AI Governance Professional (AIGP) Certification Masterclass

This lecture introduces the Artificial Intelligence Governance Professional (AIGP) certification, offered by the IAPP. It covers AI governance principles, including compliance, risk management, and responsible AI oversight. The lecture explains the certification’s target audience, the four knowledge domains assessed in the exam, and the exam structure, which includes multiple-choice and case study questions. It also details registration costs, maintenance requirements, and the certification’s role in advancing careers in AI governance.

This lecture provides an overview of IAPP, the largest organization for privacy and AI governance professionals. Originally founded as a privacy-focused organization, IAPP rebranded in 2024 to include AI governance and digital responsibility. The lecture discusses its mission, global presence, and extensive resources for members, including training, publications, and conferences. It also introduces KnowledgeNet chapters, local networking groups that host events and provide professional development opportunities.

This lecture defines risk management as the identification, assessment, and mitigation of harm. It explains how to calculate risk scores based on severity and probability and introduces three types of risk controls: administrative (e.g., training), technical (e.g., firewalls), and physical (e.g., security guards). Examples include managing the risks of car accidents with seat belts and traffic laws and mitigating adversarial AI prompts through content filters. The lecture emphasizes structured approaches to risk management for ensuring safety and compliance.

This lecture focuses on AI-specific risk management, highlighting the importance of aligning AI strategies with organizational goals and compliance frameworks. It explains the AI risk management lifecycle, from identifying risks to implementing mitigation measures and integrating AI risk assessments into broader governance structures. The lecture also explores the context-specific nature of AI risk, including social impacts, jurisdictional considerations, and non-AI alternatives. Risk responses are categorized as high (avoid or modify), moderate (mitigate), or low (accept or mitigate).

Course introduction lecture notes in three formats: color, black and white (for printing, to save your ink cartridge), and review slides only.

This lecture introduces Bloom’s Taxonomy, a hierarchical framework for categorizing cognitive processes in learning. It covers four main stages: remembering (recalling facts and concepts), understanding (explaining ideas), applying (using information in new situations), and analyzing (connecting and evaluating ideas). The lecture discusses effective strategies for each stage, including mnemonic devices, paraphrasing, real-world problem-solving, and critical thinking techniques.

This lecture explores how to transfer information from short-term to long-term memory using active recall, spaced repetition, and deliberate practice. It explains the differences between short-term (15–30 seconds, limited capacity) and long-term (indefinite, unlimited capacity) memory. Techniques like flashcards, Dr. David’s study methods, and Anki’s Spaced Repetition System (SRS) are introduced to enhance retention and prevent forgetting.

This lecture explores how certification exams are designed to be challenging, emphasizing that not everyone is meant to pass. It explains how certificates function as valuable commodities, increasing in prestige through scarcity and rigorous entry barriers. The examiner’s mindset is examined, revealing strategies such as writing confusing questions, adding superfluous details, and introducing unexpected twists to test cognitive load and reasoning under pressure. Understanding these tactics can help candidates prepare more effectively and manage exam-related stress.

This lecture explores the three types of multiple-choice questions commonly found on the exam: simple Q&A, scenario-based, and case studies. Simple Q&A questions test basic knowledge, while scenario-based questions require applying concepts to specific situations. Case studies present real-world AI governance challenges and ask candidates to analyze different situations. The lecture emphasizes that exam questions will be more difficult than practice questions and advises test-takers to prepare for nuanced, complex scenarios.

This lecture provides strategies to improve exam performance, emphasizing that the test is as much about reading comprehension as subject matter expertise. Tips include focusing on keywords, using process of elimination, and managing time effectively. It also warns about distractor terms, encourages understanding what the exam provider values, and introduces the “law of diminishing returns” for studying. An “anxiety hack” reminds test-takers that some questions are ungraded, helping reduce stress during the exam.

This lecture explores the concept of Artificial Intelligence (AI) by contrasting it with human intelligence. Key topics include definitions of human intelligence, characteristics of AI, the Turing Test, and shared features of AI systems, such as autonomy and human involvement. The lecture emphasizes the socio-technical nature of AI, where humans and technology influence each other, and highlights the need for diverse, cross-functional teams in AI development.

This lecture introduces machine learning (ML) as a subfield of AI that uses data to train models for making decisions, inferences, and predictions. Topics include algorithms, labeled and unlabeled data, and the four ML training models: supervised, unsupervised, semi-supervised, and reinforcement learning. ML enables machines to learn patterns and relationships in data to perform intelligent tasks without explicit programming.

