Glossary
A comprehensive reference of terms and definitions used in AI governance and the EU AI Act.
AI Governance
The structures, processes, and accountability mechanisms by which AI systems are overseen — within organisations and across regulatory systems. Good governance answers three questions: who decided this system should exist, who is responsible when it causes harm, and how do we know when something has gone wrong. Most organisations that believe they have AI governance in fact have AI guidelines — the gap between the two is where liability lives.
AI Safety
The field dedicated to ensuring AI systems do what their designers intend and do not cause harm when they fail to. Near-term safety — robustness, adversarial resistance, reliability under distribution shift — is a standard engineering concern. Long-term safety — ensuring AI systems with capabilities exceeding human intelligence remain aligned with human interests — is a contested research frontier. Both are legitimate, increasingly funded, and inadequately addressed by current regulatory frameworks.
Artificial Intelligence
Technology that enables machines to perform tasks that would otherwise require human judgement. Modern AI is predominantly statistical — it identifies patterns in data and generalises from them — rather than rule-based. The term is broad enough to cover everything from spam filters to large language models, which makes it nearly useless as a regulatory category without further specification.
Attention Mechanism
The component of transformer models that allows each token to be contextually influenced by every other token in the sequence. Self-attention is why a language model can resolve a pronoun ten paragraphs back to the correct antecedent. It is also computationally expensive — naive attention scales with the square of the sequence length, which is why increasing context windows requires significant engineering effort.
EU AI Act
Regulation (EU) 2024/1689 — the world's first comprehensive AI law, in force from August 2024, with obligations phasing in through 2027. The Act classifies AI systems by risk: unacceptable risk (banned), high risk (strict obligations), limited risk (transparency requirements), minimal risk (no obligations). It applies to any AI system placed on the EU market or affecting EU residents, regardless of where the provider is located. Fines reach €35 million or 7% of global annual turnover — whichever is higher.
EU AI Office
Established within the European Commission in February 2024 to oversee the EU AI Act, particularly its provisions on General-Purpose AI. The EU AI Office is the regulator for GPAI providers across the EU — a centralised function ensuring consistent enforcement rather than leaving GPAI oversight to 27 different national authorities. It maintains the EU AI public database, coordinates with national market surveillance authorities, and issues guidance on Act implementation.
AI Safety Institute (AISI)
Government institutions established to evaluate the safety of the most capable AI models before and after deployment. The UK AISI (founded November 2023, later rebranded the AI Security Institute) and the US AISI (founded at NIST) were the first of their kind. Their mandate is pre-deployment evaluation of frontier models — red-teaming for dangerous capabilities and developing evaluation methodologies. As of 2025, AISIs have evaluated models from Anthropic, OpenAI, Google DeepMind, and Meta.
Existential Risk
The possibility that advanced AI systems could cause irreversible harm at civilisational scale — not through malice but through capability without alignment. A sufficiently capable AI system pursuing a misspecified objective could cause catastrophic harm as a side effect of achieving it. A significant proportion of senior AI researchers consider this a serious concern. The AI Safety Institutes established by the UK, US, and others are funded partly in response.
Machine Learning
The method by which most modern AI systems are built: a model is exposed to large quantities of data and adjusts its internal parameters to minimise prediction error. No one writes the rules — the model learns them from examples. The quality of the output is therefore inseparable from the quality and composition of the training data.
Temperature (AI)
The parameter that controls how deterministic or random a language model's outputs are. Temperature 0 always selects the most probable next token — consistent but potentially repetitive. Higher temperatures sample more broadly — more varied, less reliable. The right setting is application-dependent: near-zero for structured data extraction, higher for creative writing. Most production AI systems expose temperature as a configurable parameter.
Deep Learning
Machine learning using neural networks with many layers. The depth allows the system to learn progressively more abstract representations — edges, then shapes, then faces, for example, in image recognition. Responsible for the AI capabilities explosion of the past decade. Also responsible for the opacity that makes many AI systems difficult to audit.
General-Purpose AI (GPAI)
An AI model capable of performing a wide range of tasks that can be integrated into other products and services. GPT-4, Claude, Gemini, and Llama are all GPAI models. The EU AI Act imposes transparency and copyright obligations on all GPAI providers, with additional requirements for models trained above a 10^25 FLOP threshold — deemed to pose systemic risk. As of 2025, this threshold captures only the most powerful frontier models.
