Glossary of AI Governance Terms

Navigate AI governance with confidence. This plain-English glossary covers AIMS, EU AI Act, ISO 42001, NIST AI RMF, bias, explainability, and 25+ terms every compliance leader needs to know. .

Nuvexia

8/23/20255 min read

AI governance conversations move fast and the terminology moves even faster. Whether you are preparing for an ISO/IEC 42001 audit, navigating EU AI Act obligations, or building an internal AI risk framework, a shared vocabulary is your starting point. This glossary defines the terms that matter most, in plain language, with regulatory context where relevant.

## A

AI Management System (AIMS)

A structured set of policies, processes, roles, and controls that an organization uses to govern the responsible development, deployment, and monitoring of AI systems. ISO/IEC 42001:2023 is the world's first international standard specifying requirements for an AIMS.

Adversarial Testing (Red Teaming)

A security practice in which teams deliberately attempt to manipulate, deceive, or break an AI system to surface hidden vulnerabilities. Required under the EU AI Act for General-Purpose AI (GPAI) models with systemic risk and considered best practice for all enterprise AI deployments.

Algorithmic Bias

Systematic and unfair discrimination in AI outputs that results from flawed training data, model design, or feedback loops. Bias can disadvantage individuals based on race, gender, age, or other protected characteristics and creates both ethical and legal liability.

Audit Trail

A documented, time-stamped record of decisions, data inputs, model outputs, and human interventions in an AI system. Essential for regulatory compliance, post-incident analysis, and demonstrating accountability to regulators.

## B

Bias Mitigation

Technical and process-level interventions designed to identify and reduce unfair bias in AI models. Includes pre-processing training data, applying fairness constraints during model training, and ongoing post-deployment monitoring.

---

## C

Conformity Assessment

A formal process by which an AI system or management system is evaluated against a defined standard or regulation such as ISO/IEC 42001 or the EU AI Act to confirm it meets required criteria. Can be self-assessed or conducted by a third-party auditor.

Continuous Monitoring

An operational practice in which AI model performance, fairness, security, and compliance metrics are tracked in real time or at defined intervals throughout a model's deployment lifetime.

---

## D

Data Governance

The policies, standards, and processes that manage data quality, privacy, access, and lineage across an organization's AI pipeline. Strong data governance is a prerequisite for responsible AI and a core requirement of ISO/IEC 42001 and the EU AI Act.

Data Poisoning

A cyber attack in which malicious actors introduce corrupted or manipulated data into a model's training set to compromise its outputs, degrade accuracy, or introduce hidden backdoor behavior.

---

## E

Explainability (XAI)

The degree to which an AI system's decision-making process can be understood and communicated to humans. Regulators and auditors increasingly require explainable AI in high-stakes applications like credit scoring, hiring, and medical diagnosis.

EU AI Act

Regulation (EU) 2024/1689 the world's first comprehensive AI law. It entered into force on 1 August 2024, with prohibited AI practices applying from 2 February 2025, GPAI obligations from 2 August 2025, and full enforcement from 2 August 2026. Penalties reach up to €35 million or 7% of global annual turnover for the most serious violations.

---

## F

Fairness

In AI governance, fairness refers to the equitable treatment of individuals and groups by an AI system. Definitions vary (demographic parity, equal opportunity, individual fairness) and selecting the right fairness metric is a governance decision that should involve legal, ethical, and technical stakeholders.

Foundation Model / General-Purpose AI (GPAI) Model

A large-scale AI model trained on broad data that can be adapted for a wide range of downstream tasks (e.g., large language models). Under the EU AI Act, GPAI providers face specific transparency, documentation, and risk assessment obligations.

---

## G

Governance Framework

A structured approach policies, roles, processes, and controls that an organization adopts to manage AI risks and ensure responsible AI use. Common frameworks include ISO/IEC 42001, NIST AI RMF, and the EU AI Act. They are complementary rather than mutually exclusive.

