Startege Logo

Domain Index

Law, Regulation & Compliance

Public concept cards covering AI-specific regulation, privacy law, legal interpretation, and the compliance obligations that governance teams must translate into action.

85 concept cards8 linked categoriesAI regulationprivacy and data lawcross-border obligationscase lawcompliance interpretationOpen full concept library
AI Act Obligations & Requirementsintermediate

AI Act Expectations for Risk Documentation

AI Act Expectations for Risk Documentation refer to the regulatory requirements set forth in the EU AI Act that mandate organizations to systematically document the risks associate...

5 min readOpen
AI Act Obligations & Requirementsadvanced

AI Act Expectations for Sandbox Participation

AI Act Expectations for Sandbox Participation refer to the regulatory framework established under the EU AI Act that allows companies to test AI systems in a controlled environment...

5 min readOpen
Data Protection & Privacy Lawbeginner

Accountability Principle under GDPR

The Accountability Principle under the General Data Protection Regulation (GDPR) mandates that organizations must not only comply with data protection laws but also demonstrate the...

5 min readOpen
Data Protection & Privacy Lawbeginner

Accuracy and Data Quality

Accuracy and Data Quality refer to the correctness, reliability, and relevance of data used in AI systems. In AI governance, ensuring high data quality is crucial as it directly im...

5 min readOpen
High-Risk AI Systemsintermediate

Annex III High-Risk Use Case Categories (Conceptual)

Annex III High-Risk Use Case Categories refer to specific applications of AI systems identified as posing significant risks to rights and safety, as outlined in regulatory framewor...

5 min readOpen
AI Act Obligations & Requirementsadvanced

Anticipating AI Act Interpretation Through Precedent

Anticipating AI Act Interpretation Through Precedent involves analyzing previous legal cases and regulatory decisions to predict how current and future AI regulations, such as the...

5 min readOpen
Emerging AI Regulation & Policy Trendsexpert

Anticipating Framework Alignment with Future Regulation

Anticipating Framework Alignment with Future Regulation refers to the proactive approach organizations take to ensure their AI systems comply with anticipated regulatory changes. T...

5 min readOpen
Cross-Border Data & Jurisdictionintermediate

Applicable Law in Cross-Border AI Systems

Applicable Law in Cross-Border AI Systems refers to the legal frameworks that govern the use and deployment of AI technologies across different jurisdictions. This concept is cruci...

5 min readOpen
AI-Specific Regulationintermediate

Applying AI Act Categories to AI Use Cases

Applying AI Act Categories to AI Use Cases involves classifying AI systems based on their risk levels as outlined in regulatory frameworks, such as the EU AI Act. This categorizati...

5 min readOpen
Case Law & Precedentadvanced

Automated Decision-Making in Courts and Regulators

Automated Decision-Making in Courts and Regulators refers to the use of AI systems to assist or make decisions in legal and regulatory contexts. This concept is crucial in AI gover...

5 min readOpen
Case Law & Precedentadvanced

Bias and Discrimination in AI Case Law

Bias and discrimination in AI case law refers to legal precedents and rulings that address the ethical and legal implications of biased algorithms and discriminatory outcomes in AI...

5 min readOpen
Multi-Jurisdictional Governanceadvanced

Conflicting Regulatory Obligations

Conflicting Regulatory Obligations refer to situations where an AI system or organization must comply with multiple, often contradictory, regulations from different jurisdictions....

5 min readOpen
Data Protection & Privacy Lawintermediate

Cross-Border Consent and User Expectations

Cross-Border Consent and User Expectations refer to the legal and ethical requirements for obtaining user consent when personal data is processed across national borders. In AI gov...

5 min readOpen
Data Protection & Privacy Lawbeginner

Data Controller vs Data Processor

In data protection and privacy law, a Data Controller is an entity that determines the purposes and means of processing personal data, while a Data Processor is an entity that proc...

5 min readOpen
Cross-Border Data & Jurisdictionintermediate

Data Flow Mapping for AI Use Cases

Data Flow Mapping for AI Use Cases involves the systematic identification and documentation of data flows within AI systems, particularly when data crosses borders. This practice i...