Human in the Loop
An AI deployment model where a human approves each AI decision before it takes effect. Stronger than human oversight, which permits post-hoc review — required in the highest-stakes contexts. The genuine challenge: in high-volume systems processing thousands of decisions per day, meaningful human review of each one is economically unviable. Automation pressure is the primary threat to human-in-the-loop commitments in practice.
IEEE
The Institute of Electrical and Electronics Engineers — the world's largest technical standards organisation, with significant AI standards activity. The IEEE P7000 series covers ethical AI system design: 7000 (general process), 7001 (transparency), 7002 (data privacy). IEEE 2857 covers privacy engineering for machine learning. IEEE standards are voluntary but widely referenced in procurement and cited in regulatory guidance, complementing binding frameworks like the EU AI Act.
RLHF (Reinforcement Learning from Human Feedback)
The training technique that turns a language model that predicts text into one that is helpful, honest, and refuses harmful requests. Human raters evaluate model outputs; their preferences train a reward model; that reward model guides further training via reinforcement learning. RLHF is how ChatGPT, Claude, and Gemini became assistants rather than raw text predictors. The quality and diversity of the rater pool has significant implications for whose values are embedded in the resulting model.
Value Alignment
The problem of ensuring an AI system's objectives actually reflect what humans want — not just what humans said they wanted, or what the training process happened to reward. Human values are partially implicit, internally inconsistent, and context-dependent. Specifying them precisely enough for a machine to optimise is a foundational research problem that remains unsolved. Near-term alignment work focuses on making models helpful and harmless; the deeper question is open.
Constitutional AI
Anthropic's training methodology in which the model is guided by a written set of principles — a constitution — to self-critique and revise its outputs, reducing dependence on human feedback at scale. Relevant to governance: an explicit, documented set of principles shaping a model's behaviour is closer to a governable system than one tuned by opaque human preference data.
Dual Use
The property of AI capabilities being applicable to both beneficial and harmful ends. The same model that generates compelling educational content can generate disinformation; the same face recognition that finds missing children can enable mass surveillance. Dual-use analysis is a governance requirement: identifying the harmful use cases of a system before deployment is part of a responsible risk assessment, not an optional exercise.
Global Partnership on AI (GPAI)
An intergovernmental initiative launched in 2020, now including 29 member countries and hosted by the OECD. GPAI conducts multi-stakeholder research through working groups on responsible AI, data governance, the future of work, and AI innovation. Its membership — including the US, UK, Canada, India, Japan, and EU — distinguishes it from purely European frameworks and gives it genuine global governance reach.
Neural Network
A computational structure of interconnected nodes, loosely modelled on biological neurons. Networks learn by adjusting connection weights during training. Their internal representations are not human-readable — which is the root cause of the black-box problem in AI explainability and the challenge at the heart of every AI audit.
Prohibited AI Practices
Article 5 of the EU AI Act is a list of outright bans — practices deemed incompatible with fundamental rights regardless of safeguards. They include: subliminal manipulation that circumvents rational agency; exploitation of vulnerabilities to distort behaviour; social scoring by public authorities; real-time remote biometric identification in public spaces; biometric categorisation by race, religion, or political opinion; and emotion recognition in workplaces and schools. Violations carry the highest fines in the Act.
Red Button Protocol
The documented procedure for stopping an AI system. Who can do it, under what conditions, how quickly, with what notifications, and with what consequence for pending decisions. A protocol is not a button: it is a governance document, maintained, tested, and known to the people who might need to use it. Organisations that cannot answer these questions about their AI systems do not have governance — they have exposure.
AI Literacy (Article 4)
The legal obligation — not best practice, an obligation — requiring providers and deployers to ensure their staff understand AI well enough to use it responsibly. What "sufficient AI literacy" means is deliberately left for organisations to determine based on context. AICI's view: this is the most routinely overlooked provision of the Act and the one most likely to generate early enforcement action as regulators look for accessible targets.
AI Watermarking
Technical methods for embedding imperceptible signals into AI-generated content so it can later be identified as machine-made. The EU AI Act requires transparency labelling of AI-generated synthetic media. Current watermarking techniques for text are fragile — they can be defeated by paraphrasing. Image watermarking via the C2PA provenance standard is more robust. The long-term effectiveness of watermarking as a transparency mechanism depends on its being universal and adversarially resistant.
