IAPPAIGP4 domains

AIGP Exam Notes

Last-minute traps, must-know facts, and scenario tips for the IAPP Artificial Intelligence Governance Professional exam.

General Exam Tips

1.Read the question stem BEFORE reading the full scenario — identify what role, framework, and lifecycle stage are in play before absorbing scenario details designed to distract.
2.Apply the Role-Framework-Lifecycle triad: identify (1) who is acting (provider, deployer, importer), (2) which framework governs (EU AI Act, NIST AI RMF, ISO 42001), and (3) what lifecycle stage is in scope. The answer only makes sense at their intersection.
3.Multi-select questions require ALL correct answers — no partial credit. When you see 'select all that apply,' eliminate wrong answers first rather than hunting for right ones.
4.Eliminate by exception: on scenario questions with four plausible answers, find the option that contradicts a governance principle (deploying without documentation, skipping assessment, proceeding without oversight) — that is always wrong.
5.The 15-minute optional break is after question 50. Questions answered before the break CANNOT be revisited. Plan your first-pass strategy before you start.
6.Target ~90 seconds per question on first pass. Flag anything requiring more thought. Case study sets share a scenario — read the scenario once, answer all related questions, then flag the hardest for review.
7.Never leave a question unanswered — no penalty for guessing. If stuck, eliminate two options and guess between the remaining two.
8.The 15 unscored pilot questions are invisible — treat every question as scored. Do not try to identify which questions are pilots.
9.Domain IV (Governing Deployment and Use) is the most under-prepared domain — it carries 27% of the exam. If you studied lightly on monitoring, drift detection, and incident response, that is your biggest risk.
10.When the exam asks about 'best' or 'most appropriate' action, think governance-first: the answer that prioritizes documentation, assessment, stakeholder notification, or halting for review almost always beats answers that proceed without oversight.

Quick Navigation

Understanding the Foundations of AI Governance Understanding How Laws, Standards, and Frameworks Apply to AI Understanding How to Govern AI Development Understanding How to Govern AI Deployment and Use

Domain 121% of exam

Understanding the Foundations of AI Governance

Must-Know Facts

All seven NIST Trustworthy AI characteristics: Valid and Reliable, Safe, Secure and Resilient, Accountable and Transparent, Explainable and Interpretable, Privacy-Enhanced, Fair with Harmful Bias Managed.
Governance scope in v2.1 is 'AI systems,' not 'AI models' — this change is testable. Supply chain, data pipelines, downstream uses, and infrastructure are all in scope.
Three tiers of AI governance concepts with distinct meanings: Ethical AI (moral principles), Responsible AI (operational framework with accountability and governance processes), Trustworthy AI (systems meeting technical and governance standards). Each is a different level of abstraction.
Third-party risk management is a Domain I topic, not just Domain IV. Vendor assessment, contract clauses, and supply chain governance belong to foundational governance.
The exam tests value creation AND risk — governance is not just about preventing harm, it is also about enabling the organization to realize AI value safely.
AI governance roles: AI Governance Officer = develops policy; Responsible AI Program Manager = operationalizes policy; AI Risk Analyst = identifies and assesses risks. These roles are complementary, not interchangeable.
IP and data governance policy updates are foundational governance obligations (Domain I, competency I.C.2). Organizations must evaluate and update these policies for AI.
AI lifecycle stages: problem definition, data collection/preparation, model development/training, testing/validation, release readiness/go-no-go, deployment, post-deployment monitoring, and decommissioning.

Common Traps

TrapChoosing 'Commercially Viable' or 'Tested and Effective' as a NIST Trustworthy AI characteristic

RealityNeither is one of the seven NIST characteristics. The exam creates plausible-sounding distractors. The actual seven are specific — memorize them verbatim.

TrapTreating governance scope as only the ML model

Realityv2.1 explicitly expanded scope to entire AI systems, including data pipelines, infrastructure, third-party components, and downstream uses. Questions about vendor supply chain or deployment infrastructure are still Domain I governance questions.

TrapEquating Responsible AI with Ethical AI

RealityEthical AI is about moral principles and values (theory). Responsible AI is the broader operational framework that includes accountability structures, governance processes, and measurable organizational commitments. If the scenario involves implementing governance processes, the answer is Responsible AI.

TrapTreating AI governance as a one-time setup activity

RealityGovernance is an ongoing program requiring continuous improvement, cross-functional collaboration, and regular review. Questions about governance maintenance, updating policies, and monitoring effectiveness belong here.