5 min readOpen
Data Protection & Privacy Lawbeginner

Data Minimisation

Data minimisation is a principle in data protection and privacy law that mandates organizations to collect only the data necessary for a specific purpose. In AI governance, this pr...

5 min readOpen
Data Protection & Privacy Lawbeginner

Data Protection Across the AI Lifecycle

Data Protection Across the AI Lifecycle refers to the comprehensive approach to safeguarding personal and sensitive data throughout all stages of AI development and deployment, inc...

5 min readOpen
Data Protection & Privacy Lawbeginner

Data Protection Principles under GDPR

Data Protection Principles under the General Data Protection Regulation (GDPR) are a set of guidelines designed to protect personal data and privacy within the European Union. Thes...

5 min readOpen
Emerging AI Regulation & Policy Trendsexpert

Designing Governance That Survives Regulatory Change

Designing governance that survives regulatory change refers to the creation of flexible, adaptive frameworks for AI governance that can withstand evolving legal and regulatory land...

5 min readOpen
High-Risk AI Systemsintermediate

Documentation Burden for High-Risk AI Systems

Documentation burden for high-risk AI systems refers to the extensive requirements for detailed documentation throughout the lifecycle of AI systems classified as high-risk. This i...

5 min readOpen
Case Law & Precedentadvanced

Failures of Accountability Highlighted by Case Law

Failures of accountability highlighted by case law refer to legal precedents that expose shortcomings in the mechanisms for holding AI systems and their developers responsible for...

5 min readOpen
Data Protection & Privacy Lawadvanced

GDPR Case Law Relevant to AI Systems

GDPR case law relevant to AI systems refers to legal precedents established by courts interpreting the General Data Protection Regulation (GDPR) as it applies to artificial intelli...

5 min readOpen
Data Protection & Privacy Lawbeginner

GDPR Territorial Scope

The GDPR Territorial Scope refers to the applicability of the General Data Protection Regulation (GDPR) to organizations based on their location and the location of the data subjec...

5 min readOpen
AI-Specific Regulationintermediate

General-Purpose AI vs Use-Case-Specific AI

General-Purpose AI refers to systems designed to perform a wide range of tasks across various domains, while Use-Case-Specific AI is tailored for particular applications, such as m...

5 min readOpen
Multi-Jurisdictional Governanceadvanced

Governing AI Across Multiple Legal Regimes

Governing AI Across Multiple Legal Regimes refers to the frameworks and processes required to manage the deployment and regulation of artificial intelligence technologies that oper...

5 min readOpen
AI Act Obligations & Requirementsintermediate

High-Risk AI Obligations vs Limited-Risk Obligations

High-Risk AI Obligations refer to stringent requirements imposed on AI systems that pose significant risks to health, safety, or fundamental rights, as outlined in the EU AI Act. T...

5 min readOpen
AI-Specific Regulationbeginner

High-Risk AI Systems (Conceptual Overview)

High-Risk AI Systems refer to AI technologies that pose significant risks to health, safety, or fundamental rights, necessitating strict regulatory oversight. These systems are sub...

5 min readOpen
High-Risk AI Systemsintermediate

High-Risk vs Non-High-Risk Boundary Cases

High-risk vs non-high-risk boundary cases refer to the classification of AI systems based on their potential impact on safety, rights, and freedoms. In AI governance, this distinct...

5 min readOpen
AI Act Obligations & Requirementsintermediate

How AI Systems Become High-Risk

AI systems are classified as high-risk based on their potential impact on fundamental rights, safety, and the environment. This classification is crucial in AI governance as it dic...

5 min readOpen
Data Protection & Privacy Lawbeginner

Integrity and Confidentiality (Security Principle)

Integrity and Confidentiality in AI governance refers to the principles ensuring that data is accurate, reliable, and protected from unauthorized access or alterations. This is cru...

5 min readOpen
Emerging AI Regulation & Policy Trendsexpert

Interpreting Draft Regulations and Soft Law

Interpreting Draft Regulations and Soft Law refers to the process of analyzing proposed legal frameworks and non-binding guidelines related to AI technologies. This concept is cruc...

