Unorma

Resources

The AI compliance glossary

From “AI system” to “white-label” — 109 terms covering the EU AI Act, NIST AI RMF, ISO 42001 and everyday AI governance, explained without the legal jargon.

109
Terms defined, in plain language
7
Categories — from core concepts to platform terms
8
Frameworks referenced throughout
0
Legal jargon required to understand any of it

109 of 109 terms

A

AI ActorNIST AI RMF
NIST's term for any individual or organisation that plays a role in an AI system's lifecycle — including designers, developers, deployers, operators and end users. The AI RMF assigns different responsibilities to different AI actors rather than treating 'the company' as a single undifferentiated entity.
AI and Data CommissionerOther Global Frameworks
The Canadian regulatory office responsible for enforcing AIDA, including receiving notifications of material harms caused by high-impact AI systems.
AI Ethics CommitteeCompliance Operations
A cross-functional group — often including legal, technical and business stakeholders — that reviews significant AI deployments for ethical and compliance risk before and during rollout. Frequently cited as evidence of governance maturity in ISO 42001 and IREAA assessments.
AI GovernanceCore AI Governance
The policies, roles, processes and controls an organisation puts in place to ensure its AI systems are developed and used safely, fairly and in line with legal and ethical expectations. Good governance spans the full lifecycle — from design and data sourcing to deployment, monitoring and retirement.
AI InventoryUnorma Platform
A central register of every AI system an organisation builds or uses, each one classified by risk level and role (provider or deployer) so the exact obligations that apply to it are known from day one — the foundation any AI compliance programme is built on.
See alsoAI Inventory
AI LiteracyCore AI Governance
The skills, knowledge and understanding that allow staff, deployers and affected people to make informed decisions about AI systems. The EU AI Act's Article 4 requires organisations to ensure a sufficient level of AI literacy among staff involved in operating and using AI.
See alsoTraining
AI Management System (AIMS)ISO 42001 & Management Systems
The formal system of policies, roles, processes and records an organisation maintains to govern its AI activities under ISO/IEC 42001 — the certifiable unit auditors assess, analogous to an information security management system under ISO 27001.
AI OfficeEU AI Act
The European Commission body responsible for supervising and enforcing the EU AI Act, particularly for general-purpose AI models, and for coordinating implementation across member states.
AI RiskNIST AI RMF
The composite of the probability of an event occurring through an AI system's use, and the magnitude of the consequences of that event. NIST frames risk as inherently context-dependent — the same model can be low-risk in one deployment and high-risk in another.
AI RMF Core FunctionsNIST AI RMF
The four functions structuring the NIST AI RMF: Govern (policies and accountability), Map (understanding context and impacts), Measure (assessing risk and trustworthiness), and Manage (prioritising and responding to risk). Together they form a continuous cycle rather than a one-time checklist.
AI SystemCore AI Governance
Any individual AI model, tool or feature an organisation builds or uses that makes or supports a decision — a hiring screener, a credit-scoring model, a support chatbot, a fraud detector. Compliance frameworks apply obligations per system, not per company, so each one is typically registered, classified and tracked separately.
See alsoAI Inventory
AI VerifyOther Global Frameworks
A Singapore-developed AI testing framework and toolkit that lets organisations validate their AI systems' performance against a defined set of governance principles, complementing the Model AI Governance Framework.
Algorithmic BiasCore AI Governance
Systematic and repeatable errors in an AI system's outputs that create unfair outcomes for particular groups — for example, favouring one demographic in hiring recommendations. Bias can originate in training data, model design, or how a system is deployed, and most frameworks require it to be assessed and mitigated.
See alsoBias Assessment
Annex A ControlsISO 42001 & Management Systems
The catalogue of specific AI management controls in ISO/IEC 42001 — covering areas like risk assessment, data management, third-party relationships and impact assessment — against which an organisation's AIMS is evaluated.
Artificial Intelligence (AI)Core AI Governance
A machine-based system that, for explicit or implicit objectives, infers from the input it receives how to generate outputs — such as predictions, content, recommendations or decisions — that can influence physical or virtual environments. This is the definition most regulations, including the EU AI Act, build on.
Audit SimulationUnorma Platform
A forward-looking exercise that analyses an AI system's current documentation and evidence to estimate audit readiness, generate realistic auditor questions, and rank recommended fixes by their impact on the readiness score — done before a real audit, not after.
See alsoAudit Simulation
Audit TrailCompliance Operations
A chronological, tamper-evident log of every action taken within a system — who did what, when, and from where. Audit trails are a baseline requirement across nearly every compliance framework and are usually the first thing an external auditor requests.