TrapAssuming Domain I is easy because it covers fundamentals

RealityDomain I terminology is the vocabulary for Domains III and IV. Candidates who treat it superficially struggle with lifecycle governance questions later. The NIST Trustworthy AI characteristics, governance roles, and lifecycle stage mapping all reappear in scenario questions.

Confusing Pairs

Ethical AIResponsible AITrustworthy AI

Ethical AI = moral principles (theory). Responsible AI = operational framework that operationalizes ethics into processes and accountability. Trustworthy AI = the outcome — AI systems that actually meet technical and governance standards. They are nested: Trustworthy is the standard, Responsible is how you get there, Ethical is the principle behind it.

AI Governance OfficerResponsible AI Program Manager

AI Governance Officer = sets policy and oversees the governance program. Responsible AI Program Manager = leads implementation and coordinates cross-functional teams to execute that policy. The Officer defines what; the Manager executes how.

Data ProvenanceData Lineage

Data Provenance = complete history including origin, custody chain, and all transformations — broader and more comprehensive. Data Lineage = tracking data movement and transformation through the pipeline — a subset of provenance focused on the transformation chain.

Scenario Tips

If the question asks about:

When the question describes a vendor updating their AI model without notifying the deploying organization, causing unexpected output changes...

Answer:

The answer addresses third-party AI risk management and supply chain governance — contractual controls, change notification requirements, and audit rights are the governance gap.

Distractor to avoid:

Answers about differential privacy or conformity assessment sound technical and plausible but address the wrong gap. The problem is governance of the vendor relationship, not a privacy or compliance technique.

If the question asks about:

When the question asks which governance concept the organization should implement to enable AI value while managing risk...

Answer:

Responsible AI — it explicitly encompasses both value creation and risk management as an operational framework, unlike Ethical AI (only principles) or Trustworthy AI (outcome standard).

Distractor to avoid:

Ethical AI is tempting but addresses only the principles side; it does not include the operational framework for balancing value and risk.

If the question asks about:

When the question asks what expanded AI governance should cover beyond models...

Answer:

Entire AI systems including data pipelines, infrastructure, third-party components, supply chain dependencies, and downstream uses — reflecting the v2.1 shift from 'AI models' to 'AI systems.'

Distractor to avoid:

Options limiting scope to training data, evaluation metrics, or deployment environments each capture only a subset. The v2.1 answer is comprehensive system-level governance.

Last-Minute Facts

1NIST Trustworthy AI = exactly 7 characteristics. Common traps: 'Commercially Viable' and 'Tested and Effective' are NOT on the list. The actual 7: Valid and Reliable, Safe, Secure and Resilient, Accountable and Transparent, Explainable and Interpretable, Privacy-Enhanced, Fair with Harmful Bias Managed.

2Domain I = 21% of exam = approximately 16-18 scored questions. Do not under-study it — Domain I vocabulary is the foundation for all scenario questions in Domains III and IV.

3v2.1 change: 'AI models' replaced with 'AI systems' throughout — governance scope is system-level, not model-level. Questions about supply chain or infrastructure are still governance questions.

4Ethical AI / Responsible AI / Trustworthy AI are NOT interchangeable. Ethical = principles only. Responsible = operational framework with processes and accountability (broader than ethical). Trustworthy = the outcome that results from applying responsible AI. If a scenario involves governance processes or accountability structures, the answer is Responsible AI, not Ethical AI.

5Three governance roles: Governance Officer (sets POLICY), Program Manager (leads IMPLEMENTATION), Risk Analyst (identifies and assesses RISK). Exam trap: swapping Officer and Manager roles — Officer defines policy, Manager executes it.

