Lexicon

The AI governance lexicon

Plain-language definitions of the terms that recur across the EU AI Act, the GDPR and the frameworks that govern AI. GovCompass uses one consistent vocabulary across the knowledge base and the Academy.

A

accountability: The principle that a named human or organization answers for an AI system's outcomes, through ownership, documentation, audit trails and redress — never the system itself.
agentic AI: Systems where a model takes actions — calling tools, executing multi-step plans — amplifying both capability and every failure mode; governed with action allowlists, approvals and full logging.
AI agent: A system that perceives its environment, decides and takes actions toward a goal — calling tools, executing plans. Autonomy of action demands allowlists, approval gates, sandboxing, logging and a kill switch.
AI incident: Any event where an AI system's outputs, actions or data handling caused or plausibly could cause harm, or materially deviated from validated behaviour — including harmful outputs from a system that is technically working.
AI inventory: A register of all AI systems an organization builds, buys or embeds, with owners and risk tiers — the prerequisite for governing any of them.
AI literacy: Sufficient understanding of AI's workings, capabilities and risks for one's role — an explicit expectation for provider and deployer staff under the EU AI Act.
AI system: A machine-based system that, for explicit or implicit objectives, infers from input how to generate outputs — predictions, content, recommendations or decisions — that can influence physical or virtual environments. The OECD-style definition followed by the EU AI Act.
algorithm: The learning procedure (e.g. gradient descent, tree induction); running it on training data produces a model. Controls attach to models and systems, not algorithms in the abstract.
Annex III: The EU AI Act's list of high-risk use-case areas — biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice.
automated decision-making: Decisions based solely on automated processing with legal or similarly significant effects — restricted by GDPR Article 22 to three exception grounds, with human-intervention safeguards.
automation bias: The human tendency to over-trust automated outputs — accepting a system's recommendation without genuinely weighing the case, which hollows out human oversight.

B

black box: Informal name for a system whose internal decision logic cannot be inspected or meaningfully explained.

C

CE marking: The mark affixed to products (including high-risk AI systems) indicating conformity with applicable EU requirements.
change management: Controlled handling of updates to models, data and configurations — every material change re-passes validation before redeployment.
complexity: The governance-challenging characteristic where risk lives in the interactions of many components, suppliers and environments that no one can reason about whole — answered by system-level assessment and end-to-end testing.
concept drift: A change in the real-world relationship between inputs and outcomes (fraud patterns evolve), as opposed to data drift, where the inputs themselves change.
conformity assessment: The pre-market process demonstrating a high-risk AI system meets the EU AI Act's requirements, leading to CE marking and registration.
continuous monitoring: Ongoing observation of a deployed system's performance, drift, fairness and usage against thresholds with named owners — the control that matches AI's speed and scale.

D

data minimisation: Processing only data that is adequate, relevant and necessary — in ML, implemented through pseudonymisation, feature selection, synthetic data and privacy-enhancing techniques.
data poisoning: An attack that corrupts training data so the model learns attacker-chosen behaviour; a core adversarial-ML threat to the data pipeline.
datasheet: Standing documentation for a dataset: sources, collection method, consent/licence status, composition, known limitations — the data-side sibling of the model card.
deepfake: AI-generated or manipulated audio, image or video that convincingly depicts real people or events that did not occur; subject to labelling duties under the EU AI Act's transparency tier.
deployer: An organization using an AI system under its own authority in its activities — carrying operator duties: use per instructions, oversight, input relevance, monitoring, notices.
DPIA: Data Protection Impact Assessment — required before likely-high-risk processing (systematic profiling with significant effects, large-scale special categories, public monitoring); AI development triggers it constantly.

E

explainability: The ability to give a meaningful reason for a specific output of an AI system to the people it affects — distinct from transparency, which is disclosure that and how AI is used.

F

fairness: The responsible-AI principle that systems should not create or reinforce unjust discrimination; operationalised through bias testing, representative data and per-group thresholds — with multiple, mutually incompatible mathematical definitions.
feedback loop: A dynamic where a system's own outputs influence its future training data, amplifying initial patterns — e.g. investigating only flagged claims, then learning from those investigations.
fine-tuning: Further training of an existing model on your own data to adapt its behaviour — which makes you responsible for the modification, potentially up to provider level.
foundation model: A model trained on broad data at scale that can be adapted to many downstream tasks; called a general-purpose AI model in EU AI Act terminology.
FRIA: Fundamental Rights Impact Assessment — required of public bodies and certain private deployers before using some high-risk AI systems under the EU AI Act.

