AIGP · Reference
Exam Mapping
This page shows exactly which lesson teaches each skill the AIGP exam tests. Use it to find a lesson for a specific exam skill, or to see how many questions a block of the exam carries.
How the exam is structured
The exam is organised into 4 domains — the broad areas of AI governance knowledge. Each domain splits into competencies (the "blocks" below, such as I.A or II.C) — a named cluster of related skills. Each competency lists one or more Performance Indicators (PIs) — the specific, gradable skill a question can test, such as II.A.2 ("apply data minimisation and privacy by design to AI").
Every exam question is written against exactly one PI. Each domain and competency also carries an official question range — the minimum and maximum number of scored questions that domain or competency contributes to the exam. Together, the 58 PIs below add up to a 77–93-question exam.
How to read this page: open a domain, find the competency block, and match the PI code to the lesson chip on the right. If you are weak on a specific PI, that chip tells you exactly where to study.
IUnderstanding the foundations of AI governance
3 blocks · 12 PIs · 16–20 questions on the exam
Understanding the foundations of AI governance
3 blocks · 12 PIs · 16–20 questions on the exam
I.A
What AI is and why it needs governance
4–6 questionsI.A.1Define artificial intelligence and distinguish the major types of AI systems.
No lesson mapped
I.A.2Identify the risks and harms AI poses to individuals, groups, organizations and society — including misalignment with objectives, ethics and bias risk, and problems of complexity and scalability.
No lesson mapped
I.A.3Explain the characteristics of AI that demand a comprehensive governance approach: complexity, opacity, autonomy, speed and scale, potential for harm or misuse, data dependency, and probabilistic versus deterministic outputs.
No lesson mapped
I.A.4Describe and apply responsible-AI principles: fairness; safety and reliability; privacy and security; transparency and explainability; accountability; and human-centricity.
No lesson mapped
I.B
Establishing and communicating organizational expectations
5–7 questionsI.B.1Define roles and responsibilities for the full set of AI governance stakeholders.
No lesson mapped
I.B.2Establish cross-functional collaboration in the AI governance programme, for efficacy and for diversity of expertise and perspective.
No lesson mapped
I.B.3Create and deliver a training and awareness programme for all stakeholders covering AI terminology, strategy and governance.
No lesson mapped
I.B.4Differentiate the governance approach by organizational size, maturity, industry, products and services, objectives and risk tolerance.
No lesson mapped
I.B.5Distinguish the developer, provider, deployer and user roles and what each is responsible for.
No lesson mapped
I.C
Policies and procedures across the AI life cycle
6–8 questionsI.C.1Create and implement policies that ensure oversight and accountability across all AI life-cycle stages — use-case assessment, risk management, ethics by design, data acquisition and use, development, training and testing, deployment and monitoring, documentation and reporting, and incident management.
No lesson mapped
I.C.2Evaluate and update existing policies — privacy, security, data governance and intellectual property — to address AI.
No lesson mapped
I.C.3Create and apply policies, assessments and contracts to manage third-party risk, including procurement, supply chain, human resources and acceptable use.
No lesson mapped
IIUnderstanding how laws, standards and frameworks apply to AI
4 blocks · 17 PIs · 19–23 questions on the exam
Understanding how laws, standards and frameworks apply to AI
4 blocks · 17 PIs · 19–23 questions on the exam
II.A
Existing data privacy laws and AI
4–6 questionsII.A.1Apply core privacy principles — transparency, choice, lawful basis and purpose limitation — to AI systems.
No lesson mapped
II.A.2Apply data minimisation and privacy by design to the development and use of AI.
No lesson mapped
II.A.3Map controller obligations to AI: DPIAs, processor arrangements, cross-border transfers, data-subject rights, automated decision-making rules, breach notification and record-keeping.
No lesson mapped
II.A.4Handle special-category and biometric data lawfully in AI contexts.
No lesson mapped
II.B
Other existing laws and AI
4–6 questionsII.B.1Assess intellectual-property issues raised by the use of training data and model outputs.
No lesson mapped
II.B.2Apply non-discrimination law to AI used in employment, credit, lending, housing and insurance.
No lesson mapped
II.B.3Apply consumer-protection law (unfair and deceptive practices) to AI products and claims.
No lesson mapped
II.B.4Assess product-liability exposure arising from AI systems.
No lesson mapped
II.C
Main elements of AI-specific laws
6–8 questionsII.C.1Classify AI systems into risk tiers (prohibited, high, limited, minimal) and determine what falls into each.
No lesson mapped
II.C.2Map the requirements for regulated systems: risk management, data governance, technical documentation, conformity and impact assessments, and record-keeping.