Domain 225% of exam

Understanding How Laws, Standards, and Frameworks Apply to AI

Must-Know Facts

EU AI Act risk tiers with examples: Unacceptable/Prohibited (social scoring, subliminal manipulation, emotion recognition in workplaces/schools, untargeted facial scraping) — banned since Feb 2, 2025. High-risk (Annex III: hiring, credit scoring, critical infrastructure, biometrics, education access, law enforcement, migration). Limited (chatbots, deepfakes — transparency only). Minimal (no requirements).
Provider obligations (EU AI Act): design, technical documentation, conformity assessment, CE marking, registration in EU AI database, post-market monitoring, incident reporting.
Deployer obligations (EU AI Act): operate as intended, ensure human oversight per Article 14, monitor performance, conduct FRIAs where required, notify users of high-risk AI use.
Deployer can become a provider by: (1) putting their name/trademark on a high-risk system, (2) making substantial modifications, or (3) changing intended purpose. They then assume full provider obligations.
FRIA (Article 27): Mandatory for deployers of high-risk AI in employment, education, essential services. Completed BEFORE deployment. Must notify market surveillance authority.
GDPR Article 22: right not to be subject to SOLELY automated decisions with legal or similarly significant effects. Three legal bases: explicit consent, contractual necessity, legal authorization. Must provide meaningful information about logic and a pathway for human intervention.
GDPR Article 35 DPIA: required BEFORE high-risk processing. AI-specific factors include model error rates across demographics, disparate impact evidence, and training data quality.
NIST AI RMF four functions: GOVERN (cross-cutting policies and accountability), MAP (context and stakeholder identification), MEASURE (risk analysis and benchmarking), MANAGE (risk treatment and incident response). GOVERN infuses through all others.
ISO/IEC 42001: certifiable AI management system standard. 10 clauses, Annex A with 38 controls across 9 domains, requires Statement of Applicability.
ISO/IEC 23894: non-certifiable AI risk management guidance (companion to ISO 31000). ISO/IEC 42005: non-certifiable AI impact assessment methodology (added in v2.1, replaced NIST ARIA).
GPAI rules: standard GPAI obligations (transparency, documentation, copyright compliance). Systemic risk GPAI (>10^25 FLOPs training compute or AI Office designated): additional risk tracking, mitigation, incident reporting, cybersecurity cooperation.
South Korea AI Basic Law (effective Jan 2026): transparency/disclosure, human-in-the-loop for high-impact AI, fundamental rights impact assessments, extraterritorial application to foreign companies.
EU AI Act enforcement timeline: Prohibited — Feb 2, 2025; GPAI rules — Aug 2, 2025; High-risk standalone (Annex III) — Aug 2, 2026; High-risk embedded (Annex II) — Aug 2, 2028.
EU AI Act fines: Prohibited practices = EUR 35M or 7% turnover. High-risk/GPAI violations = EUR 15M or 3%. False info to authorities = EUR 7.5M or 1%.

Common Traps

TrapApplying NIST AI RMF as if it were legally enforceable

RealityNIST AI RMF is voluntary guidance with no penalties for non-adoption. EU AI Act is the legally binding regulation with fines up to 7% of turnover. If the scenario mentions legal obligations or penalties, the answer involves EU AI Act, not NIST.

TrapConfusing DPIA with FRIA

RealityDPIA = GDPR Article 35, focuses on data protection risks, obligation of the data controller. FRIA = EU AI Act Article 27, focuses on broader fundamental rights impacts, obligation of the deployer of high-risk AI. Both can be required for the same AI system simultaneously.

TrapMissing the deployer-becomes-provider transformation

RealityWhen a scenario describes an organization customizing, rebranding, or substantially modifying a high-risk AI system, they become a provider regardless of their starting role. This transformation is a top-tested trap in case study questions.

TrapTreating ISO 42001, ISO 23894, and ISO 42005 as interchangeable

RealityOnly ISO 42001 is certifiable. ISO 23894 (risk management guidance) and ISO 42005 (impact assessment methodology) are guidance documents — organizations cannot be certified against them.

TrapStudying from pre-v2.1 materials that reference NIST ARIA

RealityNIST ARIA was REMOVED from the v2.1 Body of Knowledge. ISO 42005 replaced it. If your practice materials reference ARIA as testable, they are outdated.

TrapAssuming a third-party bias audit is required under the EU AI Act

RealityThird-party bias audits are required by NYC Local Law 144 for automated employment decision tools. The EU AI Act does NOT mandate third-party bias audits as a requirement for high-risk AI — conformity assessments serve a different compliance purpose.

TrapThinking GDPR Article 22 applies whenever AI makes a decision

RealityArticle 22 applies only to SOLELY automated decisions with LEGAL or SIMILARLY SIGNIFICANT effects. If a human meaningfully reviews the decision before it takes effect, Article 22 does not apply. The word 'solely' is critical.

TrapConfusing the EU AI Act general customer service chatbot with high-risk AI

RealityA standard customer service chatbot is limited-risk under the EU AI Act — transparency obligation only (must disclose AI identity). It is NOT high-risk unless it meets specific Annex III criteria. Categorizing chatbots as high-risk is a common wrong answer.

