Responsible AI Glossary

Definitions of key responsible AI, AI governance, and EU AI Act terms. Search the glossary to find your concept.

Sort by
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Biometric Categorization

Classifying individuals based on biometric data into categories such as race, gender, or political opinion; restricted under the EU AI Act.

Traceability

Ability to reconstruct and follow an AI system's decisions, data, and actions back to their sources — models, datasets, prompts, and human approvals — a prerequisite for accountability, debugging, and audits, and an especially acute challenge for autonomous agents.

Watermarking

Embedding detectable markers in AI-generated content to indicate its synthetic origin.

AI Actor

Any entity involved in an AI system's lifecycle: designer, developer, deployer, operator, evaluator (NIST AI RMF terminology).

Adversarial Example

Input deliberately crafted to cause a model to make a mistake (OWASP ML Top 10).

Indirect Prompt Injection

Attack where malicious instructions are embedded in third-party content later processed by an LLM.

Chief AI Officer (CAIO)

Emerging executive role responsible for enterprise AI strategy, ethics, and governance.

Conformity Assessment

Process of verifying that a high-risk AI system meets applicable EU AI Act requirements before market placement.

Further resources →

AI Governance Operating Model

The set of ongoing functions, processes, and structures that operationalize AI governance day-to-day — typically spanning use-case management, risk and compliance management, third-party management, security, data governance, and incident management.

Further resources →

AI Regulatory Sandbox

Controlled environment allowing testing of innovative AI systems under regulatory supervision before market entry (EU AI Act Art. 57–63).

Responsible AI

Umbrella practice of designing, developing, and deploying AI in ways that are ethical, safe, fair, and accountable.

Further resources →

Model Validation

Independent testing confirming a model performs as intended and within acceptable risk limits.

Guardrails

Technical or procedural controls constraining an AI system's outputs or actions within acceptable bounds.

Mechanistic Interpretability

Research field aiming to reverse-engineer neural network internals into human-understandable algorithms.

Data Lineage

Traceable record of data's origin, movement, and transformations through a system.

Runtime Enforcement / Runtime Monitoring

Continuous, real-time monitoring and constraint of a deployed AI system or agent to keep it within approved boundaries — checking permissions, tool usage, and behavior at runtime and flagging or blocking scope violations before they become incidents.

AI Governance Committee

Cross-functional body that steers an organization's AI governance program — bringing together stakeholders such as legal, security, data protection, risk, and technical teams to set direction, prioritize, and oversee decisions (broader in remit than an AI ethics board).

Whistleblowing / Non-Retaliation Policy

Governance mechanism protecting individuals who report AI-related misconduct or risk.

Sensitive Information Disclosure

Risk of models leaking confidential or personal data through outputs.

Harmonised Standard

European standard, once adopted, that provides a presumption of conformity with EU AI Act requirements.

Scalable Oversight

Research problem of supervising AI systems whose capabilities exceed a human evaluator's own.

Compliance Management

Core AI governance function of ensuring AI systems and processes meet applicable legal, regulatory, and framework requirements on an ongoing basis – a key pillar of the AI governance operating model and a subset of GRC.

Further resources →

RoPA (Records of Processing Activities)

GDPR-mandated inventory documenting how personal data is processed (purposes, data categories, recipients, safeguards); in AI governance it complements the AI registry and DPIAs for data-driven systems.

Governance, Risk, and Compliance (GRC)

Integrated approach to organizational governance, risk management, and regulatory compliance.

Model Drift

Degradation of model performance over time as real-world data diverges from training data.

Accountability

Principle that organizations and individuals must be answerable for the outcomes of AI systems they design, develop, or deploy (OECD, NIST AI RMF).

Backdoor Attack / Trojan Attack

Attack that implants a hidden trigger during training so a model behaves normally until a specific input activates malicious behavior.

AI Use Case Management

The ongoing practice of identifying, collecting, mapping, and governing an organization's AI use cases across their lifecycle — the foundation for inventory, risk classification, and EU AI Act compliance.

Further resources →

ISO/IEC 27001

International standard for information security management systems (ISMS); in AI governance it underpins the security of data and models and is often pursued alongside ISO/IEC 42001.

AI Intake / Intake Form

Structured mechanism (e.g., forms sent to teams) for discovering and registering AI systems and use cases across an organization, including surfacing shadow AI – the entry point that feeds the AI inventory.

Further resources →

Jailbreaking

Technique for bypassing an AI model's safety controls to elicit prohibited content or behavior.

GPAI Model with Systemic Risk

GPAI model meeting a high-impact capability threshold, subject to additional EU AI Act obligations (Art. 51–55).

