Practice vocabulary for AI governance: EU AI Act risk categories, NIST AI RMF, human review requirements, and AI audit language.
0 / 5 completed
1 / 5
Under the EU AI Act, a social scoring system used by a government is classified as ___ risk and is prohibited.
The EU AI Act's unacceptable risk category covers AI practices that pose a clear threat to fundamental rights — such as social scoring, real-time biometric surveillance in public spaces, and manipulation of vulnerable people. These are prohibited.
2 / 5
A credit-scoring AI falls into the EU AI Act's ___ risk category. What does this require of the developer?
High-risk AI systems under the EU AI Act (e.g., credit scoring, hiring tools, critical infrastructure) must undergo conformity assessment, maintain technical documentation, implement risk management, and be registered in the EU database.
3 / 5
Your team refers to the ___ AI RMF when designing your AI risk management process. What does this acronym stand for?
The NIST AI RMF (AI Risk Management Framework) is a voluntary US framework that helps organizations identify, assess, and manage AI risks across four core functions: Govern, Map, Measure, and Manage.
4 / 5
The compliance team confirms: 'This system requires a ___ review before any decision is finalised.' What safeguard is this?
Human review (or human-in-the-loop) is a governance control that requires a person to examine and approve or override an AI decision before it becomes final — required for high-risk systems under frameworks like the EU AI Act.
5 / 5
The governance office schedules an AI ___ to verify compliance with internal policies and external regulations.
An AI audit is a structured, formal examination of an AI system to verify it meets regulatory requirements, internal policies, and ethical standards — covering documentation, data practices, model behaviour, and incident logs.