Confusing Pairs

DPIA (GDPR Article 35)FRIA (EU AI Act Article 27)

DPIA = data protection risk assessment, required by GDPR controller before high-risk processing, focuses on personal data risks. FRIA = fundamental rights impact assessment, required by EU AI Act deployer before deploying high-risk AI in employment/education/services, covers broader rights (non-discrimination, human dignity). Same AI system may require both. If the question cites GDPR, answer DPIA. If it cites EU AI Act and fundamental rights of affected individuals, answer FRIA.

Provider (EU AI Act)Deployer (EU AI Act)

Provider = develops or places AI on the market = design + technical documentation + conformity assessment + CE marking + post-market monitoring. Deployer = uses AI under own authority = operate as intended + human oversight + monitoring + FRIAs. Key trap: a deployer who substantially modifies or rebrands a high-risk system becomes a provider.

NIST AI RMFEU AI Act

NIST AI RMF = voluntary guidance, no penalties, structured methodology (GOVERN/MAP/MEASURE/MANAGE). EU AI Act = legally binding regulation, fines up to 7% turnover, mandatory timelines. Organizations use NIST operationally to satisfy EU AI Act requirements — they are complementary, not competing.

ISO/IEC 42001ISO/IEC 23894ISO/IEC 42005

42001 = certifiable AI management system (Statement of Applicability required). 23894 = non-certifiable AI risk management guidance (companion to ISO 31000). 42005 = non-certifiable AI impact assessment methodology (added v2.1). If the question asks about certification or Annex A controls, 42001. If risk management process guidance, 23894. If impact assessment methodology, 42005.

Conformity Assessment (EU AI Act)FRIA (EU AI Act)

Conformity Assessment = provider obligation, verifies the AI system meets legal requirements BEFORE market placement, one-time pre-market gate. FRIA = deployer obligation, assesses fundamental rights impacts on people before deployment in specific high-risk domains. Different actors, different timing, different purpose.

GPAI Standard ObligationsGPAI Systemic Risk Obligations

All GPAI providers: technical documentation + downstream transparency + EU copyright compliance + training data summary. SYSTEMIC RISK GPAI (>10^25 FLOPs or AI Office designation): additional state-of-the-art evaluation + risk mitigation + serious incident reporting + cybersecurity cooperation with AI Office. Systemic risk is not solely about model size.

Scenario Tips

If the question asks about:

When a European bank deploys a third-party AI system that automatically denies loan applications with no human review or explanation...

Answer:

Both GDPR Article 22 (solely automated decision with legal effect, no human intervention pathway) AND EU AI Act Article 14 (human oversight requirement for high-risk AI, credit scoring = Annex III) are violated simultaneously.

Distractor to avoid:

Answers citing only one regulation miss the dual-framework violation. ISO 42001 violation is wrong because it is a voluntary standard, not a legal obligation.

If the question asks about:

When a company deploying high-risk AI in hiring wants to become certified against an AI governance standard...

Answer:

ISO/IEC 42001 — it is the only certifiable AI management system standard. Requires Statement of Applicability documenting which of the 38 Annex A controls apply.

Distractor to avoid:

NIST AI RMF is widely adopted but not certifiable. ISO 23894 and ISO 42005 are guidance documents that cannot be certified against.

If the question asks about:

When an EU company buys a US AI vendor's model and puts their own brand name on it before deploying in the EU market...

Answer:

The EU company has become a provider by placing its name/trademark on the system — they now bear full provider obligations including conformity assessment, CE marking, technical documentation, and post-market monitoring.

Distractor to avoid:

Treating the company as a deployer misses the role transformation triggered by rebranding. This is one of the most-tested EU AI Act traps.

If the question asks about:

When the question asks which framework is appropriate for voluntary AI risk management without legal compliance requirements...

Answer:

NIST AI RMF — it is voluntary guidance with no enforcement mechanism. Organizations choose it for its structured methodology, not legal obligation.

Distractor to avoid:

EU AI Act is mandatory, not voluntary. ISO 42001 creates a certifiable standard with audit requirements — not purely voluntary risk management.

Last-Minute Facts

1EU AI Act prohibition enforcement: February 2, 2025 (social scoring, emotion recognition in workplaces, etc. are already banned).

2GPAI rules effective: August 2, 2025.

3High-risk standalone AI (Annex III): compliance by August 2, 2026.

4High-risk embedded in regulated products (Annex II): compliance by August 2, 2028.