Large Language Model (LLM)
A neural network trained to predict the next token in a sequence of text, at scale. The emergent result — when training is large enough — is a system that can answer questions, write code, draft documents, and reason across domains. Not because it was programmed to, but because predicting text at scale requires modelling a great deal of world knowledge. GPT-4, Claude, Gemini, and Llama are LLMs.
Red-Teaming
Adversarial testing of AI systems by a team attempting to find failure modes, safety violations, and harmful output pathways before deployment. The EU AI Act requires adversarial testing for systemic-risk GPAI models. Red-teaming results should inform technical documentation and post-market monitoring plans — and should never be classified to prevent regulatory or auditor scrutiny.
Shadow AI
The unsanctioned use of AI tools by employees outside official channels. It is structural, not individual: if approved tools are inadequate and unapproved ones are better, employees will use the better ones. The regulatory risk is concrete — data processed by a third-party AI model may have left the organisation's control, breaching GDPR, client confidentiality obligations, and employment contracts. Managing shadow AI requires addressing the supply problem, not just enforcing the prohibition.
UNESCO AI Recommendation
The first global normative framework for AI ethics, adopted by all 193 UNESCO member states in November 2021. It addresses AI's impact on human rights, environmental sustainability, gender equality, and cultural diversity. Unlike the EU AI Act, it is non-binding — but its adoption by 193 states gives it significant normative weight. UNESCO conducts periodic readiness assessments and provides implementation support, particularly to governments in the Global South who lack independent AI governance frameworks.
AI Risk Management
The systematic practice of identifying, prioritising, and treating risks from AI systems. The frameworks — NIST AI RMF, ISO 42001, sector-specific guidance — all agree on the core structure: understand what you have, assess what can go wrong, measure those risks, manage them. The persistent failure is that most organisations assess AI risk once at procurement and never again. Continuous monitoring is a legal obligation for high-risk systems under the EU AI Act.
Bletchley Declaration
The joint statement issued at the inaugural AI Safety Summit, held at Bletchley Park on 1–2 November 2023. Signed by 28 governments including the US, EU, UK, and China, it acknowledged that frontier AI poses potentially catastrophic risks and committed signatories to international collaboration on safety research and pre-deployment evaluation. The Bletchley Declaration marked the first time China signed a multilateral AI safety commitment. Subsequent summits were held in Seoul (May 2024) and Paris (February 2025).
Explainable AI (XAI)
Research and practice focused on making AI decisions interpretable to humans. Techniques range from post-hoc approximation (LIME, SHAP values) to inherently interpretable architectures. The fundamental tension: the most capable AI systems tend to be the least interpretable. In regulated domains — credit, healthcare, criminal justice — explainability is a legal requirement, and its absence can render an AI deployment unlawful regardless of performance.
Foundation Model
A large model pre-trained on broad internet-scale data that serves as the base for many downstream applications. The same underlying model can power a customer service bot, a legal document assistant, and a medical diagnostic tool simultaneously. This concentration of capability in a handful of models is precisely what motivated the EU AI Act's GPAI provisions.
Jailbreak
An adversarial technique for bypassing an AI model's safety constraints, typically by framing a prohibited request in a form the safety training did not anticipate. A system that can be jailbroken with a cleverly worded prompt does not have safety guarantees — it has safety tendencies. For regulated deployments, jailbreak resistance should be a documented evaluation criterion, not an afterthought.
Generative AI
AI that produces new content rather than classifying or predicting. Generative models output text, images, audio, video, and code that is statistically consistent with their training data but novel. The creative and economic disruption of generative AI — and its potential for misuse in synthetic media, disinformation, and automated fraud — is the driving force behind most current AI regulation.
Model Card
A short, standardised disclosure document published alongside an AI model, describing its intended uses, evaluated performance, known limitations, and ethical considerations. Introduced by Google in 2019, model cards are now expected by the AI research community and increasingly cited in procurement standards. Absent a model card, an organisation deploying a model has fewer grounds to claim it exercised reasonable due diligence.
Non-Discrimination
The fundamental right that AI systems must not produce differential outcomes on the basis of protected characteristics — race, gender, disability, age, nationality, religion, sexual orientation. Non-discrimination is violated both by intentional design and by training on historically discriminatory data. In the EU, victims of AI discrimination have legal standing under both the EU AI Act for high-risk systems and horizontal anti-discrimination law.
