AI Governance
AI governance is the set of policies, controls, and processes that ensure AI systems are safe, ethical, compliant, and auditable across their lifecycle. It combines model inventory, risk registers, mapped controls, approval workflows, and ongoing monitoring.
AI Impact Assessment
An AI impact assessment is a structured evaluation of an AI system's effects on rights, safety, fairness, and business risk. It is required for high-risk systems under the EU AI Act and referenced throughout ISO 42001.
AI Management System (AIMS)
An AI management system is the ISO 42001 framework of policies, processes, roles, and controls an organization uses to manage AI. It is the AI equivalent of an ISMS under ISO 27001.
AI Risk Management
AI risk management is the discipline of identifying, assessing, mitigating, and monitoring risks specific to AI systems — including bias, drift, security, and safety risks. NIST AI RMF and ISO 23894 are the leading references.
AI Supply Chain
The AI supply chain covers every third-party model, dataset, API, and library that feeds into your AI system. Governance requires visibility into this chain so you can react when an upstream component changes or is deprecated.
AI-BOM (AI Bill of Materials)
An AI-BOM is a structured inventory of every model, dataset, library, and third-party dependency used to build an AI system. It is the AI equivalent of a software bill of materials and forms the base layer of an audit-ready model registry.
Alignment
Alignment is the practice of ensuring an AI system acts consistently with human intent and stated values. It is both a research field (for foundation models) and an operational requirement (via guardrails and human oversight).
Annex A (ISO 42001)
Annex A of ISO 42001 is the reference control set — a catalog of specific controls mapped to AI risks. An AIMS declares which Annex A controls are in scope in its Statement of Applicability.
Audit Trail
An audit trail is an immutable log recording who did what to which model, dataset, or control and when. It is the primary evidence artifact auditors ask for during ISO 42001 and EU AI Act reviews.
Bias (AI)
Bias in an AI system is systematic error that causes the model to perform unfairly across groups or contexts. Bias can enter through training data, model architecture, labeling choices, or deployment context.
CI/CD Deployment Gate
A CI/CD deployment gate is an automated check inside a build pipeline that blocks a model from deploying if compliance, quality, or safety signals fail. Gates are how governance policies get enforced at machine speed.
Concept Drift
Concept drift is the degradation of model quality that happens when the real-world distribution of inputs shifts away from the training data. Ongoing drift monitoring is a core post-market obligation.
Data Poisoning
Data poisoning is an adversarial technique in which attackers corrupt training data to bias, backdoor, or degrade a model. Defenses include dataset provenance controls, integrity checks, and red teaming.
Dataset Card
A dataset card is structured metadata describing a dataset's contents, provenance, collection method, and known limitations. Dataset cards live alongside model cards in a governed model registry.
Deployer
Under the EU AI Act, a deployer is an entity that puts an AI system into use under its own authority. Deployers carry duties distinct from providers, including transparency and human oversight obligations.
Drift Monitoring
Drift monitoring is the automated detection of concept drift, data drift, or prediction drift in a deployed model. Alerts feed the incident register and can trigger retraining or rollback.
EU AI Act
The EU AI Act (Regulation 2024/1689) classifies AI systems into four risk tiers — unacceptable, high, limited, and minimal — and imposes duties on both providers and deployers. Most obligations apply from 2 August 2026.
Evaluation (Eval)
An evaluation, or eval, is a scripted test run that measures a model's quality on a fixed benchmark. Evals are versioned, stored, and re-run every time the model or its prompts change.
Explainability
Explainability is the ability to describe why an AI system produced a particular output. It is a stated requirement for high-risk systems under the EU AI Act and a control area in ISO 42001 Annex A.
Fairness Testing
Fairness testing evaluates a model's outputs for disparate impact across protected or vulnerable groups. Results are logged as evidence and can gate deployment through a CI/CD check.
Fine-tuning
Fine-tuning is additional training applied to a base model to specialize it for a domain or task. From a governance standpoint, a fine-tuned model is a new model that needs its own model card, eval history, and risk assessment.