5EU AI Act fines: 7%/35M (prohibited), 3%/15M (high-risk/GPAI), 1%/7.5M (false info). For large companies: always 'whichever is higher.' For SMEs and startups (Article 99(6)): always 'whichever is lower' — the SME exception is the reverse rule.

6GPAI systemic risk threshold: >10^25 FLOPs training compute OR AI Office designation.

7ISO 42001 Annex A: exactly 38 controls across 9 control domains. Statement of Applicability is REQUIRED — it records which controls apply and justifies any exclusions. Trap: ISO 23894 and ISO 42005 have no equivalent certifiable structure — you cannot be audited against them.

8South Korea AI Basic Law: effective January 2026, extraterritorial reach, fines up to KRW 30 million.

9Colorado original AI Act (SB 24-205): REPEALED May 2026. Replacement (SB 26-189) is narrower, transparency-focused, effective January 2027.

10GDPR Article 22 trigger words: 'solely automated' + 'legal or similarly significant effects.' Missing either word means Article 22 may not apply.

11FRIA (Article 27): must be completed BEFORE deployment, not after. Must notify the market surveillance authority.

12NIST AI RMF GOVERN function: cross-cuts ALL other functions — it is not a sequential step.

Domain 327% of exam

Understanding How to Govern AI Development

Must-Know Facts

Model cards document: model purpose, training data description, evaluation metrics and results, performance across demographic groups, known limitations, intended and out-of-scope uses, ethical considerations. Created during development, updated throughout lifecycle.
Datasheets for datasets document: dataset motivation, composition, collection process, preprocessing, intended uses, distribution, maintenance plan, known biases, and limitations. Created when dataset is finalized.
Bias mitigation timing: Pre-processing (modify training data — rebalancing, removing proxy variables). In-processing (modify training algorithm — add fairness constraints). Post-processing (adjust model outputs to satisfy fairness criteria). Each has different accuracy trade-offs.
Fairness impossibility theorem: You CANNOT simultaneously satisfy demographic parity, equalized odds, and calibration except in trivial cases. The exam tests which criterion to apply given the context, not just definitions.
Demographic parity = equal positive outcome rates across groups regardless of qualifications. Equalized odds = equal TPR AND FPR across groups. Equal opportunity = equal TPR only. Disparate impact = 80% rule (protected group rate / majority rate must be >= 0.8). Calibration = consistent probability accuracy across groups.
Red teaming is pre-deployment testing that must occur BEFORE the go/no-go decision. It tests for vulnerabilities, biases, harmful outputs, safety failures, and adversarial robustness.
Go/no-go decision gates require: completed risk assessment, documentation review (model cards, datasheets, impact assessment), fairness testing results, security/red team results, stakeholder sign-offs, and identified halt conditions.
Data governance for AI: provenance (where data came from), lineage (how it was transformed), quality standards, demographic representativeness, labeling accuracy.
Feature engineering governance: using protected attributes or proxies for protected attributes as features introduces discrimination risk even when intent is neutral.
Shadow deployment vs. A/B testing: Shadow = new model runs in parallel with NO user impact (outputs logged only). A/B = real subset of users see the new model (actual user impact). The governance implications differ significantly.
Microsoft RAI Template is a key reference for AI Impact Assessments — know what it covers.

Common Traps

TrapStudying ethics as theory rather than operational implementation

RealityDomain III tests HOW to operationalize ethical principles into controls, documentation, and processes. Questions ask what to DO, not what the principles mean. A candidate who can state fairness principles but cannot identify which bias mitigation stage to use will fail these questions.

TrapAssuming model cards and datasheets are optional documentation

RealityThey are governance requirements with specific content and timing in the AI lifecycle. Model cards describe the MODEL (purpose, metrics, limitations). Datasheets describe the DATA (collection, biases, intended uses). The exam tests which artifact addresses which concern.

TrapTreating red teaming as something done after deployment

RealityRed teaming is a pre-deployment governance activity. It must occur BEFORE the go/no-go deployment decision. Post-deployment monitoring is a separate Domain IV activity.

TrapSelecting one fairness metric as universally correct for any scenario

RealityFairness metrics are mathematically incompatible — you must choose based on context and stakes. Demographic parity can lead to under-selecting qualified candidates; equalized odds may still allow significant outcome disparities if base rates differ. The exam rewards contextual judgment, not metric memorization.