Supervised learning uses labeled data to train models that classify inputs or predict outcomes. Topics include classification models (e.g., spam detection) and regression models for continuous values (e.g., house prices). Techniques such as Support Vector Machines (SVM) and Support Vector Regression (SVR) are introduced. The lecture highlights the importance of large, labeled datasets for model accuracy.

Unsupervised learning processes unlabeled data to discover patterns, clusters, and associations. Semi-supervised learning combines both labeled and unlabeled data to improve model reliability while reducing costs. Applications include clustering, association rule learning, and identifying fraud through exploratory data analysis. Supervised and unsupervised methods are contrasted for their unique use cases.

Reinforcement learning simulates motivation by using rewards and punishments to train models without pre-labeled data. It focuses on maximizing rewards through iterative feedback loops. Challenges include the real-world complexity of environments and the consequences of failure. Applications like AlphaGo and autonomous vehicles highlight its strengths and limitations.

Google DeepMind documentary AlphaGo.

This lecture explores discriminative models, which classify data points into categories, and generative models, which generate new data points based on learned characteristics. Discriminative models map input features to class labels, useful for tasks like classification. Generative models aim to understand the essence of a category to create new content, forming the basis for technologies like generative AI.

Foundation models are large-scale neural networks trained on massive datasets that can be repurposed for various tasks. Key topics include neural networks, transfer learning, and fine-tuning. Types of foundation models include large language models (LLMs), vision models, and audio models. These models save time and resources by enabling generalized, adaptable, and scalable AI solutions.

Short explainer video on how neural networks work.

This lecture introduces three categories of AI: Artificial Narrow Intelligence (ANI), which performs specific tasks (e.g., AlphaGo); Artificial General Intelligence (AGI), with human-level capabilities (not yet realized); and Artificial Super Intelligence (ASI), which surpasses human intelligence (theoretical). These categories highlight AI’s progression and potential.

Expert systems mimic human decision-making using a knowledge base, inference engine, and user interface, supporting tasks like tax preparation. Fuzzy logic introduces reasoning under uncertainty, using linguistic variables and rules (e.g., if-then statements). Applications include automatic vehicle braking and systems that manage vague or imprecise inputs.

This lecture covers linear and statistical models, decision trees, deep learning, and various applications like computer vision, speech recognition, and NLP. Topics include their strengths, challenges, and use cases, such as decision trees for classification and neural networks for complex nonlinear tasks like image and language processing.

Large Language Models (LLMs) utilize deep learning to process text. They are characterized by massive parameters, enabling tasks like generating text or understanding context. Topics include parameters, weights, training types (generative and discriminative), and multimodal capabilities for diverse inputs and outputs. Examples include ChatGPT and other generative AI.

SLMs are specialized, cost-effective language models with compact architectures (fewer than 1 billion parameters). They are faster to train, require less storage, and offer enhanced security by being deployable on private infrastructures. Examples include Mistral 7B and Microsoft’s Phi-2.

This lecture explores key AI applications such as recommendation systems, recognition tasks (e.g., facial recognition), anomaly detection, forecasting, goal-driven optimization (e.g., supply chains), interaction support (e.g., chatbots), and personalization for tailored user experiences.

Compute infrastructure underpins AI, including CPUs, GPUs, and specialized processors. Topics include supercomputers like El Capitan, serverless computing, high-performance computing clusters, and trusted execution environments that secure data and maintain privacy.

This lecture discusses data storage stages and networking requirements. Topics include structured vs. unstructured data, high-speed networks for data delivery, and alternatives like edge computing and IoT. Efficient data movement is critical for AI training and inference.

Software supports AI applications and platforms for design, development, and deployment. Topics include open-source frameworks, fine-tuning for task-specific models, and tools from providers like AWS and Google Cloud. Software democratizes AI development through cost-effective and customizable solutions.

This lecture focuses on data processes, including transformation, labeling, and monitoring integrity. Topics include handling data drift, pre-processing for cleaning and normalization, and ensuring observability to maintain model reliability and alignment with goals.

This lecture examines training, validation, and testing datasets. Topics include overfitting and underfitting, which impact model generalization, and concepts like ground truth and accuracy that benchmark AI performance and reliability.