---

## H

High-Risk AI System

An AI system classified under the EU AI Act as posing significant risk to health, safety, or fundamental rights. Examples include AI used in critical infrastructure, education, employment, credit scoring, law enforcement, and medical devices. High-risk systems face stringent obligations including risk management, technical documentation, transparency, human oversight, and cybersecurity requirements.

Human Oversight

A governance control requiring that humans can meaningfully monitor, intervene in, and override AI decisions particularly for high-stakes or high-risk applications. Mandated for high-risk AI systems under the EU AI Act.

---

## I

ISO/IEC 42001:2023

Published in December 2023, this is the world's first international standard for AI management systems (AIMS). It provides a certifiable framework for responsible AI development and use, covering risk management, bias and transparency controls, AI impact assessments, and third-party supplier oversight. It aligns with ISO/IEC 27001 (information security) and the NIST AI RMF.

AI Impact Assessment

A structured evaluation of the potential positive and negative impacts on individuals, society, and the organization of deploying an AI system. Required for high-risk systems under the EU AI Act and referenced in ISO/IEC 42001.

---

## M

MLOps Governance

The application of governance policies to machine learning operations covering model development, testing, deployment, monitoring, and retirement. Governance-integrated MLOps pipelines automate compliance checks, generate audit trails, and flag model drift or anomalous behavior.

Model Card

A short document accompanying a trained machine learning model that discloses its intended use cases, performance characteristics, limitations, and known biases. Increasingly required for transparency and accountability.

Model Drift

The degradation of a deployed AI model's performance over time as real-world data changes and diverges from the model's training distribution. Continuous monitoring is required to detect and respond to drift before it causes compliance or business harm.

---

## N

NIST AI Risk Management Framework (AI RMF)

A voluntary framework published by the US National Institute of Standards and Technology in 2023 that helps organizations identify, assess, and manage AI risks. Structured around four functions: Govern, Map, Measure, and Manage. Widely adopted in the US and aligned with ISO/IEC 42001.

---

## P

Prompt Injection

Ranked #1 in the OWASP 2025 Top 10 for LLMs, prompt injection is an attack in which malicious instructions embedded in user inputs or retrieved content cause an AI model to deviate from its intended behavior potentially leaking data, bypassing safety controls, or executing unauthorized actions.

---

## R

Responsible AI

An organizational commitment to designing, deploying, and operating AI systems in ways that are safe, fair, transparent, accountable, and aligned with human values and legal obligations. Often operationalized through governance frameworks like ISO/IEC 42001 or NIST AI RMF.

Risk-Based Approach

A regulatory philosophy adopted by both the EU AI Act and ISO/IEC 42001 in which the stringency of governance controls applied to an AI system is proportionate to the potential harm it could cause.

---

## S

Systemic Risk (GPAI)

Under the EU AI Act, a GPAI model is presumed to carry systemic risk if it is trained using more than 10²⁵ floating-point operations (FLOPs). Providers of systemic-risk GPAI must conduct adversarial testing, assess cybersecurity risks, and report serious incidents to the European AI Office.

---

## T

Transparency

The principle that AI systems should be understandable, documentable, and auditable. Transparency requirements under the EU AI Act include technical documentation, model cards, and disclosure obligations to users and regulators.

Third-Party AI Audit

An independent assessment of an organization's AI systems or AI management system by an external party. Third-party audits verify compliance with standards (ISO/IEC 42001), regulations (EU AI Act), or internal governance policies and provide credible assurance to regulators, customers, and boards.

---

This glossary is maintained by Nuvexia AI Consulting and updated to reflect the latest regulatory developments. If your organization needs help implementing these concepts in practice — from ISO/IEC 42001 certification to EU AI Act readiness — our team at Nuvexia is ready to help(contact us connect@nuvexiaai.com).

Contact us

Whether you have a request, a query, or want to work with us, use the form below to get in touch with our team.

Location

Singapore
India

Hours

I-V 9:00-18:00
VI - VII Closed