TrapConfusing Shadow Deployment with A/B Testing

RealityShadow deployment has ZERO user impact — it is purely for internal comparison. A/B testing DOES affect a real subset of users. If a question specifies 'no user impact,' the answer is shadow deployment, not A/B testing.

Confusing Pairs

Model CardsDatasheets for Datasets

Model Cards describe the MODEL: purpose, training data, evaluation metrics, demographic performance, limitations, intended uses. Datasheets describe the DATASET: motivation, collection methodology, composition, biases, intended uses, maintenance plan. If the question asks about documenting model performance across groups, answer is Model Card. If it asks about documenting data collection methods or known biases in training data, answer is Datasheet.

Pre-processing Bias MitigationIn-processing Bias MitigationPost-processing Bias Mitigation

Pre-processing = fix training data (rebalance, remove proxies) — done before training. In-processing = add fairness constraints to the training algorithm — done during training. Post-processing = adjust model outputs after prediction — done after training. Pre-processing has the earliest intervention point; post-processing has the latest and may have higher accuracy costs.

Shadow DeploymentA/B Testing

Shadow = new model runs parallel to production receiving same inputs, outputs logged but NOT served to users — zero user impact. A/B = real subset of users receive outputs from the new model — actual user impact. When the requirement is 'no user impact,' the answer is shadow deployment.

Demographic ParityEqualized Odds

Demographic Parity = equal positive prediction rates regardless of actual qualifications — does not condition on ground truth. Equalized Odds = equal TPR AND FPR across groups — conditions on actual outcome. If groups have different base rates, you cannot satisfy both simultaneously. Equalized odds is more appropriate when qualified individuals must not be systematically disadvantaged. Demographic parity is more appropriate when equal representation is the goal.

ExplainabilityInterpretabilityTransparency

Explainability = WHY did the model make THIS specific decision (post-hoc, individual prediction). Interpretability = HOW does the model work in general (inherent property, model-level). Transparency = HOW was the model created (documentation of process, data, and logic). Test: loan denial → explainability. Lending model's decision process → interpretability. Documentation of training methodology → transparency.

Scenario Tips

If the question asks about:

When the question asks what documentation an AI governance board should require before approving model deployment...

Answer:

Model cards + datasheets for datasets + AI impact assessment results + fairness testing evidence + red teaming results + stakeholder sign-offs. All are required for a complete go/no-go governance gate.

Distractor to avoid:

Accuracy metrics alone, source code alone, or a business case alone each fail to provide the governance documentation required. The exam rewards comprehensive documentation, not technical artifacts in isolation.

If the question asks about:

When a hiring AI system shows a 60% positive rate for Group A and 85% for Group B, and an analyst recommends enforcing demographic parity...

Answer:

Raise the concern that fairness metrics are mathematically incompatible — enforcing demographic parity when groups have different qualification base rates may conflict with equalized odds or cause discrimination in the opposite direction. The governance action is to deliberately choose the appropriate fairness criterion for the context.

Distractor to avoid:

Answers that say demographic parity is always correct, or that the model must be discarded entirely because of any bias, fail to engage with the incompatibility of fairness definitions.

If the question asks about:

When red teaming finds the model fails to detect harmful content for a specific minority language group before deployment...

Answer:

Document the limitation in the model card, halt deployment for that language group, require additional representative training data and re-testing before expanding coverage.

Distractor to avoid:

Deploying with the known gap, removing the language entirely, or proceeding because the majority of users are unaffected are all governance failures. The correct answer always addresses the gap rather than ignoring or circumventing it.

If the question asks about:

When the question asks how to train a model on distributed data across hospitals without centralizing patient records...

Answer:

Federated learning — training occurs locally at each hospital, only model updates (gradients) are shared, raw data never leaves the local device.

Distractor to avoid:

Differential privacy alone does not solve the data centralization problem — it adds noise to prevent inference but does not eliminate the need to share data. FL + DP combined addresses both concerns.

Last-Minute Facts

1Domain III = 27% of exam = approximately 22-24 scored questions.

2Fairness cannot be simultaneously satisfied across demographic parity, equalized odds, and calibration — this is mathematically proven. The exam will test when each is appropriate.

3Disparate impact 80% rule: protected group selection rate / majority group selection rate must be >= 0.8.

4Model card = documents the MODEL. Datasheet = documents the DATASET. Never swap these in exam answers.

5Red teaming = pre-deployment. Drift detection = post-deployment. They belong to different lifecycle stages.

