Protection Impact Assessments (DPIAs). CAs verify compliance with regulations like the EU AI Act for high-risk systems, while DPIAs manage data-related risks under GDPR. Topics include risk management, transparency, and their complementary roles.
This lecture explores testing methods, including repeatability assessments (ensuring consistent results) and adversarial testing (simulating malicious inputs). It discusses threat modeling, trust trade-offs, and tools like the OWASP ML Security Top 10.
This lecture emphasizes creating comprehensive documents for stakeholders, including business use cases, project plans, model cards, and acceptable use policies. It discusses how to improve transparency and usability through UI copy, datasheets, and compliance documentation for regulators and consumers.
This lecture introduces TEVV as a structured approach to assessing AI systems across technical, performance, and real-world dimensions. It explains the distinct goals of testing, evaluation, verification, and validation, with practical examples of each. The session emphasizes continuous improvement, documentation, and alignment with business, regulatory, and stakeholder requirements.
Dr. David invites students to leave five star reviews, explaining how this feedback boosts course visibility in the algorithm on Udemy and Google, supports the community, and funds more content.
This lecture explores essential questions and updates to policies before AI deployment. It emphasizes a risk-based approach, holistic policy frameworks, and understanding laws applicable to ADM and frontier models. Policies should address procurement and compliance comprehensively.
This lecture covers the deployment phase of the AI development lifecycle, focusing on how models are moved into operational environments. It examines environment options such as cloud, on-premise, and edge deployment, along with packaging, accessibility, and collaboration with engineering teams. Special attention is given to generative AI considerations, documentation, user feedback, and ongoing compliance.
This lecture introduces agentic AI systems that operate with a high degree of autonomy. It explains how AI agents are deployed, the infrastructure they require, and the unique risks they introduce. The session reviews agent-specific risk models, governance frameworks, and best practices such as human oversight, kill switches, and safeguards against emergent behavior.
This lecture examines proprietary models, highlighting their closed nature and confidentiality. Deployment challenges include transparency, ownership of outputs, liability for high-risk applications, and handling data breaches. It emphasizes clear licensing agreements to mitigate risks.
This lecture addresses managing risks when adopting third-party AI systems. It categorizes products into integrated tools and commercial off-the-shelf (COTS) solutions. Topics include assessing visibility challenges, reviewing vendor documentation, and limiting liability through clear policies.
This lecture details elements to evaluate in third-party agreements, including product category, data usage, technical specifications, and security. It emphasizes assessing bias, fairness, and monitoring policies while ensuring alignment with third-party safety plans and incident responses.
This lecture focuses on activities required once an AI system is live. It covers continuous monitoring for performance, reliability, and safety, along with assessment methods such as audits, red teaming, challenger models, stress testing, and threat modeling. The goal is to detect drift, vulnerabilities, and emerging risks while supporting ongoing improvement.
This lecture provides an overview of incident response in AI systems, including categories of failure, model decay, and cybersecurity threats like data poisoning and adversarial attacks. It emphasizes proactive monitoring, recalibration, and robust incident management policies.
This lecture outlines the six stages of AI incident response: preparation, identification, containment, eradication, recovery, and lessons learned. It emphasizes creating policies, defining roles, conducting training, and maintaining comprehensive documentation to manage incidents effectively.
This lecture discusses the importance of public disclosure in AI systems, including sector-specific, jurisdiction-specific, system-specific, and rights-specific notices. Topics include user engagement, opt-out options, and compliance with laws like GDPR and FTC guidelines.
This lecture examines mechanisms for ensuring AI compliance and accountability. Topics include manual and automated audits, governance automation, and accountability measures to enhance trust and transparency. Tools like AI Verify and OECD’s Model Card Regulatory Check are introduced.
This lecture covers post-deployment AI management and monitoring, including risk scoring, continuous evaluation, and incident response. Techniques like red teaming, challenger models, and bug bounties are discussed to maintain system reliability and address downstream consequences.
This lecture addresses how to responsibly retire AI systems. It examines residual risk management, documentation, stakeholder communication, and third-party obligations. The session also introduces decommissioning checklists to ensure data, models, infrastructure, and legal requirements are properly handled, preserving accountability and institutional knowledge.
This lecture explores important machine learning terms including active learning, bootstrap aggregating (bagging), entropy, greedy algorithms, random forest, and variance. These concepts are foundational for understanding data processing, optimization, and model performance in machine learning.
This lecture introduces additional key concepts such as adaptive learning, prompts, prompt engineering, retrieval-augmented generation (RAG), synthetic data, system cards, and watermarking. These terms are vital for grasping the complexities of AI interaction, data generation, and output verification.
* Fully updated and comprehensive coverage of version 2.1 of the AIGP Body of Knowledge (July 2026). *
Welcome to the AIGP Certification Masterclass. My name is Dr. Kyle David. I'm here to help you pass your AIGP certification exam.
Getting your AIGP certification is an excellent career move.
The AIGP certification is the gold standard for AI governance.
The average salary for AI governance professionals is USD $182,000 (IAPP, 2025).
Employees with AI skills enjoy a 56% wage premium (PwC, 2025).
100% of industries are increasing AI usage (PwC, 2025).
Over 1,200 regulations and policy initiatives worldwide are requiring that organizations master AI risk (OECD).
This AIGP course covers all 4 domains in comprehensive detail. The 4 domains are:
Understanding the foundations of AI governance
Understanding how laws, standards, and frameworks apply to AI
Understanding how to govern AI development
Understanding how to govern AI deployment and use
This course includes:
19+ hours of AIGP video lectures. Comprehensive coverage of all 4 domains.
400 scenario-based practice questions. Test your comprehension as you progress through the course.
Free downloadable AIGP study guides. Made from my lecture slides.
Access to Dr. David's Discord channel: To get live support from me and others as you prepare for the AIGP exam.
AIGP Mnemonics. To help you remember key details for the exam.
An automatic certificate of completion. To flex on your friends, family, and colleagues.
30-day no questions asked, money-back guarantee.
Offline video viewing on the Udemy mobile app.
Start your AIGP certification journey today and let me help YOU get certified!