AI GOVERNANCE GLOSSARY

Every regulator uses different terms. Precise definitions to navigate compliance.

Standards, regulations, risk frameworks and governance concepts — defined with the precision that ISO 42001 audits and EU AI Act conformity assessments demand.

AI governance is a field built on borrowed terminology. Standards bodies, regulators and academic researchers use the same words to mean different things — sometimes deliberately, more often out of professional inertia.

For organizations navigating certification and compliance, that ambiguity has a cost. Contracts are drafted around undefined terms. Audit findings turn on interpretations that were never written down. Regulatory obligations depend on definitions that shift between jurisdictions.

This glossary is our attempt to fix that inside the Zertia audit boundary. Each entry ties a term to the standard, regulation or framework where it originates, and explains how we interpret it when we assess your organization.

Why precise terminology matters for AI compliance

Regulators define "high-risk AI system", "provider", "deployer" and "substantial modification" differently in the EU AI Act, ISO/IEC 42001 and NIST AI RMF. The wrong interpretation can shift your entire compliance burden.

These entries are how we align internal teams, external auditors, and regulators around the same interpretation. Without that alignment, certification takes twice as long and the outcome is less defensible.

FREQUENTLY ASKED QUESTIONS

Frequently asked questions

Are these definitions the same as the official ISO or EU AI Act text?

When the term is defined in an official source (ISO/IEC 42001, EU AI Act, NIST AI RMF, GDPR), we cite the source and quote or paraphrase the official definition. Where an interpretation is required to apply it in practice, we make that interpretation explicit.

How is this glossary structured?

By concept type across 9 sections: Standards, Regulation, Governance, Risk & Assessment, Ethics & Principles, Model Lifecycle, Data & Privacy, Security & Technology, and Multi-Agent Systems. Each entry links to the relevant risk families and regulatory frameworks in the rest of the resource hub.

Is Zertia responsible for keeping these definitions current when regulation changes?

Yes. Each entry carries a "last regulatory review" date. When a regulation, standard or interpretation changes materially, we update the entry and mark it as revised. Certifications issued by Zertia are evaluated against the version in force at the time of audit.

ANAB-accredited · UKAS in process · ENAC in process · AIUC-1 European authorized auditor · EU AI Pact signatory

A shared vocabulary is the first step to defensible AI governance.

Need clarity on how these concepts apply to your organization? Talk to us.