Certified

AI Governance
Professional

AIGP
BODY OF KNOWLEDGE
AND EXAM BLUEPRINT
VERSION 4.0.0 EFFECTIVE DATE: 10/02/2023
 Certified
AI Governance

THE AIGP BODY OFBODY

KNOWLEDGE (BoK)
Professional

THE AIGP OF KNOWLEDGE

The rapid rise of generative artificial intelligence has focused our

collective attention on the promise and peril of an AI-fueled society.
With equal parts excitement and trepidation, we find ourselves
asking how to build a future augmented by the potential benefits
of AI, while avoiding its pitfalls.
Every day we hear more about the potential of AI-powered systems
to transform how we work, create, solve problems, communicate,
and even diagnose and treat illness. The possibilities of advanced
AI seem to be unlimited.
But without proper testing, evaluation, validation, and verification
at each stage of AI development, foundational AI models could
perpetuate biases and amplify other societal challenges that will
cascade through later systems and remain for decades.
We must continue to build and refine the governance processes
through which trustworthy AI will emerge and we must invest in
the people who will build ethical and responsible AI. Those who
work in compliance, risk management, legal and governance
together with data scientists, AI project managers, model ops teams
and others must be prepared to tackle the expanded equities at
issue in AI governance.
To meet this demand, the IAPP has developed the Artificial
Intelligence Governance Professional (AIGP) certification and
training for the emerging AI governance profession. An AIGP
trained and certified professional will know how to implement and
effectively communicate across teams the emerging best practices
and rules for responsible management of the AI ecosystem. We
are privileged to grow a community of credentialed AI governance
professionals, through which resources and expanding knowledge
can be brought together in one place.

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 2 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

UNDERSTANDING THE AIGP BODY OF The body of knowledge also includes the Exam
KNOWLEDGE Blueprint numbers, which show the number of
questions from each part of the BoK that will be
The main purpose of the AIGP body of knowledge
found on the exam.
is to document the knowledge and skills that will
be assessed on the AIGP certification exam. The The AIGP body of knowledge was developed by
domains of the BoK capture the activities that a substantial group of experts from the fields of
an AI governance professional should undertake ethics, law, privacy, computer science, sociology
to guide AI’s implementation in a manner that and psychology that represents the breadth of
mitigates risk and ensures safety and trust. There responsible AI stakeholders. The BoK will be
are six main domains and a seventh that entertains reviewed (and, if necessary, updated) every six
emerging governance and legal issues: months; changes will be reflected in exam updates
and communicated to candidates at least 90 days
• Domain 1: ″Understanding the Foundations
before the new content appears in the exam.
of Artificial Intelligence,″ defines AI and
machine learning, provides an overview of COMPETENCIES AND
the different types of AI systems and their use PERFORMANCE INDICATORS
cases, and positions AI models in the broader
The content in the body of knowledge is represented
socio-cultural context.
as a series of competencies and connected
• Domain 2: ″Understanding AI Impacts and performance Indicators.
Responsible AI Principles,″ identifies the
risks that ungoverned AI systems can have Competencies are clusters of connected tasks and
on humans and society and describes the abilities that constitute a broad knowledge domain.
characteristics and principles that are essential Performance indicators are the discrete tasks and
to trustworthy and ethical AI. abilities that constitute the broader competence group.
• Domain 3: ″Understanding How Current Laws Exam questions assess an AI governance professional’s
Apply to AI Systems,″ surveys the current laws proficiency on the performance indicators.
that govern the use of artificial intelligence.
WHAT TYPES OF QUESTIONS WILL BE
• Domain 4: ″Understanding the Existing
and Emerging AI Laws and Standards,″
ON THE EXAM?
outlines the global AI-specific laws (like the EU For the certification candidate, the performance
AI Act and Canada’s Bill C-27) and the major indicators are guides to the depth of knowledge
frameworks that show how AI systems can be required to demonstrate competency. The verbs
responsibly governed. that begin the skill and task statements (identify,
• Domain 5: ″Understanding the AI evaluate, implement, define) signal the level of
Development Life Cycle,″ broadly outlines complexity of the exam questions and find their
corollaries on the Bloom’s Taxonomy (see next page).
the context in which AI risks are managed.
• Domain 6: ″Implementing Responsible
AI Governance and Risk Management,″
explains how the major AI stakeholders
collaborate in a layered approach, to manage
AI risks while fulfilling the potential benefits AI
systems have for society.
• Domain 7: ″Contemplating Ongoing Issues
and Concerns,″ presents some of the debated
issues around AI governance.