B

Bias AssessmentCompliance Operations
A systematic evaluation of an AI system's data, model and outputs to detect and quantify unfair treatment of particular groups, typically documented as a report and used as evidence for fairness-related controls across frameworks.
Biometric Categorisation SystemEU AI Act
An AI system that assigns individuals to categories — such as race, political opinion or sexual orientation — based on their biometric data. The EU AI Act classifies most such uses as high-risk, and some as prohibited outright.

C

Canada AIDAOther Global Frameworks
The Artificial Intelligence and Data Act, Canada's federal legislative framework targeting high-impact AI systems, requiring organisations to assess, mitigate, monitor and report on the risks such systems pose to Canadians.
See alsoRead the full Canada AIDA guide
CE MarkingEU AI Act
The mark a provider affixes to a high-risk AI system once it has passed conformity assessment, signalling to the EU market that it complies with applicable law — the same marking framework used for other regulated products across the EU.
Chief AI OfficerCompliance Operations
A senior executive role responsible for an organisation's AI strategy and governance, increasingly common as AI regulation raises the profile of AI risk to board level. Not every framework requires this specific title, but most require someone in an equivalent accountable role.
Client WorkspaceUnorma Platform
An isolated environment within an agency's platform account dedicated to a single client's AI compliance data, kept fully separate from every other client the agency manages.
See alsoWhite-Label
Colorado AI ActOther Global Frameworks
The first comprehensive US state AI law, imposing a duty of reasonable care on developers and deployers of high-risk AI systems used in consequential decisions, enforced by the Colorado Attorney General from February 2026.
See alsoRead the full Colorado AI Act guide
Compliance FrameworkCompliance Operations
A structured set of requirements — whether a binding law like the EU AI Act, a voluntary standard like NIST AI RMF, or a certifiable standard like ISO 42001 — that an organisation adopts to guide and evidence its AI governance practice.
Compliance ProgramCompliance Operations
The overall set of policies, processes, roles and tools an organisation runs to meet its regulatory obligations across all the AI systems and frameworks it is subject to — the operational layer that turns individual controls into an ongoing practice.
Conformity AssessmentEU AI Act
The process a provider follows to verify and document that a high-risk AI system meets the EU AI Act's requirements before it is placed on the market. Depending on the system, this can be a self-assessment or require review by an external notified body.
See alsoNotified Body
Consequential DecisionOther Global Frameworks
Colorado AI Act terminology for a decision that has a material legal or similarly significant effect on a consumer — in employment, lending, housing, insurance, healthcare, education or legal services. AI systems substantially involved in these decisions trigger the Act's obligations.
Consultant AssignmentUnorma Platform
The process of assigning specific team members at a compliance consultancy or agency to specific client workspaces, controlling who can access which client's data and workload.
Continual ImprovementISO 42001 & Management Systems
The ISO management system principle that an organisation must keep enhancing the suitability, adequacy and effectiveness of its AIMS over time, rather than treating certification as a fixed, final state.
ControlCompliance Operations
A specific, checkable requirement within a compliance framework — for example, 'maintain a documented risk management process' — that an organisation must implement and be able to evidence. Frameworks are built from dozens to hundreds of individual controls.
Corrective ActionISO 42001 & Management Systems
The documented steps an organisation takes to eliminate the cause of a nonconformity found during an internal or external audit, preventing it from recurring — a standard requirement across ISO management system standards.
Cross-Framework MappingUnorma Platform
A correspondence between controls in different frameworks that address the same underlying requirement — for example, a risk assessment satisfying both an EU AI Act and a NIST control. Mapping lets evidence uploaded once count toward multiple frameworks automatically.
Custom Framework BuilderUnorma Platform
A tool for defining a compliance framework that isn't provided out of the box — an internal AI policy, an unpublished industry standard, or a country-specific regulation — with its own control groups, controls and guidance, that then works everywhere a built-in framework does.