Partnership on AI
A non-profit multi-stakeholder organisation founded in 2016 by Apple, Amazon, DeepMind, Facebook, Google, IBM, and Microsoft, now exceeding 100 members from civil society, academia, media, and industry. Partnership on AI publishes research and best practice guidelines on AI safety, fairness, synthetic media, and responsible AI development. Its value lies in convening industry, civil society, and academia in a shared governance space that binding regulation alone cannot create.
Prompt Injection
An attack targeting AI agents and tool-using AI systems. Malicious instructions embedded in external content — a web page, uploaded document, or incoming email — are processed by the AI alongside legitimate instructions, potentially overriding the user's intent or the system's safety constraints. As AI agents become prevalent in enterprise environments, prompt injection is a critical security threat. The OWASP Top 10 for LLM Applications lists it as the primary risk.
AI Audit
An independent evaluation of an AI system against defined criteria — technical performance, fairness across demographic groups, compliance with legal requirements, alignment with stated values. "AI audit" is not yet a regulated profession; anyone can call themselves an AI auditor. Work is underway in ISO, IEEE, and the EU to establish audit standards. Organisations should treat AI audit claims with appropriate scepticism until accreditation frameworks mature.
Benchmark
A standardised evaluation used to compare AI model performance. Common benchmarks include MMLU (knowledge across 57 subjects), HumanEval (coding), and TruthfulQA (factual accuracy). Benchmark scores must be interpreted with caution: the research community has documented extensive benchmark contamination — models trained on test data — and saturation, where models approach 100% on tests that once challenged them.
ISO/IEC JTC 1/SC 42
The ISO/IEC technical committee responsible for international AI standards. SC 42 has published ISO/IEC 42001 (AI management systems), 22989 (AI concepts and terminology), 23053 (ML framework), and 24028 (trustworthiness in AI), among others. Harmonised standards developed under SC 42 can provide presumption of conformity with EU AI Act requirements — making SC 42 participation a significant lever of influence over how the Act is implemented in practice.
Natural Language Processing (NLP)
The branch of AI concerned with human language — understanding it, interpreting it, summarising it, translating it, generating it. Modern NLP is almost entirely dominated by transformer-based language models. Before 2017 it was a collection of specialised tools; after transformers it became one of AI's most commercially and regulatorily significant domains.
Subliminal Manipulation
AI-powered influence operating below the threshold of conscious awareness — exploiting psychological vulnerabilities to alter beliefs or behaviour without the subject's knowledge or consent. Article 5 of the EU AI Act bans AI systems that use subliminal techniques to materially distort behaviour in ways harmful to the individual. The definition encompasses not just literal subliminal messaging but micro-targeted manipulation exploiting cognitive biases identified through data analysis.
Computer Vision
AI that interprets images and video. Applications range from medical imaging and manufacturing quality control to facial recognition and surveillance. Computer vision systems — particularly those used in biometric identification — represent some of the highest-risk AI applications under the EU AI Act and are the subject of major civil liberties litigation across Europe.
Differential Privacy
A mathematical framework providing formal guarantees about how much information about any individual can be inferred from an AI system's outputs. Applied during training, it limits the degree to which a model memorises specific training records. The privacy-utility tradeoff is real: differential privacy degrades model performance, and the degradation increases as the privacy guarantee strengthens.
Explainability
The property of an AI decision being interpretable in human terms. Explainability is a legal requirement in certain contexts: GDPR Article 22 requires that automated decisions with significant effects be explainable on request. It is also a precondition for accountability: you cannot accept responsibility for a decision you cannot understand. The hardest cases involve deep neural networks where genuine mechanistic explainability may not be achievable with current techniques.
National Market Surveillance Authority
The national enforcement body designated under the EU AI Act in each member state to monitor and enforce compliance within their jurisdiction. NSAs have powers to request documentation, conduct audits, require corrective measures, recall non-compliant systems, and impose fines. Enforcement capacity varies significantly across member states — GDPR enforcement precedents suggest that geography, resourcing, and political will are as determinative as the law itself.
Social Scoring
The use of AI to evaluate and rank individuals based on social behaviour, with consequences for access to services, opportunities, or rights. Prohibited for public authorities under Article 5 of the EU AI Act. China's social credit system is the reference case, but analogous practices — employer reputation scores, insurance pricing based on social media behaviour, tenant screening algorithms — raise similar concerns in EU contexts even when operated by private entities.