Emerging technologies drive AI, including mobile devices, metaverse, cloud computing, IoT, and AR/VR. Other enablers like blockchain, privacy-enhancing technologies, and social media expand data availability and fuel AI growth.

This lecture examines risks to individuals and groups, including civil rights, economic opportunity, privacy breaches, and safety concerns. Specific harms include biases in employment, housing, and education. Group harms include unreliable facial recognition, mass surveillance, and exacerbation of socio-economic divides.

This lecture explores societal risks such as threats to democracy, trust in institutions, misinformation, and disinformation. It highlights deepfakes, echo chambers, and profiling as key issues, emphasizing the role of AI in manipulating public perception and compromising safety through autonomous weapons.

This lecture addresses the reputational, cultural, economic, and legal risks faced by institutions, including AI exceptionalism and regulatory fines. Ecosystem harms involve natural resource depletion and environmental impacts. Positive applications like weather forecasting and disaster management are also discussed.

This lecture defines alignment as the match between AI objectives and human values, with examples of intended, specified, and emergent goals. Misalignment is explored through inner (programmed goals vs. system behavior) and outer (human intentions vs. objectives) misalignment.

This lecture categorizes biases in AI, including algorithmic, computational, societal, and implicit biases. It also covers issues like overfitting, underfitting, and edge cases. Biases can lead to unfair outcomes, systemic discrimination, and reduced model reliability.

This lecture outlines risks specific to generative AI, such as hallucinations, deepfakes, data poisoning, and filter bubbles. These risks undermine trust, spread misinformation, and compromise data integrity. Adversarial attacks and data leakage are also discussed.

General AI poses risks like power concentration, adversarial attacks, and misuse of transfer learning. Topics include model inversion, extraction, and poisoning, as well as ethical concerns like monopolies and algorithmic exceptionalism that erode freedoms.

This lecture explores privacy risks, including data persistence, repurposing, and spillover. It introduces privacy harm taxonomies, such as MITRE’s PANOPTIC framework, which maps harms and identifies mitigation strategies. Transparency and consent are emphasized for ethical AI use.

Operational risks include hardware and environmental impacts, while business risks span reputational damage, economic challenges, and legal liabilities. Topics include vendor dependencies, IP infringement, and cultural issues like over-reliance on AI.

This lecture presents socio-technical harms and the CSET AI Harm Taxonomy. Five themes—representational, allocative, quality-of-service, interpersonal, and societal—are discussed to anticipate risks and mitigate negative impacts. The CSET framework provides a structured approach to analyzing AI incidents.

Sociotechnical Harms of Algorithmic Systems: Scoping a Taxonomy for Harm Reduction

This lecture identifies features of AI systems that necessitate unique governance approaches, including complexity, opacity, autonomy, speed, and potential for harm. Topics cover regulatory challenges, interpretability, and deterministic versus probabilistic outputs. The emphasis is on balancing innovation with accountability and transparency.

This lecture defines key terms in AI ethics, including accountability, explainability, fairness, and transparency. It highlights the importance of contestability, reliability, and robustness in building trustworthy and ethical AI systems.

Trustworthy AI emphasizes human-centric, accountable, and transparent systems that operate legally and fairly. Topics include operationalizing these principles through leadership buy-in, creating technical standards, and embedding AI into responsible governance frameworks.

This lecture explores how to customize AI governance based on organizational size, maturity, industry, and strategic objectives. It emphasizes assessing risk tolerance and aligning governance with the ubiquity of AI in products and services, highlighting a cost-benefit approach.

This lecture clarifies the roles and responsibilities of developers, deployers, and users in AI. Developers focus on data collection and policy compliance, deployers ensure transparency and responsible use, and users provide feedback and report issues to maintain system integrity.

This lecture highlights the principles and controls required for ethical AI, including lawfulness, bias protection, and human intervention. It emphasizes cross-functional teams, transparency, privacy, and robust data governance to build trust and accountability in AI systems.

This lecture explores building a governance framework for Responsible AI (RAI), focusing on principles, risk tolerance, sector-specific standards, and the ability to implement policies. It highlights integrating RAI culture into organizations through leadership support and comprehensive compliance.

This lecture outlines values for effective AI governance, including pro-innovation, consensus-driven, outcome-focused, and risk-centric approaches. It advocates for interoperability across laws and technologies, end-to-end accountability, and policies that adapt to specific use cases.