D

Data GovernanceCompliance Operations
Practices ensuring the data used to train, validate and test an AI system is relevant, representative, free of errors where reasonably possible, and managed for bias — a distinct control under the EU AI Act (Article 10) and a recurring theme across every major framework.
Data Protection Impact Assessment (DPIA)Compliance Operations
An assessment required under data protection law, such as GDPR, when processing is likely to result in high risk to individuals' rights. DPIAs frequently overlap with the impact assessments AI regulations require, and evidence can often satisfy both.
See alsoImpact Assessment
DeployerCore AI Governance
The organisation that uses an AI system under its own authority, other than for personal non-professional use. Deployers owe a different, typically lighter set of obligations than providers — human oversight, input data quality, and monitoring among them — but they are not exempt from regulation.
See alsoProvider (AI)
Duty of Reasonable CareOther Global Frameworks
The Colorado AI Act's core obligation, requiring developers and deployers of high-risk AI systems to take proactive, documented steps to protect consumers from known and foreseeable risks of algorithmic discrimination.
See alsoAlgorithmic Bias

E

Emotion Recognition SystemCore AI Governance
An AI system designed to identify or infer a person's emotional state from biometric or behavioural data. The EU AI Act treats these systems as carrying specific transparency obligations, and prohibits their use in certain contexts such as the workplace and education.
See alsoEU AI Act
EU AI ActEU AI Act
The European Union's comprehensive law regulating artificial intelligence, in force with obligations phasing in through 2027. It takes a risk-based approach, applies to providers and deployers wherever they are based if their AI affects people in the EU, and carries fines of up to €35M or 7% of global annual revenue.
See alsoRead the full EU AI Act guide
EvidenceCompliance Operations
Any document, log, screenshot, test result or record that demonstrates a control has actually been implemented — as distinct from simply asserting that it has. Frameworks increasingly emphasise evidence over self-declaration.
See alsoEvidence Vault
Evidence VaultUnorma Platform
A secure, centralised repository for every piece of compliance evidence an organisation collects — documents, test reports, screenshots, certificates — linked to the specific obligations each item proves, and reviewed through an approval workflow.
See alsoEvidence Vault
ExplainabilityCore AI Governance
The degree to which the internal logic of an AI system and the reasons behind a specific output can be described in terms a human can understand. Explainability is distinct from transparency — a system can disclose that AI is being used (transparent) without making its decision logic understandable (explainable).

F

Fine-TuningCore AI Governance
The process of further training a pre-existing foundation model on a smaller, task-specific dataset to adapt it for a particular use case. Fine-tuning can introduce new risks — such as bias inherited from the fine-tuning dataset — that weren't present in the original model.
Foundation ModelCore AI Governance
A large-scale AI model trained on broad data that can be adapted to a wide range of downstream tasks. Foundation models sit underneath most modern generative AI products and carry their own set of regulatory obligations, distinct from the applications built on top of them.
Framework ActivationUnorma Platform
The act of enabling a specific compliance framework — such as the EU AI Act or ISO 42001 — within an organisation's workspace, after which its controls, documents and training become available for that organisation's AI systems.
Fundamental Rights Impact Assessment (FRIA)EU AI Act
An assessment certain deployers of high-risk AI systems — notably public bodies and some private operators — must carry out to evaluate the impact of a system on fundamental rights before putting it into use, covering affected people, potential harms, and mitigation measures.