AI System
A machine-based system designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment.
Accountability
The organisational principle that someone, specifically identified, is answerable for each AI system's existence and behaviour. Not a committee, not a policy, not a vendor — a person or a clearly defined role. Accountability matters because the default in large organisations is diffusion: decisions spread across IT, legal, procurement, and business units such that no one is clearly responsible when harm occurs. The EU AI Act's role definitions exist, in part, to impose accountability by legal construction.
European Artificial Intelligence Board
The advisory and coordination body established under the EU AI Act, composed of representatives from each EU member state and chaired by the European Commission. The Board facilitates consistent application of the Act across member states and coordinates with the EU AI Office on GPAI matters. Its effectiveness depends on its ability to align 27 national authorities with different regulatory traditions — a challenge that will define the coherence of EU AI governance for years to come.
Federated Learning
A training approach in which models learn from data distributed across multiple devices or organisations, with only model gradients — not raw data — shared centrally. The data stays local; the learning travels. Not a complete privacy solution: gradient inversion attacks can reconstruct training data from shared gradients under certain conditions, which is why federated learning is combined with differential privacy in high-sensitivity deployments.
Fundamental Rights Impact Assessment (FRIA)
Required under Article 27 for public bodies and private operators of public services deploying high-risk AI. The FRIA evaluates the system's potential impact on rights including privacy, non-discrimination, dignity, and access to justice. It must be completed before deployment, registered in the EU AI database, and updated when the system or its use context changes materially. It is the AI equivalent of a GDPR DPIA, and equally often treated as a compliance checkbox rather than a genuine governance exercise.
Privacy by Design
The requirement that privacy protections be built into AI systems from the ground up, not bolted on after deployment. A legal obligation under GDPR Article 25. In practice, this means data minimisation at the point of training, purpose limitation, and architectural choices — pseudonymisation, differential privacy, federated learning — that reduce privacy risk by construction rather than policy.
Reinforcement Learning
A learning paradigm in which an agent learns by interacting with an environment and receiving rewards or penalties. Unlike supervised learning, no labelled training data is required — the model discovers effective strategies through trial and error. Used in robotics, game-playing AI, and crucially in RLHF, which is how modern language models are trained to be helpful and refuse harmful requests.
AI Register
A formal inventory of AI systems an organisation uses, along with key information about each system's purpose, risk classification, oversight measures, and compliance status. The EU AI Act mandates registration of high-risk AI systems in a public EU database before deployment. Practically: most large organisations have more AI systems in operation than they have documented. The register is the prerequisite for almost every other governance practice.
Autonomous Weapons
AI-enabled weapons capable of selecting and engaging targets without meaningful human control — also known as lethal autonomous weapons systems or LAWS. Whether international humanitarian law's requirements of distinction and proportionality can be satisfied by an autonomous system is the central legal debate. The EU AI Act explicitly excludes AI used solely for military or national security purposes from its scope, leaving regulation of autonomous weapons to international law, where progress has been slow.
Overfitting
A failure mode in which a model learns the patterns and noise of its training data so closely that it fails to generalise to new data — the machine learning equivalent of memorising an exam rather than understanding the subject. A highly overfitted model may perform well in controlled testing and badly in production, a common cause of post-deployment AI failures that were not anticipated during development.
Post-Market Monitoring
The ongoing data collection and review obligation for providers of high-risk AI systems after deployment. Providers must actively monitor performance, collect incident data, and update the conformity assessment if the system changes. This is not passive — the Act expects a functioning monitoring plan with defined metrics, collection methods, and review cycles. Serious incidents must be reported to national authorities without undue delay.
Supervised Learning
The most common machine learning paradigm: a model trained on labelled examples learns to generalise that mapping to new inputs. Most commercial AI — credit scoring, spam detection, medical diagnosis — is supervised. The legal and ethical implications follow directly: the labels, and the humans or processes that created them, encode whatever biases exist in the system.
AI Regulatory Sandbox
A supervised testing environment where AI providers can develop and validate innovative systems with regulatory oversight, and with the possibility of derogating from certain requirements during the testing period. Their practical value depends entirely on whether national regulators staff and operate them effectively — which varies considerably across EU member states.