This lecture outlines steps to establish an AI governance body, such as understanding organizational operations, securing leadership buy-in, involving stakeholders, and selecting a governance model (centralized, decentralized, or hybrid). The MITRE AI Maturity Model is introduced.

This lecture emphasizes the importance of training and awareness in AI, differentiating between skill-building (training) and issue recognition (awareness). Content includes laws, reporting procedures, and tailored role-based training for stakeholders to promote good practices.

The second part delves into AI strategy, governance, and terminology. Topics include aligning AI initiatives with business objectives, ethical frameworks, and governance structures for overseeing the AI lifecycle. It stresses the importance of feedback mechanisms and sociotechnical considerations.

Domain 1 lecture notes in three formats: color, black and white, and review slides only.

This lecture introduces the Fair Information Practices (FIPs), a set of guidelines for handling data with privacy, security, and fairness. Core principles include access, purpose specification, data minimization, accountability, and use limitation. Originating in the 1973 HEW Report, FIPs have influenced global privacy standards like the OECD Guidelines.

This lecture applies FIPs principles to AI, focusing on notice, choice and consent, purpose limitation, and data minimization. It emphasizes informing users about AI interactions, collecting only necessary data, and ensuring consent is voluntary and informed through clear communication.

This lecture discusses Privacy by Design (PbD) and Privacy by Default (PbDD), foundational principles in modern data protection. PbD embeds privacy into systems during their development lifecycle, while PbDD ensures strict privacy settings by default. Seven principles, such as transparency and proactive measures, guide their implementation.

This lecture outlines privacy requirements for AI operators, including compliance with laws like GDPR and CCPA. Key topics include conducting Privacy Impact Assessments (PIAs), maintaining human oversight, managing data governance, and ensuring data disposition policies align with privacy regulations.

This lecture covers the GDPR, the EU’s comprehensive privacy legislation. Key principles include lawfulness, fairness, and transparency. Topics explore GDPR’s applicability to AI, focusing on articles addressing automated decision-making (ADM), data pseudonymization, and consent requirements.

This lecture covers sensitive data categories under laws like GDPR and CCPA, including health, genetic, and biometric data. Topics include the legal bases for processing, safeguards like DPIAs, and best practices such as collecting data directly from individuals or creating proxies to protect privacy.

This lecture explains the responsibilities of data controllers under GDPR, including conducting DPIAs, managing third-party processors, and ensuring cross-border data transfers comply with regulations. It also covers data subject rights, incident management, breach notification, and record-keeping for accountability.

This lecture introduces intellectual property (IP), including patents, trademarks, copyrights, and trade secrets. Topics include derivative works, fair use, and legal challenges regarding AI outputs, such as whether AI-generated works qualify for IP protections and who can be considered an “inventor”.

This lecture examines copyright issues with generative AI, such as web scraping and data opacity in training datasets. Case studies like Silverman v. OpenAI highlight the complexities of copyright infringement claims, focusing on whether AI processing constitutes reproduction or violation of copyright laws.

This lecture explores the fair use defense in copyright law, analyzing four factors: purpose and character of use, nature of the work, amount and substantiality used, and effects on market value. It emphasizes that fair use depends on context, including the commercial or transformative nature of AI-generated content.

This lecture examines the Thomas Reuters v. ROSS Intelligence case, exploring copyright infringement allegations. It highlights challenges in proving infringement related to training datasets, transformative use, and fair use considerations in AI-generated outputs.

This lecture discusses whether generative AI outputs can be copyrighted. Topics include “ultimate creative control,” case law like Burrow-Giles Lithographic v. Sarony and Thaler v. Perlmutter, and global approaches where jurisdictions differ on AI-generated works’ copyrightability.

This lecture explores patentability of AI-generated outputs. Key topics include U.S. Patent and Trademark Office (USPTO) regulations, types of patents (utility, design, plant), and eligibility criteria requiring “natural persons.” It also discusses standards like “Pannu Factors” for determining contribution.

This lecture addresses licensing of AI models and data, focusing on ownership, indemnification, and licensing agreements. It emphasizes assigning rights, defining liability, and ensuring metrics like reliability and robustness in licensing contracts to manage AI-specific challenges.

This lecture categorizes AI products into two groups: those performing old functions in new ways (e.g., credit scoring) and those enabling entirely new functions (e.g., synthetic content generation). It highlights compliance with existing laws and regulations, especially in highly regulated sectors like finance and healthcare.