5 min readOpen
Cross-Border Data & Jurisdictionintermediate

Jurisdiction vs Location vs Citizenship

Jurisdiction refers to the legal authority of a state to govern or regulate activities within its borders, while location pertains to the physical place where data is stored or pro...

5 min readOpen
Multi-Jurisdictional Governanceadvanced

Jurisdictional Risk Appetite Differences

Jurisdictional Risk Appetite Differences refer to the varying thresholds for risk acceptance across different regulatory environments concerning AI technologies. This concept is cr...

5 min readOpen
Data Protection & Privacy Lawbeginner

Lawful Basis for Processing Personal Data

The lawful basis for processing personal data refers to the legal grounds under which organizations can collect, store, and use individuals' personal information. In AI governance,...

5 min readOpen
Case Law & Precedentadvanced

Lessons Learned from AI Governance Failures

Lessons learned from AI governance failures refer to insights gained from past incidents where AI systems have caused harm or operated outside ethical and legal boundaries. These f...

5 min readOpen
Multi-Jurisdictional Governanceadvanced

Local Adaptation vs Global Standardisation

Local Adaptation vs Global Standardisation refers to the balance between tailoring AI governance frameworks to local contexts and adhering to universal standards. In AI governance,...

5 min readOpen
Multi-Jurisdictional Governanceexpert

Maintaining Coherent Governance Across Jurisdictions

Maintaining coherent governance across jurisdictions refers to the alignment of AI regulations and policies among different legal frameworks and regions. This is crucial in AI gove...

5 min readOpen
Multi-Jurisdictional Governanceexpert

Maintaining Governance Coherence Across Regions

Maintaining Governance Coherence Across Regions refers to the alignment and harmonization of AI governance frameworks and regulations across different jurisdictions. This is crucia...

5 min readOpen
Cross-Border Data & Jurisdictionadvanced

Managing Data and Model Flows Across Regions

Managing Data and Model Flows Across Regions involves the governance of data and AI model transfers between different jurisdictions, ensuring compliance with local laws and regulat...

5 min readOpen
AI Act Obligations & Requirementsadvanced

Mapping Regulatory Obligations to Framework Controls

Mapping Regulatory Obligations to Framework Controls involves aligning specific legal requirements from AI regulations, such as the EU AI Act, with internal governance frameworks a...

5 min readOpen
AI-Specific Regulationbeginner

Minimal-Risk AI Systems

Minimal-risk AI systems refer to AI technologies that pose a low level of risk to rights and safety, such as chatbots or spam filters. In AI governance, identifying and categorizin...

5 min readOpen
AI Act Obligations & Requirementsintermediate

Obligations for High-Risk AI Systems (Overview)

Obligations for High-Risk AI Systems refer to the regulatory requirements imposed on AI technologies deemed to pose significant risks to health, safety, or fundamental rights. Thes...

5 min readOpen
AI Act Obligations & Requirementsintermediate

Obligations for Limited-Risk AI Systems

Obligations for Limited-Risk AI Systems refer to the regulatory requirements set forth in the EU AI Act for AI systems deemed to pose a limited risk to rights and safety. These obl...

5 min readOpen
Data Protection & Privacy Lawbeginner

Overview of Data Subject Rights under GDPR

Data Subject Rights under the General Data Protection Regulation (GDPR) refer to the rights granted to individuals regarding their personal data. These rights include the right to...

5 min readOpen
Data Protection & Privacy Lawintermediate

Personal Data in Cross-Border AI Systems

Personal data in cross-border AI systems refers to the handling, processing, and transfer of personal information across national borders within AI applications. This concept is cr...

5 min readOpen
Data Protection & Privacy Lawbeginner

Personal Data vs Non-Personal Data

Personal data refers to any information that relates to an identified or identifiable individual, such as names, email addresses, and biometric data. Non-personal data, on the othe...

5 min readOpen
Emerging AI Regulation & Policy Trendsexpert

Preparing Governance for Regulatory Uncertainty

Preparing Governance for Regulatory Uncertainty involves establishing frameworks and practices that enable organizations to adapt to evolving AI regulations and policies. This conc...