FLOP (Floating Point Operations)
The unit of computational work used to measure AI training scale. Modern frontier models require 10^24 to 10^26 FLOPs to train. The EU AI Act defines systemic risk partly in terms of a 10^25 FLOP training threshold. FLOPs are also a proxy for carbon footprint: a 10^24 FLOP training run consumes roughly the annual electricity consumption of several hundred homes — an environmental consideration that regulators are beginning to address.
Informed Consent
The requirement that individuals understand and agree to how AI systems process their data or affect their decisions. For AI, informed consent is complicated by opacity: it is difficult to consent meaningfully to a decision process you cannot understand. GDPR Article 22 provides specific rights regarding automated decisions with significant effects — the right to human review, to contest the decision, and to explanation. These rights apply regardless of whether consent was given to the automation in the first place.
Responsible AI
A commitment to developing and deploying AI in ways that are fair, transparent, accountable, safe, and respectful of human rights. As a term, it is widely used and variously defined — sceptics argue it has become a PR category rather than a substantive one. AICI's position: responsible AI is not a framework or a badge. It is a practice, demonstrated by the decisions an organisation makes when responsible behaviour is costly.
Unsupervised Learning
Machine learning on unlabelled data — the model finds structure without being told what to look for. Clustering, dimensionality reduction, and anomaly detection are typical applications. Less directly regulated than supervised learning, but widely used in profiling and targeting systems with significant privacy implications.
AI Impact Assessment
A structured analysis of the potential effects — positive and negative — of an AI system on individuals, groups, and society, conducted before deployment. Distinct from a technical risk assessment: an impact assessment considers who is affected, whether affected parties were consulted, and whether the benefits justify the harms. Required as a GDPR DPIA for systems processing personal data, and as a FRIA for certain high-risk AI systems under the EU AI Act.
ISO/IEC 42001
The international standard for AI Management Systems, published in December 2023. ISO 42001 gives organisations a certifiable framework for responsible AI governance — policies, roles, risk management, impact assessment, and continual improvement. It is the AI equivalent of ISO 27001 for information security. Organisations seeking to demonstrate credible AI governance in procurement or regulatory contexts will increasingly be expected to reference or certify against it.
Synthetic Data
Artificially generated data that is statistically similar to real data but contains no actual personal information. Used to augment scarce training data, protect privacy, and test systems against rare scenarios. The governance caveat: synthetic data generated from biased real data replicates those biases — sometimes amplified. Regulators are beginning to require disclosure when synthetic data is used in training high-risk AI systems.
Transfer Learning
Reusing a model trained on one task as the starting point for a model on a different but related task. In practice, nearly every commercial AI application is downstream of a handful of foundation models built by a handful of companies. The governance implication: knowing who trained the base model, on what data, and with what safeguards matters even when you did not build the system yourself.
Fine-Tuning
Continued training of a pre-trained model on a smaller, domain-specific dataset. Fine-tuning shapes a general-purpose model into a specialist — a legal document analyser, a medical coder, a customer service agent. Under the EU AI Act, an organisation that fine-tunes a GPAI model for a specific purpose may take on provider obligations for the adapted system.
Model Alignment
The research and engineering challenge of ensuring an AI system reliably pursues the goals its designers intended, rather than proxy goals that happened to score well on training metrics. "Alignment" covers both near-term challenges — making a model helpful and harm-refusing — and long-term concerns about ensuring advanced systems remain beneficial when their capabilities exceed human ability to verify their reasoning.
NIST AI Risk Management Framework (AI RMF)
Published by the US National Institute of Standards and Technology in January 2023. Voluntary but widely referenced, particularly in US federal procurement and financial services. Organised around four functions: GOVERN, MAP, MEASURE, and MANAGE. It complements the EU AI Act well — the RMF provides a practical how-to framework while the Act provides the legal obligations.
Transparency
Openness about how an AI system works, what data trained it, how decisions are made, and where it can fail. Transparency is not binary — it exists on a spectrum from "we use AI" to full algorithmic disclosure. The EU AI Act specifies minimum transparency requirements by risk level: GPAI providers must publish training data summaries; high-risk systems require detailed technical documentation; limited-risk systems must disclose to users that they are interacting with AI.
AI Incident
An event in which an AI system contributes to harm, near-miss, or serious unexpected failure. Under the EU AI Act, providers of high-risk systems must report serious incidents — death, serious injury, property damage, fundamental rights violations — to national authorities. Most organisations have no defined process for identifying, classifying, and reporting AI incidents. That gap will become a liability as enforcement matures.
