Domain 3: How to Govern AI

Question 1

AI Development Lifecycle (4 stages)

Answer 1

Plan
Design
Develop
Deploy

Question 2

AI Dev Lifecycle - Plan stage

Answer 2

Business problem
Mission
Gaps
Data
Scope
Governance

Question 3

AI Dev Lifecycle - Design stage: Data strategy

Answer 3

Data quality
Data gathering
Data wrangling/prep
Data cleansing
Data labeling
Data privacy

Question 4

Scope considerations for AI Dev planning (3)

Answer 4

Impact
Effort
Fit

Question 5

Data wrangling 5 V’s

Answer 5

Variety
Value
Velocity
Veracity
Volume

Question 6

AI Dev Lifecycle - Design: Consideration

Answer 6

Desired accuracy, interoperability
Objective of data
Business problem
Compliance and business requirements
Constraints (time, money, expertise)

Question 7

AI Dev Lifecycle - Development

Answer 7

Define the features of the model

Question 8

AI Dev Lifecycle - Dev: Purpose of engineering features

Answer 8

Explains how the model reaches decisions
- Improve model performance
- Reduce computational costs
- Boost model explainability

Question 9

Key principles of explainability

Answer 9

Fair
Privacy
Reliability
Robustness
Trust

Question 10

Types of Impact Assessments (5)

Answer 10

Algorithmic
Privacy or Data Protection
Human rights, Democracy, and Rule of Law
Fundamental rights
Ethical

Question 11

HUDERIA: Preliminary Context-based Risk Analysis (PCRA)

Answer 11

provide initial indication of context-based risk for human rights, freedoms and democracy

Question 12

HUDERIA: Risk Index Number (RIN)

Answer 12

Gravity potential + Rights-holders affected = Severity

Severity * Likelihood = RIN

Question 13

HUDERIA: Risk Index Number (RIN): Gravity

Answer 13

Gravity potential
1: moderate
2: serious
3: critical
4: catastrophic

Question 14

HUDERIA: Risk Index Number (RIN): Rights-holders affected

Answer 14

Rights-holders affected
.5: <= 10k
1.0: 10k < x <= 100k
1.5: 100k < x <= 1m
2.0: >1m

Question 15

HUDERIA: Risk Index Number (RIN): Likelihood

Answer 15

Likelihood
0: not applicable
1: unlikely
2: possible
3: likely
4: very likely

Question 16

HUDERIA: Risk Index Number (RIN): Risk levels

Answer 16

Low: <=5
Moderate: 5.5-6
High: 6-7.5
Very high: >=8

Question 17

HUDERIA: Risk Index Number (RIN): Relevant categories

Answer 17

Avoid
Reduce
Restore (rehab)
Compensate

Question 18

Confusion matrix

Answer 18

Actual vs predicted
Actual
Pos Neg
Pos True Pos | False Pos
Predicted
Neg False Neg | True Neg

Question 19

Risk classifications (4)

Answer 19

Prohibitive
Major
Moderate
Low-risk

Question 20

Severity levels for risk (3)

Answer 20

Critical
Moderate
Marginal

Question 21

Probability levels for risk (3)

Answer 21

Probable
Occasional
Improbable

Question 22

Risk scoring

Answer 22

assigning a quantitative value to a risk

Severity x Probability

Question 23

Operational controls

Answer 23

Assign system responsibilities
Conduct audits and reviews
Establish feedback mechanisms
Respond to feedback and appeals
Elevate issues within the org
Assign “kill switch” responsibilities

Question 24

Three approaches to global AI regulations

Answer 24

Specific area of focus (ADM, sector)
Amend existing laws (Brazil)
Comprehensive regs (EU AI Act)

Question 25

Brazil AI Law

Answer 25

Comprehensive proposed Risk based ADM rights, human rights Tiered approach

Question 26

Japan AI Law (2022)

Answer 26

Non-binding Defers to private sector self-regulation ML management, cloud services

Question 27

India

Answer 27

AI gov principles National committee to write policy framework Ministry of Electronics and Info Tech Advisories - AI cannot facilitate illegal content - Unreliable models must be labeled

Question 28

Canada: Digital Charter Implementation Act (C-27)

Answer 28

Died in gov Risk based

Question 29

Canada: Consumer Privacy Protection Act

Answer 29

PIPEDA replacement privacy regime and higher fines

Question 30

Canada: Personal Information and Data Protection Tribunal Act

Answer 30

data protection tribunal for appeals, penalties

Question 31

Canada: Code of Conduct

Answer 31

demonstrate responsible AI

Question 32

Cyberspace Administration of China (CAC)