5 min readOpen
Data Protection & Privacy Lawbeginner

Processing of Personal Data

The processing of personal data refers to any operation performed on personal data, including collection, storage, use, and sharing. In AI governance, this concept is crucial as it...

5 min readOpen
AI-Specific Regulationbeginner

Prohibited AI Practices

Prohibited AI Practices refer to specific actions or applications of artificial intelligence that are deemed unethical, harmful, or illegal under regulatory frameworks. These pract...

5 min readOpen
AI Act Obligations & Requirementsintermediate

Prohibited AI Practices (Conceptual)

Prohibited AI Practices refer to specific activities and applications of artificial intelligence that are deemed unacceptable under regulatory frameworks, such as the EU AI Act. Th...

5 min readOpen
Applying FIPsbeginner

Purpose Limitation

Purpose Limitation is a principle in AI governance that mandates data collected for a specific purpose should not be used for unrelated purposes without consent. This principle is...

6 min readOpen
AI-Specific Regulationbeginner

Purpose and Objectives of the EU AI Act

The EU AI Act aims to establish a regulatory framework for artificial intelligence within the European Union, focusing on ensuring that AI systems are safe, ethical, and respect fu...

5 min readOpen
Data Protection & Privacy Lawbeginner

Purpose and Scope of GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that governs how personal data is collected, processed, and stored. In th...

5 min readOpen
Emerging AI Regulation & Policy Trendsexpert

Regulatory Convergence and Divergence Trends

Regulatory convergence and divergence trends refer to the patterns in which different jurisdictions either align their AI regulations (convergence) or develop distinct, often confl...

5 min readOpen
Multi-Jurisdictional Governanceadvanced

Regulatory Spillover and Extraterritorial Effects

Regulatory spillover and extraterritorial effects refer to the phenomenon where regulations enacted in one jurisdiction impact entities in other jurisdictions, often due to the glo...

5 min readOpen
Data Protection & Privacy Lawintermediate

Relationship Between DPIAs and AI Impact Assessments

The relationship between Data Protection Impact Assessments (DPIAs) and AI Impact Assessments (AIAs) is critical in AI governance as both processes aim to identify and mitigate ris...

5 min readOpen
Data Protection & Privacy Lawbeginner

Relationship Between GDPR and AI Systems

The relationship between the General Data Protection Regulation (GDPR) and AI systems pertains to how AI technologies must comply with data protection and privacy laws established...

5 min readOpen
AI-Specific Regulationbeginner

Relationship Between the AI Act and Other Laws

The relationship between the AI Act and other laws refers to how the AI Act interacts with existing legal frameworks, such as data protection, consumer rights, and intellectual pro...

5 min readOpen
Data Protection & Privacy Lawbeginner

Right of Access

The Right of Access is a legal provision that allows individuals to request and obtain information about the personal data that organizations hold about them. In the context of AI...

5 min readOpen
Data Protection & Privacy Lawbeginner

Right to Data Portability

The Right to Data Portability is a legal concept that allows individuals to obtain and reuse their personal data across different services. In the context of AI governance, it ensu...

5 min readOpen
Data Protection & Privacy Lawbeginner

Right to Erasure (Right to be Forgotten)

The Right to Erasure, also known as the Right to be Forgotten, is a data protection principle that allows individuals to request the deletion of their personal data from an organiz...

5 min readOpen
Data Protection & Privacy Lawbeginner

Right to Object to Processing

The Right to Object to Processing is a legal provision that allows individuals to challenge the processing of their personal data by organizations, particularly in the context of a...

5 min readOpen
Data Protection & Privacy Lawbeginner

Right to Rectification

The Right to Rectification is a data protection principle that allows individuals to request corrections to inaccurate or incomplete personal data held by organizations, including...

5 min readOpen
Data Protection & Privacy Lawbeginner

Right to Restriction of Processing

The Right to Restriction of Processing is a data protection principle that allows individuals to request the limitation of their personal data processing under certain conditions....