6SHAP and LIME are both post-hoc EXPLAINABILITY techniques — not interpretability and not transparency. Exam trap: calling an inherently interpretable model (decision tree) 'explainable' — interpretable models do not need post-hoc explanation. SHAP = feature contribution for THIS prediction. LIME = local simplified surrogate model around THIS prediction. Both work on black-box models.

7Direct prompt injection = malicious user input. Indirect prompt injection = malicious instructions hidden in data the model retrieves (e.g., via RAG). Different attack vectors, different controls.

Domain 427% of exam

Understanding How to Govern AI Deployment and Use

Must-Know Facts

Human oversight models and TIMING: HITL (Human-in-the-Loop) = human approves BEFORE each action — appropriate for high-risk decisions (medical diagnosis, loan denial). HOTL (Human-on-the-Loop) = human monitors during operation and intervenes for exceptions — appropriate for high-volume, medium-risk operations. HIC (Human-in-Command) = human has final strategic authority over the system — applies at all risk levels for strategic decisions.
Three types of drift: Data drift = feature/label distribution shifts (input statistics change, relationship may be same). Concept drift = input-output relationship changes due to external factors while input distributions may look unchanged (hardest to detect). Model drift = overall performance degradation (umbrella term).
Concept drift is hardest to detect because input data looks normal but the underlying relationship has shifted. Example: a medical diagnosis model becomes less accurate after clinical guidelines update, even though patient data types look the same.
Retraining triggers: Threshold-based (performance KPI drops below defined level), Time-based (scheduled periodic retraining), Data volume-based (sufficient new data accumulated). Must be defined BEFORE deployment, not reactively.
Retraining is a governance event, not just a technical task. It requires re-validation, updated model documentation, impact assessment review, stakeholder communication, and potentially a new go/no-go decision.
Incident response must include: defined escalation paths, stakeholder notification with specific timeframes, regulatory reporting obligations (EU AI Act serious incident reporting for high-risk AI providers), and root cause analysis.
RAG architecture governance requirements: retrieval source quality, data freshness, relevance filtering, and preventing indirect prompt injection through retrieved documents.
Agentic AI governance (v2.1 addition): least privilege principle (minimum permissions), defined boundaries for autonomous action, accountability attribution, preventing excessive agency.
System decommissioning governance: model archival, data retention per applicable policies, stakeholder communication, transition planning for dependent processes, lessons learned documentation.
Vendor AI assessment for third-party deployment: data handling practices, model documentation quality, bias testing results, security controls, incident response processes, regulatory compliance.

Common Traps

TrapUnder-preparing for Domain IV because it comes last

RealityDomain IV equals Domain III at 27% of the exam — combined with Domain III it accounts for 54% of all questions. Candidates who focus on Domains I-III and rush through Domain IV are risking the majority of their exam score. Monitoring, drift detection, incident response, and decommissioning are high-frequency topics.

TrapSelecting HITL for any high-volume operation because it sounds most thorough

RealityHITL requiring human approval before each action is impractical at scale (thousands of transactions per second in fraud detection, for example). HOTL — autonomous operation with monitoring and exception-based human intervention — is correct for high-volume, medium-risk operations. Selecting HITL for a high-volume scenario is a classic wrong answer.

TrapTreating concept drift as data drift because performance degraded

RealityData drift = the input distribution changed. Concept drift = the input-output mapping changed even though inputs may look the same. If input statistics look normal but the model's predictions are becoming wrong, suspect concept drift. The presence or absence of changed input distributions is the key discriminator.

TrapTreating retraining as a purely technical decision

RealityRetraining is a governance event requiring documentation updates, impact assessment re-review, stakeholder sign-offs, and potentially a new go/no-go decision. Answers that treat retraining as just updating weights miss the governance dimension.

TrapThinking human oversight only needs to cover accuracy metrics

RealityProduction monitoring must cover fairness metrics, not just accuracy. A model can maintain overall accuracy while developing demographic bias over time. Fairness monitoring in production is a Domain IV governance requirement.

Confusing Pairs

HITL (Human-in-the-Loop)HOTL (Human-on-the-Loop)HIC (Human-in-Command)

HITL = approve BEFORE each individual action (high-risk decisions, medical/legal/financial individual determinations). HOTL = monitor DURING operation, intervene for exceptions only (high-volume, medium-risk, real-time operations). HIC = final strategic AUTHORITY over system direction (all risk levels, policy and strategic decisions). Key: the question word 'each decision' points to HITL; 'ongoing operations' points to HOTL; 'strategic authority' points to HIC.