Prompt Leaking

Attack that extracts a system's hidden prompt, instructions, or confidential context through crafted user input.

Scope Violation / Scope Management

Practice of defining, monitoring, and enforcing the boundaries of what an AI agent may do (the tools, data, and actions within its remit), and detecting scope violations where an agent exceeds those permissions.

Sociotechnical System

Framing of AI systems as inseparable combinations of technology, people, and organizational context.

Data Governance

Policies and controls managing the availability, integrity, security, and usability of data used in AI systems.

Privacy by Design

Principle of embedding privacy protections into system architecture from the outset rather than retrofitting.

AI Use Case Risk Tiering

Classifying AI applications (e.g., low, limited, high, unacceptable risk) to determine applicable controls.

Human Oversight

EU AI Act requirement (Art. 14) that high-risk AI systems be designed to allow effective human supervision.

AI Literacy

Skills, knowledge, and understanding enabling providers, deployers, and users to make informed decisions about AI (explicit EU AI Act obligation, Art. 4).

Further resources →

Control

A policy, process, or technical safeguard put in place to manage a specific risk to an acceptable level; the basic building block of any GRC program.

Control Gap Analysis

Structured comparison of the controls an AI system currently has against those required by a chosen framework or regulation, surfacing missing or insufficient safeguards to remediate.

CE Marking

Conformity marking indicating a high-risk AI system meets EU AI Act requirements.

Misinformation / Disinformation

Category in the MIT AI Risk Repository covering AI-generated false or misleading content, distinguishing unintentional (mis-) from intentional (dis-) spread.

AI Act (EU AI Act)

Regulation (EU) 2024/1689 establishing harmonised rules on AI in the EU, using a risk-based, tiered approach.

Further resources →

General-Purpose AI (GPAI) Model

EU AI Act category for models displaying significant generality and capable of competently performing a wide range of tasks.

Shadow AI

Unauthorized or unsanctioned use of AI tools within an organization, outside governance oversight.

Further resources →

Algorithmic Impact Assessment (AIA)

Structured evaluation of the potential effects of an algorithmic system before/during deployment.

Disparate Impact

Discrimination that occurs when a facially neutral policy disproportionately harms a protected group.

Transparency Obligations (AI-Generated Content)

EU AI Act Art. 50 requirements to disclose AI-generated or manipulated content (e.g., deepfakes) to users.

Real-Time Remote Biometric Identification

Live biometric identification in public spaces by law enforcement; heavily restricted under the EU AI Act.

Supply Chain Vulnerability

Risk arising from compromised third-party models, data, or plugins.

Further resources →

GDPR (General Data Protection Regulation)

EU regulation governing the processing of personal data; it underpins many AI governance obligations (lawful basis, data minimization, automated-decision rights) and frequently intersects with AI-specific requirements like DPIAs and profiling limits.

Reinforcement Learning from Human Feedback (RLHF)

Training technique that fine-tunes models using human preference judgments.

Model Tampering

Unauthorized modification of a model's weights, architecture, or configuration after training, whether via supply chain compromise or insider action.

Concept Drift

Change in the statistical relationship between model inputs and outputs over time, degrading performance.

Social Scoring

Prohibited EU AI Act practice of evaluating individuals based on behavior/characteristics leading to unjustified detrimental treatment.

Prompt Injection

Risk that occurs when an adversary manipulates model behavior via crafted input that overrides intended instructions.

Distributor (EU AI Act)

Entity in the supply chain, other than provider or importer, that makes an AI system available on the market.

Model Extraction / Theft / Model Stealing

Attack that reconstructs or steals a proprietary model's functionality or parameters via repeated queries against its API.

AI Governance Framework

Structured foundation of standards, requirements, and best practices an organization adopts and adapts to govern AI – often built on established frameworks (e.g., NIST AI RMF, ISO/IEC 42001) plus legal obligations and industry practices.

Further resources →

OECD AI Principles

Intergovernmental standards (2019) for trustworthy AI: inclusive growth, human-centered values, transparency, robustness, and accountability.

Model Inversion Attack

Attack that reconstructs training data or sensitive attributes from a model's outputs.

Privacy-Enhancing Technology (PET)

Technical tool (e.g., differential privacy, federated learning) that reduces privacy risk in data processing.

Agent Registry

Specialized inventory of an organization's AI agents recording each agent's configuration, permissions, connected tools, and risk classification — extending the AI registry concept to autonomous systems that get deployed quickly and at scale.

Further resources →

Copyright / IP Infringement

Risk that an AI system reproduces or generates content that violates third-party copyright or intellectual-property rights, via training data or model outputs — a growing responsible-AI and legal concern.