Foundation Model
A foundation model is a large base model trained on broad data that is then adapted for many downstream tasks. Governance for foundation models focuses on provenance, license, and known failure modes rather than task-specific accuracy.
GPAI (General-Purpose AI)
GPAI stands for General-Purpose AI — models with broad capabilities usable across many tasks. The EU AI Act imposes specific transparency, copyright, and systemic-risk duties on GPAI providers.
Guardrails
Guardrails are runtime filters that inspect model inputs and outputs and block unsafe content, sensitive data leaks, or off-policy responses. They are one of the primary technical controls for high-risk deployments.
Hallucination
A hallucination is a confident but incorrect response generated by a language model. Hallucinations are a leading source of harm in production LLM systems and are mitigated with RAG, guardrails, and human review.
High-Risk AI System
Under the EU AI Act, a high-risk AI system is one used in listed sensitive domains such as employment, credit, or critical infrastructure. High-risk systems require conformity assessment, technical documentation, and post-market monitoring.
Human-in-the-Loop
Human-in-the-loop is a design pattern that requires a human to confirm or override an AI decision before it takes effect. It is a common control for high-risk use cases and satisfies EU AI Act human-oversight duties.
ISO 42001
ISO 42001 is the international standard for AI management systems, published in December 2023. It defines requirements for establishing, maintaining, and continually improving an AIMS and is the leading certifiable framework for AI governance.
Jailbreak
A jailbreak is an input crafted to bypass a language model's safety guardrails and elicit prohibited behavior. Red teaming programs regularly probe for jailbreak vectors before and after deployment.
LLM (Large Language Model)
An LLM is a transformer-based model trained on large text corpora to predict the next token. Modern LLMs power chatbots, copilots, and RAG applications and are the most commonly governed model class today.
Model Card
A model card is structured metadata describing a model's intended purpose, training data, evaluation results, and known limitations. It is one of the core documentation artifacts inside a model registry.
Model Registry
A model registry is a system of record that tracks every model, version, and associated dataset in an organization. It is the backbone of any working AI governance program and the first thing an auditor asks to see.
NIST AI RMF
The NIST AI Risk Management Framework is a voluntary risk framework published by NIST that organizes AI risk practices under four functions: Govern, Map, Measure, and Manage. It pairs well with ISO 42001 and is widely used by enterprise buyers.
Post-Market Monitoring
Post-market monitoring is the continuous observation of an AI system after deployment for safety, performance, and drift issues. It is an explicit requirement for high-risk systems under the EU AI Act.
Prompt Injection
Prompt injection is an adversarial input that overrides a model's original instructions or exfiltrates system prompts and tool outputs. It is the most common attack class against LLM applications.
Provider
Under the EU AI Act, a provider is an entity that develops an AI system, or has one developed, and places it on the market under its own name. Providers carry the heaviest set of duties, including conformity assessment for high-risk systems.
RAG (Retrieval-Augmented Generation)
RAG is a design pattern that grounds an LLM's output in documents retrieved at inference time. It reduces hallucination and gives governance teams a clearer audit trail from question to source.
Red Teaming
Red teaming is the deliberate probing of an AI system with adversarial inputs to find failures, unsafe outputs, and jailbreaks. Findings feed the risk register and drive guardrail changes.
Risk Register
A risk register is a live document listing enumerated risks with their mitigations, owners, likelihood, impact, and status. It is required by ISO 42001 and expected by every serious enterprise procurement review.
System Card
A system card is a structured description of a deployed AI system — the composed model, the surrounding infrastructure, the guardrails, and the human oversight steps. It sits one level above the model card.
Transparency Obligation
The EU AI Act imposes transparency obligations requiring providers and deployers to inform users when they are interacting with AI or seeing AI-generated content, including AI-generated media and chatbots.
Trust Badge
A trust badge is a public marker on a marketing site indicating compliance status — for example, ISO 42001 certified or EU AI Act aligned. Zilonex Govern issues verifiable trust badges that link back to live control evidence.