This lecture focuses on AI in employment and compliance with the U.S. Equal Employment Opportunity Commission (EEOC). Topics include Title VII of the Civil Rights Act, “adverse impact” on protected groups, and the EEOC’s Algorithmic Fairness Initiative to ensure hiring technologies align with federal civil rights laws.

This lecture outlines the Federal Trade Commission’s (FTC) role in protecting consumers from unfair or deceptive acts. Topics include the FTC’s jurisdiction over laws like COPPA and FCRA, its unfairness authority criteria, and enforcement of consumer protection through regulatory actions.

This lecture explores automated decision-making (ADM) and its regulation under laws like the Fair Credit Reporting Act (FCRA) and Equal Credit Opportunity Act (ECOA). It discusses FTC recommendations for transparency, nondiscrimination, and accountability in ADM systems.

This lecture introduces the Federal Reserve’s SR 11-7 guidance on model risk management, which addresses the development, validation, and governance of statistical models in banking. The guiding principle is “effective challenge” to identify and mitigate risks in model use.

This lecture reviews the Occupational Safety and Health Administration’s (OSHA) guidelines for industrial robot systems. It highlights safety standards and hazard analysis practices established to ensure safe working conditions in industries using robotics.

This lecture focuses on the Food and Drug Administration’s (FDA) regulation of AI-enabled medical devices, categorized as Software as a Medical Device (SaMD). Topics include examples like MRI analysis tools, risk classifications (Class I to III), and the regulatory processes for approval.

This lecture explores nondiscrimination laws in healthcare, insurance, and employment sectors. Topics include Section 1557 of the ACA, NAIC guidelines for responsible AI in insurance, and EEOC guidance on AI hiring tools, emphasizing compliance and bias mitigation.

This lecture examines state and local AI laws in the U.S., including California’s Generative AI Training Data Transparency Act, Colorado’s AI Act, and New York City’s Local Law 144. It discusses requirements for transparency, bias audits, and liability in AI development and deployment.

This lecture covers U.S. product liability laws as they apply to AI, including challenges with autonomous systems and explainability. It discusses traditional liability theories (strict liability, negligence, breach of warranty) and key case studies like Corelogic and Meta Platforms.

This lecture reviews EU liability frameworks, including fault and strict liability regimes. It explores the General Product Safety Regulation, the Reformed Product Liability Directive, and the proposed AI Liability Directive, which aim to address AI-specific issues like opacity and complexity.

This lecture introduces the Digital Services Act (DSA), an EU law effective August 2023 that targets online platforms to prevent illegal and harmful activities. It emphasizes transparency in recommender systems and online advertising, including user access to ad parameters and profiling information.

This lecture explains the structure of the EU AI Act, which comprises 113 articles, 13 annexes, and 180 recitals. Articles outline obligations and rights, annexes provide technical details, and recitals clarify legislative intent. A timeline for implementation is included.

This lecture outlines the objectives and scope of the EU AI Act, aiming for safe, transparent, and trustworthy AI. It introduces key terms like AI systems and General Purpose AI (GPAI), discussing their definitions, scope exceptions, and regulatory obligations for global operators.

This lecture identifies roles in AI system regulation, including providers, deployers, distributors, importers, and authorized representatives. Each role has specific obligations under the EU AI Act, with providers facing the most stringent requirements.

This lecture explores the risk-based approach of the EU AI Act, categorizing AI systems into four risk levels: unacceptable, high, limited, and minimal. It explains how market surveillance authorities enforce compliance and safety based on risk severity and probability.

This lecture explores AI systems classified as prohibited under the EU AI Act, including social credit scoring, manipulative behavior, untargeted biometric scraping, and predictive policing. It also outlines exceptions, such as law enforcement use in pre-approved scenarios like imminent threat detection.

This lecture focuses on high-risk AI systems as defined in Annex III of the EU AI Act. Examples include systems for biometric identification, critical infrastructure, and employment decisions. It highlights mandatory risk management, transparency, and safety requirements for these systems.

This lecture covers AI systems deemed limited risk under the EU AI Act, like chatbots and generative models (e.g., ChatGPT). Transparency obligations include informing users they’re interacting with AI and marking AI-generated outputs in a machine-readable format.

This lecture details compliance requirements for providers of high-risk AI systems under the EU AI Act. Topics include risk management, data governance, technical documentation, transparency, human oversight, and quality management systems.