IAPP AIGP (AI Governance Professional) exam prep
AIGP - AI Governance Professional
Free, structured study notes built around active recall and spaced retrieval - 115 topics across the full AIGP body of knowledge. Read it free; unlock the 229-question practice bank and the official 100-question IAPP AIGP practice exam when you're ready to test yourself.
Core Study Guide
Module 1: Foundations of AI14
- What is AI
- Why AI needs a comprehensive governance approach
- The intelligence ladder: ANI to ASI
- OECD Framework for the Classification of AI Systems
- Tech megatrends and AI
- Use cases and benefits
- Four building-block terms
- The AI family tree
- The four ways machines learn
- Five algorithms to recognise on sight
- Architectures and the buzzwords that matter
- Model face-offs the exam loves
- Expert systems
- The AI system development life cycle
Module 2: AI Impacts & Responsible AI15
- The lay of the land
- Who gets harmed: the five targets
- Harms taxonomies 101
- Three privacy harms taxonomies
- Three AI harms taxonomies
- Individual harms and the anatomy of bias
- Group and societal harms
- Environmental harms
- Organisational harms
- The FIPs: where all of this started
- The five OECD AI Principles
- Seven ethical issues and three foundational controls
- Ethics by design
- Trustworthy AI: the HAT test
- Creating ethical AI in practice
Module 3: Governance & Risk Management17
- What AI governance actually is
- The four roles: developers, providers, deployers, users
- Tailoring governance: six differentiators
- Life cycle policies and the use case assessment
- Governance structure: build it, then pick a model
- Stakeholders: who sits at the table
- Winning leadership support
- Training, awareness and AI literacy
- Culture and operationalising responsible AI
- Aligning risk strategies
- Business, regulatory and legal risks
- The four AI risk categories
- Calculating risk
- Risk assessment mechanics
- AI impact assessments and ISO 42005
- NIST AI RMF: the full kit
- ISO 42001 and HUDERIA
Module 4: AI Regulation16
- The lay of the land
- The four regulated roles
- The risk classification framework
- Prohibited risk and the banned list
- High risk - where most regulation lives
- Limited risk and minimal risk
- The eight requirements for high-risk AI
- High-risk provider obligations
- Deployers, importers and distributors
- Conformity assessments, registration and notification
- General-purpose AI models
- The EU AI Act and the Digital Omnibus
- South Korea's AI Basic Act
- The United States - orders, guidance and state laws
- China, Japan and the rest of the world
- Enforcement and penalties
Module 5: Existing Laws & AI14
- The Lay of the Land
- Privacy Principles That Govern AI
- The GDPR and AI
- Article 22 and Automated Decision-Making
- Anonymisation, Pseudonymisation and PETs
- The EDPB Opinion on AI Models (2024)
- Obligations on Data Controllers
- Sensitive and Special Categories of Data
- Intellectual Property and AI
- Licensing AI Models and Data
- Nondiscrimination Laws Across Five Sectors
- Consumer Protection Laws and AI
- Product Liability Foundations
- The Revised Product Liability Directive
Module 6: Governing AI Development15
- The AI Development Life Cycle Revisited
- Planning Essentials - The Five Moves
- Stakeholders - Who, What, and the Hard Calls
- Operational Controls - Five Owners to Name
- Impact Assessments in the Design Phase
- The Six Risk Assessment Strategies, In Order
- Governing the AI Data Life Cycle
- Data Questions, Quality, Jurisdiction and Lineage
- Data Formats and the Five V's
- Wrangling the Data
- Features and Feature Engineering
- Building, Training and the Three Lines of Defence
- Testing and Validation
- Metrics, Thresholds, Audits and Monitoring
- Documentation, Communication and Decommissioning
Module 7: Governing AI Deployment15
- The lay of the land
- Adapting existing policies for AI
- Where the model lives - three environments
- GenAI choices and the pre-launch checklist
- Agentic AI - what it is
- The agentic risk landscape
- The three-tier guardrail framework
- Deploying a proprietary model
- Third-party products and risk
- The vendor / open-source agreement checklist
- Release readiness
- Periodic assessment - performance, reliability, safety
- Public disclosures and transparency obligations
- Monitoring, maintenance and drift
- Incidents, consequences and accountability