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 3 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

BLOOM’S TAXONOMY
Bloom’s Taxonomy (often represented as a pyramid) is a
hierarchy of cognitive skills used to establish educational
learning objectives. IAPP exam questions mostly focus on
the remember/understand and apply/analyze levels.

Produce new or original work

Design, assemble, construct, conjecture,
CREATE develop, formulate, author, investigate.
Justify a stand or decision
Appraise, argue, defend, judge,
select, support, value, critique, weigh. EVALUATE
Draw connection among ideas
Differentiate, organize, relate, compare, contrast,
ANALYZE distinguish, examine, experiment, question, test.
Use information in new situations
Execute, implement, solve, use, demonstrate,
interpret, operate, schedule, sketch. APPLY

Explain ideas or concepts

Classify, describe, discuss, explain, identify,
UNDERSTAND locate, recognize, report, select, translate.
Recall facts and basic concepts
Define, duplicate, list, memorize,
repeat, state. REMEMBER

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 4 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain I: Understanding the Foundations
ITEMS
12 of Artificial Intelligence

Domain I – ″Understanding the Foundations of Artificial Intelligence,″ defines AI and ML,

provides an overview of the different types of AI systems and their use cases, and positions AI
models in the broader socio-cultural context

No. of items Competencies Performance Indicators

Understand widely accepted definitions of AI and ML, and the
basic logical-mathematical principles over which AI/ML
models operate.

Understand common elements of AI/ML definitions under new

and emerging law:
1. Technology (engineered or machine-based system; or
logic, knowledge, or learning algorithm).
2. Automation (elements of varying levels).
3. Role of humans (define objectives or provide data).
4. Output (content, predictions, recommendations, or
Understand the decisions).
4 I.A basic elements of
AI and ML Understand what it means that an AI system is a
socio-technical system.

Understand the need for cross-disciplinary collaboration

(ensure UX, anthropology, sociology, linguistics experts are
involved and valued).

Knowledge of the OECD framework for the classification of

AI systems.

Understand the use cases and benefits of AI (recognition,

event detection, forecasting, personalization, interaction
support, goal-driven optimization, recommendation).

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 5 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
ITEMS Domain I: Understanding the Foundations of Artificial Intelligence
12
No. of items Competencies Performance Indicators
Understand the differences between strong/broad and weak/
narrow AI.

Understand the basics of machine learning and its training

methods (supervised, unsupervised, semi-supervised,
reinforcement).
Understand
the differences
4 I.B Understand deep learning, generative AI, multi-modal models,
among types of
transformer models, and the major providers.
AI systems
Understand natural language processing: text as input and
output.

Understand the difference between robotics and robotic

processing automation (RPA).

Platforms and applications.

Understand the Model types.

2 I.C AI technology
stack
Compute infrastructure: software and hardware (servers and
chips).

1956 Dartmouth summer research project on AI.

Understand the Summers, winters and key milestones.

history of AI and
2 I.D
the evolution of Understand how the current environment is fueled by
data science exponential growth in computing infrastructure and tech
megatrends (cloud, mobile, social, IOT, PETs, blockchain,
computer vision, AR/VR, metaverse).

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 6 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain II: Understanding AI Impacts
ITEMS
10 on People and Responsible AI Principles
Domain II – ″Understanding AI Impacts on People and Responsible AI Principles,″
identifies the risks that ungoverned AI systems can have on humans and society and
describes the characteristics and principles that are essential to trustworthy and
ethical AI

No. of items Competencies Performance Indicators

Understand the potential harms to an individual (civil rights,
economic opportunity, safety).

Understand the potential harms to a group (discrimination

towards sub-groups).
Understand the
Understand the potential harms to society (democratic
core risks and
4 II.A process, public trust in governmental institutions, educational
harms posed by
access, jobs redistribution).
AI systems
Understand the potential harms to a company or institution
(reputational, cultural, economic, acceleration risks).