No lesson mapped
II.C.3Apply human-oversight, transparency-and-notification and quality-management obligations.
No lesson mapped
II.C.4Identify the obligations attached to general-purpose AI models.
No lesson mapped
II.C.5Explain enforcement mechanisms and penalty regimes.
No lesson mapped
II.C.6Distinguish obligations by role: provider, deployer, importer and distributor.
No lesson mapped
II.D
Main standards and frameworks
3–5 questionsII.D.1Apply the OECD AI Principles.
No lesson mapped
II.D.2Use the NIST AI RMF and Playbook, including its core functions and categories.
No lesson mapped
II.D.3Identify the purpose and scope of ISO/IEC 22989, ISO/IEC 42001 and ISO/IEC 42005.
No lesson mapped
IIIUnderstanding how to govern AI development
3 blocks · 16 PIs · 21–25 questions on the exam
Understanding how to govern AI development
3 blocks · 16 PIs · 21–25 questions on the exam
III.A
Governing design and build
6–8 questionsIII.A.1Define the business context and use case for an AI system.
No lesson mapped
III.A.2Conduct an impact assessment during design.
No lesson mapped
III.A.3Apply organizational policies and ethical principles to design: architecture and model selection, human oversight, data analysis, metrics and thresholds, stakeholder engagement and operational controls.
No lesson mapped
III.A.4Identify and manage risk using tools such as probability/severity matrices, the mitigation hierarchy, stakeholder mapping, benchmarking and pre-deployment pilots.
No lesson mapped
III.A.5Document design decisions and their rationale.
No lesson mapped
III.B
Governing data in training and testing
6–8 questionsIII.B.1Govern training and testing data: lawful rights to use it, quality, quantity, integrity and fitness for purpose.
No lesson mapped
III.B.2Maintain data lineage and provenance.
No lesson mapped
III.B.3Run training and testing regimes: unit, integration, validation, performance, security, bias and interpretability testing.
No lesson mapped
III.B.4Manage issues and risks discovered during development.
No lesson mapped
III.B.5Document data handling and test results.
No lesson mapped
III.C
Governing release, monitoring and maintenance
8–10 questionsIII.C.1Assess readiness and govern release, including model cards and conformity processes.
No lesson mapped
III.C.2Monitor continuously and maintain a retraining schedule.
No lesson mapped
III.C.3Run periodic assessments: audits, red teaming, threat modelling and security testing.
No lesson mapped
III.C.4Manage incidents involving AI systems.
No lesson mapped
III.C.5Perform root-cause analysis: brittleness, robustness failures, data-quality problems, testing gaps and drift.
No lesson mapped
III.C.6Meet public-disclosure and transparency obligations.
No lesson mapped
IVUnderstanding how to govern AI deployment and use
3 blocks · 13 PIs · 21–25 questions on the exam
Understanding how to govern AI deployment and use
3 blocks · 13 PIs · 21–25 questions on the exam
IV.A
Evaluating factors and risks before deployment
6–8 questionsIV.A.1Evaluate use-case context: objectives, required performance, data availability, ethical considerations and workforce readiness.
No lesson mapped
IV.A.2Compare model types: classic vs generative, proprietary vs open source, small vs large, language vs multimodal.
No lesson mapped
IV.A.3Compare deployment options: cloud, on-premises or edge; used as-is or adapted via fine-tuning, retrieval-augmented generation or agentic patterns.
No lesson mapped
IV.B
Assessing the AI system
5–7 questionsIV.B.1Conduct an impact assessment of the system to be deployed.
No lesson mapped
IV.B.2Assess vendor and licensing terms and the risks they carry.
No lesson mapped
IV.B.3Assess the risks unique to deploying your own proprietary model.
No lesson mapped
IV.C
Governing deployment and use
9–11 questionsIV.C.1Apply policies and ethics in deployment: data governance, risk and issue management, and user training.
No lesson mapped
IV.C.2Monitor continuously and manage retraining in use.
No lesson mapped
IV.C.3Run periodic assessments in operation: audits, red teaming, threat modelling and security testing.
No lesson mapped
IV.C.4Manage incidents and post-market documentation duties.
No lesson mapped
IV.C.5Forecast and reduce secondary and downstream harms.
No lesson mapped
IV.C.6Plan external communication about the system.
No lesson mapped
IV.C.7Maintain deactivation and localisation controls.
No lesson mapped
58 performance indicators total · AIGP Body of Knowledge v2.1 (effective 2 February 2026) · 77–93 scored questions across 4 domains