G

general-purpose AI model: EU AI Act term for a model displaying significant generality and capable of many distinct tasks, typically integrated into downstream systems; carries its own obligation set, with extra duties for models posing systemic risk.
generative AI: AI systems that produce new content — text, images, audio, code — rather than only classifying or predicting. Large language models are the prominent example.

H

hallucination: Fluent but false content produced by a generative model — statistically plausible output mistaken for fact. A design property to manage, not a bug to patch away.
human oversight: Designed-in human ability to monitor, intervene in, override or shut down an AI system — meaningful only when the human has authority, information and time to act.
human-in-the-loop: Oversight configuration where a human approves or decides each case the system recommends — fitting high-stakes individual decisions, and meaningful only with authority, information and time.
human-on-the-loop: Oversight configuration where humans monitor operation and intervene by exception — fitting high-volume systems where per-case review is impossible.

I

impact assessment: The design-time discipline of describing a system, mapping stakeholders, identifying harms, rating probability × severity, choosing mitigations and documenting a signed decision — the skeleton under DPIAs, FRIAs and AIAs.
internal audit: The third line of defense: independent assurance that AI assessments, controls and documentation actually operate — reporting to the board, never to the builders.

K

kill switch: The designed-in, rehearsed ability to suspend or deactivate an AI system quickly when containment requires it.

M

machine learning: The dominant approach to AI: algorithms that improve at a task by learning patterns from data rather than following rules a human wrote.
model card: Standardised documentation for a model: intended use, performance (including per group), limitations, training data summary — a release-gate artefact and transparency tool.
model drift: Degradation of model performance as the deployment environment shifts away from the training distribution; detected by monitoring, answered by revalidation and retraining.

P

post-incident review: The structured learning step after containment: root cause, corrective actions with owners, and updates flowing back into assessments, registers, training and contracts.
post-market monitoring: Provider-side duty to systematically collect and act on experience from systems in use — the product-regulation half of continuous monitoring.
prompt injection: Smuggling adversarial instructions into a generative system's input (directly or via retrieved content) to override its intended behaviour.
proportionality: Matching the weight of governance to the risk of the use case — heavy gates for high stakes, light touch for low stakes — which keeps controls credible and followed.
provider: The actor who develops an AI system (or has it developed) and places it on the market or into service under its own name — carrying manufacturer-style duties: design controls, documentation, conformity.
pseudonymisation: Replacing identifying fields so data can't be attributed to a person without separate information — a minimisation and security technique that keeps data personal under GDPR.

R

representativeness: How well training data reflects the population and conditions the system will face in deployment — the fitness-for-purpose core of AI data quality.
residual risk: The risk remaining after mitigations — compared against risk appetite and accepted in writing by someone with authority, or the project doesn't proceed.
risk appetite: The amount and type of risk leadership is willing to accept in pursuit of objectives — documented so the organization decides to take risks rather than discovering it took them.
risk register: The living record of an AI system's identified risks, ratings, responses, owners and review dates — kept current from design through retirement.
robustness: A system's ability to perform reliably under realistic conditions including noise, edge cases and adversarial pressure — the engineering core of the safety-and-reliability principle.

S

serious incident: An AI incident causing (or nearly causing) death, serious harm to health, property, fundamental rights or infrastructure — triggering regulatory reporting duties for high-risk systems.
shadow AI: AI tools adopted by staff or business units outside official channels and governance — the predictable product of processes that are too heavy or too slow.
social scoring: Evaluating people over time across contexts, with detrimental or disproportionate treatment as a result — a prohibited AI practice in the EU.
special-category data: GDPR Article 9 data: health, ethnicity, political opinions, religion, sexual orientation, biometrics for identification — processable only on narrow grounds. Inferring these traits creates them.
stakeholder mapping: Systematically identifying who is affected by a system — users, affected non-users, vulnerable groups, organization, society — and what each stands to gain or lose.
stem: The question part of a test item — in scenario items, it quietly fixes the ask, the role and the life-cycle stage that the correct answer must match.
substantial modification: A change to a deployed AI system that materially alters its function or purpose — capable of shifting provider obligations onto the modifier.
supply chain: The layered chain behind an AI product — foundation models, datasets, labelling services, integrators — each layer adding risk the buyer never contracted for directly.
systemic risk: EU AI Act category for the most capable general-purpose models (presumed above a training-compute threshold), triggering extra duties: evaluations, adversarial testing, incident reporting, cybersecurity.

T

training records: Evidence of who completed which training content version, when, with results — the artefact that makes training function as a compliance control.
transparency: Openness about the fact that AI is used and how it operates in general: disclosures, documentation, notices. Pairs with explainability, which addresses individual outcomes.

Browse Responsible AI