Understand the potential harms to an ecosystem (natural

resources, environment, supply chain).

Understand what it means for an AI system to be

″human-centric.″

Understand the characteristics of an accountable AI system

Understand the (safe, secure and resilient, valid and reliable, fair).
characteristics
4 II.B Understand what it means for an AI system to be transparent.
of trustworthy AI
systems
Understand what it means for an AI system to be explainable.

Understand what it means for an AI system to be

privacy-enhanced.

Understand how the ethical guidance is rooted in Fair

Information Practices, European Court of Human Rights and
Understand Organization for Economic Cooperation and Development
the similarities principles.
and differences
2 II.C among existing
OECD AI Principles; White House Office of Science and
and emerging
Technology Policy Blueprint for an AI Bill of Rights; High-level
ethical guidance
Expert Group AI; UNESCO Principles; Asilomar AI Principles; The
on AI
Institute of Electrical and Electronics Engineers Initiative on
Ethics of Autonomous and Intelligent Systems; CNIL AI Action Plan.

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 7 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain III: Understanding How Current Laws
ITEMS
10 Apply to AI Systems

Domain III – ″Understanding How Current Laws Apply to AI Systems,″ surveys the
current laws that govern the use of artificial intelligence

No. of items Competencies Performance Indicators

Know the laws that address unfair and deceptive practices.

Know relevant non-discrimination laws (credit, employment,

insurance, housing, etc.).
Understand the
existing laws that Know relevant product safety laws.
6 III.A
interact with
AI use Know relevant IP law.

Understand the basic requirements of the EU Digital Services

Act (transparency of recommender systems).

Know relevant privacy laws concerning the use of data.

Understand automated decision making, data protection

impact assessments, anonymization, and how they relate to AI
systems.

Understand the intersection between requirements for AI

Understanding
conformity assessments and DPIAs.
3 III.B key GDPR
intersections
Understand the requirements for human supervision of
algorithmic systems.

Understand an individual’s right to meaningful information

about the logic of AI systems.

Awareness of the reform of EU product liability law.

Understanding
1 III.C Understand the basics of the AI Product Liability Directive.
liability reform

Awareness of U.S. federal agency involvement (EO14091).

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 8 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain IV: Understanding the Existing
ITEMS
12 and Emerging AI Laws and Standards

Domain IV – ″Understanding the Existing and Emerging AI Laws and Standards,″

identifies and describes global AI-specific laws and the major frameworks that show
how AI systems can be responsibly governed

No. of items Competencies Performance Indicators

Understand the classification framework of AI systems
(prohibited, high-risk, limited risk, low risk).

Understand requirements for high-risk systems and

foundation models.

Understand notification requirements (customers and national

Understanding authorities).
5 IV.A the requirements
of the EU AI Act Understand the enforcement framework and penalties for
noncompliance.
Understand procedures for testing innovative AI and
exemptions for research.

Understand transparency requirements, i.e., registration

database.

Understand the key components of Canada’s Artificial

Intelligence and Data Act (C-27).
Understand
Understand the key components of U.S. state laws that govern
3 IV.B other emerging
the use of AI.
global laws
Understand the Cyberspace Administration of China’s draft
regulations on generative AI.

ISO 31000:2018 Risk Management – Guidelines.

United States National Institute of Standards and Technology,

AI Risk Management Framework (NIST AI RMF).

Understand European Union proposal for a regulation laying down

the similarities harmonized rules on AI (EU AIA).
and differences
among the Council of Europe Human Rights, Democracy, and the Rule of
4 IV.C Law Assurance Framework for AI Systems (HUDERIA).
major risk
management
frameworks and IEEE 7000-21 Standard Model Process for Addressing Ethical
standards Concerns during System Design

ISO/IEC Guide 51 Safety aspects – guidelines for their inclusion

in standards.

Singapore Model AI Governance Framework.

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 9 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain V: Understanding the
ITEMS
8 AI Development Life Cycle

Domain V – ″Understanding the AI Development Life Cycle,″ describes the AI life

cycle and the broad context in which AI risks are managed

No. of items Competencies Performance Indicators

Determine the business objectives and requirements.
Understand
the key steps in Determine the scope of the project.
2 V.A
the AI system
planning phase
Determine the governance structure and responsibilities.