Data DriftConcept DriftModel Drift

Data Drift = input feature or label distributions changed over time (detectable by monitoring input statistics). Concept Drift = the actual relationship between inputs and correct outputs changed (e.g., external regulation change) while inputs may look unchanged (only detectable by monitoring output quality). Model Drift = general performance degradation umbrella term. If input stats look normal but outputs are wrong — concept drift. If input stats also changed — data drift.

Shadow Deployment (pre-deployment)A/B Testing (deployment)Production Monitoring (post-deployment)

Shadow deployment = pre-deployment parallel run, no user impact. A/B testing = deployment stage with real user exposure split. Production monitoring = ongoing post-deployment observation. These map to different lifecycle stages and have different governance requirements.

Threshold-Based RetrainingTime-Based RetrainingData Volume-Based Retraining

Threshold-based = retrain when a performance KPI falls below a predefined acceptable level — reactive to measured degradation. Time-based = retrain on a fixed schedule regardless of performance — proactive and predictable. Data volume-based = retrain when sufficient new data has accumulated — appropriate for domains with rapid data accumulation. All three should be defined before deployment.

Scenario Tips

If the question asks about:

When the question presents a financial institution running fraud detection at thousands of transactions per second and asks for the appropriate human oversight model...

Answer:

HOTL — the AI operates autonomously while humans monitor dashboards and intervene for flagged exceptions. HITL is impractical at machine speed.

Distractor to avoid:

HITL sounds most thorough but requiring human approval before each transaction is operationally impossible at that volume. HIC provides strategic oversight but does not address operational monitoring needs.

If the question asks about:

When a healthcare AI system's diagnostic accuracy has been declining for three months but patient data types have not changed, and medical guidelines were recently updated...

Answer:

Concept drift — the relationship between patient inputs and correct diagnoses changed when guidelines updated, even though the input data distribution remained stable.

Distractor to avoid:

Data drift is wrong because input distributions have not changed. Model drift is a general umbrella term, not the specific root cause. Concept drift precisely describes external-factor-driven relationship change with stable inputs.

If the question asks about:

When an organization is retiring a legacy AI system that has been running for years and asks what governance applies to decommissioning...

Answer:

Archive the model, retain relevant data per retention policies, communicate the transition to dependent stakeholders, ensure dependent processes have alternatives, and document lessons learned.

Distractor to avoid:

Simply deleting the model risks violating data retention requirements and losing audit trails. Transferring to open source introduces new risk with a retired system. Continuing in reduced capacity avoids the governance responsibility of proper decommissioning.

If the question asks about:

When the question asks what must happen when an organization retriggers training on a production model after performance degrades past a threshold...

Answer:

Retraining is a governance event: re-validate the retrained model, update model cards and documentation, re-review impact assessments for any changed risk profile, obtain stakeholder sign-offs, and communicate to affected parties before redeployment.

Distractor to avoid:

Answers treating retraining as purely technical (update weights, push to production) miss the governance dimension. Retraining requires a new governance gate, not just a technical pipeline run.

If the question asks about:

When the question involves an AI agent that uses API tools and asks what the primary governance concern is...

Answer:

Apply least privilege — grant the agent only the minimum permissions needed for its function. Define explicit action boundaries and implement controls to prevent excessive agency and privilege escalation.

Distractor to avoid:

Answers focused only on transparency or documentation miss the autonomy-specific governance concern of agentic systems.

Last-Minute Facts

1Domain IV = 27% of exam = approximately 22-24 scored questions. Equal weight to Domain III.

2HITL = before each action. HOTL = during operation (monitoring). HIC = strategic authority. Memorize the timing distinction.

3Concept drift: inputs look normal, outputs become wrong. Data drift: inputs have changed. Both can cause performance degradation but require different detection approaches.

4EU AI Act Article 14: human oversight for high-risk AI must be GENUINELY effective — rubber-stamping automated decisions does not satisfy the requirement.

5Serious incident reporting (EU AI Act): high-risk AI providers must report to market surveillance authorities. Prompt notification required.

6Decommissioning requires: model archival + data retention per policies + stakeholder communication + dependent process transition + lessons learned.

7HOTL monitoring must include fairness metrics, not just accuracy — a model can stay accurate overall while developing demographic bias.

8Agentic AI governance (v2.1): define scope of autonomous action, apply least privilege, establish accountability for multi-agent interactions.

Feeling confident?

Put your knowledge to the test with a timed AIGP mock exam.