Answer 32

regulates cyberspace, security, and the internet

Question 33

China: Generative AI Measures (2023)

Answer 33

Regulates the use of GenAI for public Extraterritorial *** Rights based approach (only one) Municipal actions

Question 34

Singapore: Model AI Governance Framework (2019)

Answer 34

First AI gov framework in Asia Risk based Voluntary, Industry led council Existing authorities Human centric and transparent

Question 35

Singapore: AI in Healthcare (2021)

Answer 35

support patient safety and improve trust

Question 36

Monetary Authority of Singapore (MAS)

Answer 36

central bank of Singapore First regulatory authority to act on AI FEAT (2018) - Fairness - Ethics - Accountability - Transparency

Question 37

Veritas Framework

Answer 37

Singapore Method to put FEAT into AI solutions

Question 38

National AI Strategy (NAIS)

Answer 38

Singapore plan for implementing FEAT and Veritas

Question 39

National AI Strategy (NAIS) 2.0

Answer 39

Singapore Advance AI and value creation while empowering individuals Art 13: established regular reviews and adjustments of the framework

Question 40

Singapore: Personal Data Protection Commission (PDPC)

Answer 40

regulates privacy of personal data

Question 41

AI Verify Foundation

Answer 41

Singapore Governance testing framework via a software toolkit to demonstrate compliance

Question 42

Singapore: Model AI Principles

Answer 42

Transparency / explainability Repeatability / reproducibility Robustness, safety, security Fairness Data governance Accountability Human agency and oversight Inclusive growth and well-being

Question 43

Three lines of defense (human oversight)

Answer 43

First line: establish and implement controls by the business owner Second line: identify and mitigate risks daily by RM committee or compliance officer Third line: Provide independent assurance through internal audits

Question 44

Feedforward neural network (FNN)

Answer 44

straightforward data processing where data flows in one direction

Question 45

Convolutional neural network (CNN)

Answer 45

multiple, distinct layers of FNNs Think classification, object detection, spacial or images

Question 46

Recurrent neural network (RNN)

Answer 46

bi-directional data model Think memory, speech recognition, text or sequential

Question 47

Graph neural network (GNN)

Answer 47

analyzes how data points are connected Think social network connections

Question 48

Transformers and Attention

Answer 48

self-attention to learn relationships between components GenAI LLMs use this to map words

Question 49

Ensemble methods

Answer 49

Stacking: train multiple models and synthesize them Bagging (or bootstrap aggregation): train the same model on different subsets of data to average the outputs Boosting: sequential building of simple models where each improves on the last

Question 50

What to test for in AI models

Answer 50

Bias Accuracy Reliability Robustness Privacy Interpretability Safety

Question 51

How to test an AI model

Answer 51

Repeatabliity assessment Adversarial testing (red teaming) Threat modeling

Question 52

Testing resources

Answer 52

OECD Catalog of Tools OECD Catalog of Metrics AI incident database

Question 53

What to document

Answer 53

Decisions Testing and outcomes Risks Responses to outcomes Remediation of adverse impact Obligations

Question 54

Counterfactual Explanations (CFE)

Answer 54

explains how small changes to inputs lead to changes in outputs

Question 55

Model cards

Answer 55

Transparency documents like nutrition labels Info about the AI model, training, and data Improves model credibility

Question 56

Data sheets for data sets

Answer 56

Documents the base data pile for: - Motivation - Composition - Collection process - Recommended use

Question 57

Conformity Assessments

Answer 57

Applies to high risk systems to comply with the EU AI Act Framework of technical and non-technical assessments and documentation Providers conduct Identifies: - development - data - training process - behavior - potential impacts Applies to BCMEEEAL

Question 58

Conformity assessment requirements

Answer 58

Risk management Data and data governance Tech documentation Record-keeping Transparency Human oversight Accuracy, robustness, cybersecurity

Question 59

Data Protection Impact Assessment (DPIA)

Answer 59

Privacy assessment under GDPR

Question 60

Why systems fail (6)

Answer 60

Brittleness Embedded bias Uncertainty Catastrophic forgetting False positives Hallucination

Question 61

Communication plan and products

Answer 61

Business use case Project plan and timeline Model cards User interface copy Documentation for regulators, consumers Data sheets for data sets Acceptable Use Policy (AUP)