Implement a data strategy that includes:

• Data gathering, wrangling, cleansing, labeling.
Understand the • Applying PETs like anonymization, minimization, differential
key steps in the privacy, federated learning.
2 V.B
AI system design
phase Determine AI system architecture and model selection (choose
the algorithm according to the desired level of accuracy and
interpretability).

Build the model.

Understand
the key steps in Perform feature engineering.
2 V.C the AI system
development Perform model training.
phase
Perform model testing and validation.

Perform readiness assessments.

Understand
the key steps in Deploy the model into production.
2 V.D the AI system
implementation Monitor and validate the model.
phase
Maintain the model.

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 10 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain VI: Implementing Responsible AI Governance
ITEMS
27 and Risk Management

Domain VI – ″Implementing Responsible AI Governance and Risk Management,″

explains how the major AI stakeholders collaborate, in a layered approach, to manage
AI risks while fulfilling the potential benefits AI systems have for society

No. of items Competencies Performance Indicators

Ensure
interoperability
of AI risk
2 VI.A Ex. security risk, privacy risk, business risk.
management with
other operational
risk strategies

Adopt a pro-innovation mindset.

Ensure governance is risk-centric.

Integrate AI Ensure planning and design is consensus-driven .

governance
2 VI.B Ensure team is outcome-focused.
principles into the
company
Adopt a non-prescriptive approach to allow for intelligent
self-management.

Ensure framework is law-, industry-, and technology-agnostic.

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 11 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain VI – Implementing Responsible AI Governance
ITEMS
27
and Risk Management
No. of items Competencies Performance Indicators
Determine if you are a developer, deployer (those that make
an AI system available to third parties) or user; understand
how responsibilities among companies that develop AI systems
and those that use or deploy them differ; establish governance
processes for all parties; establish framework for procuring and
assessing AI software solutions.

Establish and understand the roles and responsibilities of AI

governance people and groups including, but not limited to,
the chief privacy officer, the chief ethics officer, the office for
responsible AI, the AI governance committee, the ethics board,
architecture steering groups, AI project managers, etc.

Advocate for AI governance support from senior leadership

and tech teams by:
• Understanding pressures on tech teams to build AI
solutions quickly and efficiently.
• Understanding how data science and model operations
teams work.
• Being able to influence behavioral and cultural change.

Establish an Establish organizational risk strategy and tolerance.

5 VI.C AI governance
infrastructure Develop central inventory of AI and ML applications and
repository of algorithms.

Develop responsible AI accountability policies and incentive

structures.

Understand AI regulatory requirements.

Set common AI terms and taxonomy for the organization.

Provide knowledge resources and training to the enterprise to

foster a culture that continuously promotes ethical behavior.

Determine AI maturity levels of business functions and

address insufficiencies.

Use and adapt existing privacy and data governance practices

for AI management.

Create policies to manage third party risk, to ensure

end-to-end accountability.

Understand differences in norms/expectations across countries.

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 12 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain VI – Implementing Responsible AI Governance
ITEMS
27
and Risk Management
No. of items Competencies Performance Indicators
Define the business case and perform cost/benefit analysis
where trade-offs are considered in the design of AI systems.
Why AI/ML?

Identify and classify internal/external risks and contributing

factors (prohibitive, major, moderate).

Construct a probability/severity harms matrix and a risk

mitigation hierarchy.

Perform an algorithmic impact assessment leveraging PIAs

as a starting point and tailoring to AI process. Know when to
perform and who to involve.

Establish level of human involvement/oversight in AI decision

making.

Conduct a stakeholder engagement process that includes the

following steps:
• Evaluate stakeholder salience.
• Include diversity of demographics, disciplines, experience,
expertise and backgrounds.
Map, plan and
6 VI.D scope the AI • Perform positionality exercise.
project • Determine level of engagement.
• Establish engagement methods.
• Identify AI actors during design, development, and
deployment phases.
• Create communication plans for regulators and consumers
that reflect compliance/disclosure obligations for
transparency and explainability (UI copy, FAQs, online
documentation, model or system cards).