Deepfake
AI-generated synthetic media in which a real person appears to say or do something they did not. The EU AI Act requires transparency labelling of AI-generated synthetic content depicting real people. In the UK, sharing non-consensual intimate deepfakes is a criminal offence under the Online Safety Act 2023. Deepfake detection remains an arms race; authentication infrastructure for genuine media — such as the C2PA provenance standard — is an emerging regulatory priority.
GDPR
The General Data Protection Regulation (EU) 2016/679 — the foundational EU data protection law, applicable since May 2018. GDPR's relevance to AI is pervasive: training data must have a lawful basis; automated decision-making with significant effects requires human review rights under Article 22; profiling is regulated. GDPR enforcement actions targeting AI systems are increasing year on year and will accelerate as the EU AI Act's provisions mature.
Prompt Engineering
Designing inputs to language models to reliably produce desired outputs. The skill ranges from clear instruction-writing to sophisticated techniques including chain-of-thought prompting, few-shot examples, and persona assignment. It is currently the primary way non-technical users shape AI behaviour — and the primary attack surface for adversarial users attempting to subvert safety measures.
Procurement (AI)
The acquisition of AI systems or services from third parties. AI procurement governance matters because the deployer carries legal obligations under the EU AI Act that cannot be outsourced to the vendor. Procurement teams must evaluate conformity documentation, negotiate contract terms that allocate compliance responsibilities, conduct due diligence on training data and model limitations, and establish post-deployment monitoring requirements. The vendor's assurances are not a substitute for the deployer's own assessment.
Retrieval-Augmented Generation (RAG)
An architecture that connects a language model to an external knowledge base. When asked a question, the system retrieves relevant documents first, then generates an answer grounded in that content. RAG dramatically reduces hallucination in knowledge-intensive applications and allows AI systems to stay current without retraining. It is the standard architecture for production AI assistants in regulated industries.
CE Marking (AI)
The conformity marking affixed by providers to high-risk AI systems that have passed conformity assessment under the EU AI Act. CE marking signals that a system meets EU requirements and may be placed on the internal market. It must be accompanied by a Declaration of Conformity. If a system is substantially modified after CE marking, a new conformity assessment is required.
Hallucination
When an AI system generates confident, coherent, and factually wrong information. The term is somewhat misleading — models do not confuse fact and fiction as humans might. They predict statistically likely text; sometimes that text is false. In legal, medical, and regulatory contexts, hallucinated outputs are not a nuisance — they are a liability. The EU AI Act's human oversight requirements exist, in significant part, because of this failure mode.
Three Lines of Defence
A governance model applied to AI risk. The first line (operational units) owns day-to-day AI risk management. The second line (risk, compliance, legal) sets the framework and challenges the first. The third line (internal audit) independently assesses the effectiveness of both. Most organisations are strong on the first line and weak on the second and third — principally because AI expertise sits in technology rather than risk functions.
AI Ethics Board
A body providing independent ethical oversight of an organisation's AI activities. Ethics boards vary enormously in effectiveness. A board with no budget, no investigative powers, and no authority to delay a product launch is governance theatre. An effective board has access to technical documentation, can commission independent reviews, and has a genuine mandate to say no. The difference is usually determined by whether the board reports to the CEO or to the head of marketing.
Multimodal AI
AI systems that process and generate across multiple data types — text, images, audio, video — within a single model. The governance implications extend proportionally: a system that can simultaneously interpret a document, analyse an image, and transcribe audio introduces a significantly broader risk surface than any single-modality predecessor.
OECD AI Principles
The first intergovernmental AI standards, adopted by OECD member countries in 2019 and updated in 2024. Five principles: AI should benefit people and the planet; be robust, secure, and safe; be transparent and explainable; be accountable; and be governed inclusively. Non-binding, but influential — the OECD definition of an AI system was incorporated directly into the EU AI Act.
AI Agent
An AI system that takes actions in the world — browsing the web, executing code, sending emails, interacting with external services — autonomously, over multiple steps, toward a goal. Agents are qualitatively different from AI assistants: they have persistent state, make sequential decisions, and cause effects outside the conversation window. Current regulatory frameworks were not designed with agents in mind.