AI System Life Cycle

Stages from design and data collection through deployment, monitoring, and retirement (ISO 42001, NIST AI RMF).

Fundamental Rights Impact Assessment (FRIA)

EU AI Act–required assessment (Art. 27) of a high-risk AI system's impact on fundamental rights, for certain deployers.

AI Management System (AIMS)

Formal system of policies and processes for governing AI per ISO/IEC 42001.

Third-Party Risk Management (TPRM)

Process of assessing and monitoring risks introduced by vendors, suppliers, or AI model providers.

Further resources →

Hallucination

Model-generated output that is factually incorrect or fabricated but presented as if true.

AI Policy

Formal internal document that sets the rules, principles, roles, and responsibilities for how an organization develops, procures, and uses AI — the practical formalization of an AI governance program that makes guidelines actionable for employees.

Further resources →

Overreliance

Risk of users trusting AI outputs without sufficient verification or oversight.

AI Governance

The overarching structures, policies, roles, and processes by which organizations direct, manage, oversee, and hold accountable the design, development, procurement, and use of AI — the umbrella discipline covering AI risk management, ethics, safety, and compliance.

Further resources →

Data Drift

Change in the statistical distribution of input data over time relative to training data, a common cause of model performance decay (distinct from concept drift, which is a change in input-output relationships).

Serious Incident

EU AI Act–defined event (Art. 3(49)) involving death, serious harm, infrastructure disruption, or fundamental rights infringement linked to an AI system, triggering mandatory reporting.

Automated Decision-Making (ADM)

Decisions made by an AI system with little or no human involvement, often subject to explanation/opt-out rights (cf. GDPR Art. 22).

PDCA Cycle (Plan-Do-Check-Act)

Continual improvement cycle underlying ISO management system standards, including ISO 42001.

Audit Trail

Tamper-evident, chronological record of the actions, decisions, and changes across an AI system's governance lifecycle (who did what, when), enabling accountability, review, and evidence for internal and external audits.

Risk Appetite

Level and type of risk an organization is willing to accept in pursuit of its objectives.

Control Assessment / Control Effectiveness

Evaluation of whether a control has been implemented and is actually working to mitigate the AI risk it targets; increasingly automated by analyzing connected sources and evidence to judge effectiveness.

Further resources →

Importer (EU AI Act)

Entity established in the EU that places on the market an AI system from a non-EU provider.

System Card

Documentation, similar to a model card, describing an AI system's overall behavior, safeguards, and limitations at the product level.

Model Risk Management (MRM)

Discipline (rooted in financial services, now applied to AI) governing model validation, monitoring, and controls.

Provider (EU AI Act)

Entity that develops an AI system/GPAI model and places it on the market under its own name.

Risk Tolerance

Acceptable variation around risk appetite for specific objectives or risk types (NIST AI RMF term).

Evaluation (Model Eval)

Structured testing of a model's capabilities, safety properties, or risks against benchmarks.

Data Poisoning

Attack that corrupts training data to manipulate model behavior (OWASP LLM/ML Top 10).

Bias Mitigation

Techniques applied to data, models, or processes to reduce unfair bias in AI outcomes.

Data Protection Impact Assessment (DPIA)

GDPR-mandated assessment of privacy risks for high-risk processing activities, often paired with AI risk assessments.

Vendor Assessment / Third-Party AI

Structured evaluation of a third-party AI product or provider against your security, privacy, and risk policies — reviewing documentation, questionnaires, and evidence — to decide whether an external AI system meets your standards before adoption.

Further resources →

Notified Body

Independent organization designated to assess conformity of certain high-risk AI systems under the EU AI Act.

Equalized Odds

Fairness metric requiring equal true-positive and false-positive rates across groups.

Model Denial of Service

Risk of resource-exhaustion attacks against a hosted model.

Technical Documentation

Required EU AI Act records (Annex IV) describing a high-risk AI system's design, purpose, and risk controls.

Further resources →

Three Lines of Defense

GRC model separating operational management, risk/compliance oversight, and independent audit functions.

Model Card

Standardized document describing a model's intended use, performance, limitations, and evaluation results.

Further resources →

Red Teaming

Adversarial testing exercise simulating attacks or misuse to uncover a system's vulnerabilities.

MCP Gateway

Control point that mediates and monitors the tools, data, and systems an AI agent can reach via the Model Context Protocol (MCP), enforcing permission boundaries and flagging out-of-scope actions before they occur.

AI Office

EU body responsible for AI Act implementation, particularly oversight of general-purpose AI models.

Cookies
By clicking “Yes”, you agree to the storing of cookies on your device to enhance site navigation, and to improve our marketing. View our Privacy Policy for more information.