Determine feasibility of optionality and redress.

Chart data lineage and provenance, ensuring data is

representative, accurate and unbiased. Use statistical
sampling to identify data gaps.

Solicit early and continuous feedback from those who may be

most impacted by AI systems.

Use test, evaluation, verification, validation (TEVV) process.

Create preliminary analysis report on risk factor and

proportionate management.

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 13 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain VI – Implementing Responsible AI Governance
ITEMS
27
and Risk Management
No. of items Competencies Performance Indicators

Evaluate the trustworthiness, validity, safety, security, privacy

and fairness of the AI system using the following methods:
• Use edge cases, unseen data, or potential malicious input
to test the AI models.
• Conduct repeatability assessments.
• Complete model cards/fact sheets.
• Create counterfactual explanations (CFEs).
• Conduct adversarial testing and threat modeling to identify
security threats.
• Refer to OECD catalogue of tools and metrics for
trustworthy AI.
• Establish multiple layers of mitigation to stop system errors
or failures at different levels or modules of the AI system.
Test and
• Understand trade-offs among mitigation strategies.
validate the AI
6 VI.E
system during
development Apply key concepts of privacy-preserving machine learning and
use privacy-enhancing technologies and privacy-preserving
machine learning techniques to help with privacy protection in
AI/ML systems.

Understand why AI systems fail. Examples include: brittleness;

hallucinations; embedded bias; catastrophic forgetting;
uncertainty; false positives.

Determine degree of remediability of adverse impacts.

Conduct risk tracking to document how risks may change over

time.

Consider, and select among different deployment strategies.

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 14 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain VI – Implementing Responsible AI Governance
ITEMS
27
and Risk Management
No. of items Competencies Performance Indicators
Perform post-hoc testing to determine if AI system goals were
achieved, while being aware of ″automation bias.″

Prioritize, triage and respond to internal and external risks.

Ensure processes are in place to deactivate or localize AI

systems as necessary (e.g., due to regulatory requirements or
performance issues).

Continuously improve and maintain deployed systems by

tuning and retraining with new data, human feedback, etc.

Determine the need for challenger models to supplant the

Manage and
champion model.
monitor AI
6 VI.F
systems after
Version each model and connect them to the data sets they
deployment
were trained with.

Continuously monitor risks from third parties, including bad

actors.

Maintain and monitor communication plans and inform user

when AI system updates its capabilities. Assess potential
harms of publishing research derived from AI models.

Conduct bug bashing and red teaming exercises.

Forecast and reduce risks of secondary/unintended uses and

downstream harm of AI models.

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 15 OF 16 Version 1.0.0
Supersedes: n/a
 Certified
AI Governance
Professional

THE AIGP BODY OF KNOWLEDGE

TOTAL
Domain VII: Contemplating Ongoing Issues
ITEMS
6 and Concerns

Domain VII – ″Contemplating Ongoing Issues and Concerns,″ presents some of

the current discussions and ideas about AI governance

No. of items Competencies Performance Indicators

How will a coherent tort liability framework be created

to adapt to the unique circumstances of AI and allocate
responsibility among developers, deployers and users?
Awareness of
2 VII.A
legal issues What are the challenges surrounding AI model and data
licensing?

Can we develop systems that respect IP rights?

How do we properly educate users about the functions and

limitations of AI systems?
Awareness of
2 VII.B How do we upskill and reskill the workforce to take full
user concerns
advantage of AI benefits?

Can there be an opt-out for a non-AI alternative?

How can we build a profession of certified third-party auditors

globally – and consistent frameworks and standards for them?

What are the markers/indicators that determine when an AI

Awareness of system should be subject to enhanced accountability, such as
AI auditing and third-party audits (e.g., automated decision-making, sensitive
2 VII.C
accountability data, others)?
issues
How do we enable companies to remain productive using
automated checks for AI governance and associated ethical
issues, while adapting this automation quickly to the evolving
standards and technology?

Approved by: AIGP JTH Effective Date: 6/20/23

Approved on: 6/20/2023 PAGE 16 OF 16 Version 1.0.0
Supersedes: n/a