Bias (AI)
Systematic unfairness in AI outputs, typically arising from biased training data, flawed model design, or feedback loops that reinforce historical inequalities. AI bias is not abstract — it has produced documented discriminatory outcomes in hiring, lending, healthcare triage, criminal risk scoring, and facial recognition. Measuring bias requires defining fairness, which requires making value judgements that cannot be resolved technically. Legal obligations under EU non-discrimination law apply regardless of whether discrimination was intentional.
Systemic Risk (GPAI)
The category of risk that applies to the most powerful foundation models under the EU AI Act. Models trained above a 10^25 FLOP threshold are presumed to pose systemic risk — wide-scale disruption or harm that could affect the EU as a whole. Systemic-risk GPAI providers face enhanced obligations: adversarial testing, incident reporting to the EU AI Office, and cybersecurity obligations. As of 2025, only a handful of frontier models clearly trigger the threshold.
AI Literacy
Skills, knowledge and understanding that allow providers, deployers and affected persons to make an informed deployment of AI systems.
Algorithmic Fairness
The mathematical formalisation of fairness in AI decisions. Different metrics — demographic parity, equalised odds, calibration — embody different conceptions of what fair means, and they cannot all be satisfied simultaneously. Choosing a fairness metric is not a technical decision: it is a policy decision about which form of equality the system should optimise for. Regulators and courts are increasingly being asked to adjudicate which metric applies in which context.
Declaration of Conformity
The formal document a provider signs to declare that a high-risk AI system meets EU AI Act requirements. For most systems, this is a self-declaration — not a third-party certification. That self-declaration, and the technical file behind it, become the primary targets of enforcement investigation when something goes wrong. Signing one without the underlying evidence to support it is a significant legal exposure.
Token
The fundamental unit of text in a language model — roughly a word or word-fragment, depending on the tokenisation scheme. Context limits, pricing, and speed are all denominated in tokens. Understanding tokens is essential for anyone building or procuring AI systems: you are paying per token, and your system will fail in predictable ways when it hits the limit.
Context Window
The maximum amount of text a language model can process at once — both input and output combined. A model with a 200,000-token context window can hold roughly 150,000 words simultaneously. For legal and compliance applications, a longer context window means being able to process entire contracts or regulatory documents in a single pass rather than in fragments.
Inference
Running a trained model to produce outputs. Training happens once (or periodically); inference happens every time a user interacts with the system. The compute cost of inference at scale — and the carbon footprint that entails — is one of the environmental concerns that regulators and ESG frameworks are beginning to address.
Embedding
A numerical representation of content — text, image, audio — as a point in high-dimensional space. Embeddings encode meaning: similar content sits close together. They are the engine behind semantic search, recommendation systems, and RAG architectures. When an organisation's documents are converted to embeddings stored in a vector database, those embeddings can leak information about source documents — a consideration for data protection compliance.
Transformer
The neural network architecture underlying most modern AI. Introduced in the 2017 paper "Attention Is All You Need," the transformer's self-attention mechanism allows models to process entire sequences in parallel and learn which parts of the input are most relevant to each output. Every significant language model and most modern image models are transformer-based.
Parameters
The numerical weights that define what a neural network knows and how it behaves — adjusted during training, fixed during inference. GPT-3 has 175 billion; some models exceed a trillion. Larger models are generally more capable and also more expensive to run, harder to audit, and more energy-intensive. The EU AI Act's systemic risk threshold is defined partly in terms of training compute, which is related to but not the same as parameter count.
Annex III
The section of the EU AI Act that defines high-risk AI system categories requiring conformity assessment.
Article 4
The EU AI Act provision mandating AI literacy requirements for all staff interacting with AI systems.
Conformity Assessment
The process of verifying whether an AI system meets all applicable requirements of the EU AI Act.
Deployer
A natural or legal person that uses an AI system under its authority, except where used in a personal non-professional activity.
High-Risk AI System
AI systems that pose significant risks to health, safety, or fundamental rights as defined in Annex III.
Human Oversight
Measures ensuring that AI systems can be effectively overseen by natural persons during the period of use.
Provider
A natural or legal person that develops an AI system or has an AI system developed with a view to placing it on the market.
Risk Management System
A continuous iterative process planned and run throughout the entire lifecycle of a high-risk AI system.
Technical Documentation
Documentation demonstrating compliance with EU AI Act requirements, maintained throughout the AI system lifecycle.
Transparency Obligations
Requirements to inform users when they are interacting with AI systems or AI-generated content.