5 min readOpen
AI-Specific Regulationbeginner

Risk-Based Structure of the EU AI Act

The Risk-Based Structure of the EU AI Act categorizes AI systems into four risk levels: unacceptable, high, limited, and minimal risk. This framework is crucial for AI governance a...

5 min readOpen
Emerging AI Regulation & Policy Trendsexpert

Signals of Regulatory Direction and Intent

Signals of Regulatory Direction and Intent refer to the indicators and communications from regulatory bodies that outline their priorities, expectations, and forthcoming actions re...

5 min readOpen
Data Protection & Privacy Lawbeginner

Special Category (Sensitive) Personal Data

Special Category (Sensitive) Personal Data refers to specific types of personal information that require heightened protection due to their sensitive nature, such as data related t...

5 min readOpen
Data Protection & Privacy Lawbeginner

Storage Limitation

Storage limitation is a principle in data protection and privacy law that mandates organizations to retain personal data only for as long as necessary to fulfill its intended purpo...

5 min readOpen
AI Act Obligations & Requirementsintermediate

Structure of the EU AI Act

The Structure of the EU AI Act outlines a regulatory framework for artificial intelligence within the European Union, categorizing AI systems based on their risk levels: unacceptab...

5 min readOpen
Case Law & Precedentadvanced

Types of AI-Related Legal Cases

Types of AI-related legal cases encompass various legal disputes arising from the deployment and use of artificial intelligence technologies. These cases can involve issues such as...

5 min readOpen
Cross-Border Data & Jurisdictionintermediate

What Cross-Border AI Means in Practice

Cross-Border AI refers to the deployment and use of artificial intelligence systems that operate across different national jurisdictions, involving the transfer of data and algorit...

5 min readOpen
High-Risk AI Systemsintermediate

What Makes an AI System High-Risk

A high-risk AI system is defined by its potential to significantly impact individuals' rights, safety, or well-being, particularly in sensitive areas such as healthcare, law enforc...

5 min readOpen
Cross-Border Data & Jurisdictionintermediate

Where AI Decisions Are Made vs Where Data Is Stored

The concept of 'Where AI Decisions Are Made vs Where Data Is Stored' refers to the distinction between the physical location of data storage and the location where AI algorithms pr...

5 min readOpen
Case Law & Precedentadvanced

Why Case Law Matters for AI Governance

Case law refers to the body of judicial decisions that interpret and apply laws, serving as precedents for future cases. In AI governance, case law is crucial as it shapes legal st...

5 min readOpen
Cross-Border Data & Jurisdictionintermediate

Why Cross-Border Context Increases Governance Risk

Cross-border context increases governance risk in AI due to varying legal frameworks, data protection regulations, and ethical standards across jurisdictions. This disparity can le...

5 min readOpen
Emerging AI Regulation & Policy Trendsexpert

Why Emerging Regulation Matters for AI Governance

Emerging regulation in AI governance refers to new legal frameworks and policies being developed to address the unique challenges posed by artificial intelligence technologies. Thi...

5 min readOpen
Categories within Law, Regulation & Compliance

Applying FIPs

Browse Applying FIPs concept cards that appear inside Law, Regulation & Compliance.

Open
A-Z index pages
Other domain indexes

Risk, Impact & Assurance

Terms and concepts for classifying AI risk, assessing impact, applying controls, and building accountability, fairness, and assurance into governance programs.

Open
Related guides

AIGP Exam Prep

How to structure your certification prep with exams, flashcards, and AI tutoring.

Open

AIGP Study Plan

A weekly study structure for balancing frameworks, mock exams, and targeted review.

Open
Next step

All Concept Cards

Search and browse the full public concept library across domains, categories, and A-Z entry points.

Open

Pricing

Compare free and premium plans for AI governance learning and AIGP prep.

Open

AIGP Exam Prep

See how Startege supports practice exams, revision, and certification readiness.

Open

Free AI Governance Tools

EU AI Act risk classifier, DPIA generator, NIST AI RMF self-assessment, model card builder, vendor questionnaire, free, no signup.

Open