G

Gap AnalysisCompliance Operations
A structured comparison between an organisation's current AI governance practices and what a given framework requires, identifying exactly which obligations are met, in progress, or missing. It is typically the starting point of any AI compliance programme.
See alsoGap Analysis
General-Purpose AI (GPAI)Core AI Governance
An AI model that displays significant generality and can competently perform a wide range of distinct tasks, regardless of how it is placed on the market. The EU AI Act creates a dedicated obligations track for GPAI model providers, separate from the risk tiers applied to specific AI systems.
See alsoEU AI Act
Generative AICore AI Governance
AI systems that produce new content — text, images, audio, code or video — rather than only classifying or predicting from existing data. Generative AI introduces distinct risks around hallucination, provenance and misuse that several frameworks now address with dedicated guidance.
Generative AI Profile (NIST)NIST AI RMF
A companion resource to the NIST AI RMF addressing risks specific to generative AI — such as confabulation (hallucination), data privacy, and content provenance — that aren't fully captured by the base framework.
See alsoNIST AI RMF

H

HallucinationCore AI Governance
An AI system, typically a generative model, producing output that is factually incorrect or fabricated while presenting it as accurate. Hallucination is a leading operational risk for generative AI deployments and a growing focus of AI governance guidance.
Harmonised StandardEU AI Act
A technical standard, developed by a recognised European standards body, that provides a presumption of conformity with the EU AI Act's requirements when followed. Harmonised standards are expected to translate the Act's high-level obligations into concrete engineering practice.
High-Impact AI SystemOther Global Frameworks
AIDA's term for an AI system whose use could significantly affect individuals — in areas like employment, credit or healthcare — triggering the Act's full set of assessment, mitigation and monitoring obligations. It plays a similar role to 'high-risk' under the EU AI Act, but the two classifications are not identical.
See alsoHigh-Risk AI System
High-Risk AI SystemEU AI Act
An AI system used in a context the EU AI Act considers to carry significant risk to health, safety or fundamental rights — including employment, credit scoring, education, law enforcement and critical infrastructure. High-risk systems face the Act's full obligations: risk management, data governance, technical documentation, human oversight and post-market monitoring.
See alsoEU AI Act
Human OversightCore AI Governance
Design and operational measures that let a human effectively supervise an AI system's operation, understand its capabilities and limitations, and intervene or override its outputs when necessary. It is one of the most frequently required controls across every major framework.
See alsoHuman-in-the-Loop
Human-in-the-LoopCore AI Governance
An oversight model where a human reviews and approves an AI system's output before it takes effect — as opposed to 'human-on-the-loop' (monitoring after the fact) or 'human-out-of-the-loop' (no human involvement). The right level of involvement depends on the risk of the decision being made.

I

Impact AssessmentNIST AI RMF
A structured evaluation of the potential effects an AI system could have on individuals, groups, organisations or society, carried out before and periodically during deployment. Referenced under different names across NIST, the EU AI Act (as FRIA) and Colorado's AI Act.
Incident ManagementCompliance Operations
The process of reporting, investigating, resolving and learning from AI system failures or harms — tracked through a defined lifecycle (open, under investigation, resolved, closed) and, for serious incidents, reported to the relevant regulator.
See alsoIncidents & Monitoring
Internal AuditISO 42001 & Management Systems
A scheduled, independent review an organisation conducts of its own AI management system to verify it conforms to ISO 42001 and its own policies, ahead of any external certification audit.
IREAAOther Global Frameworks
The International Responsible and Ethical AI Association, an ethics-first certification body whose framework is organised around four pillars: People First, Fair & Unbiased, Honest & Transparent, and Accountable & Improving. Unlike legal frameworks, IREAA certifies that an organisation's AI practice is ethical by design, not only lawful.
See alsoRead the full IREAA guide
ISO/IEC 42001ISO 42001 & Management Systems
The first international, certifiable standard for AI management systems, published by ISO and IEC. It defines the policies, processes and controls an organisation runs to develop and use AI responsibly, and can be certified by an accredited third-party auditor — much like ISO 27001 for security.
See alsoRead the full ISO 42001 guide

L

Large Language Model (LLM)Core AI Governance
A type of foundation model trained on vast amounts of text to predict and generate language. LLMs power most modern generative AI products and introduce distinct compliance considerations around training data provenance, output accuracy and misuse.
See alsoFoundation Model
Limited-Risk AI SystemEU AI Act
An AI system, such as a chatbot or an emotion-recognition tool, that carries specific transparency obligations under the EU AI Act — chiefly, disclosing to users that they are interacting with AI — without the full high-risk compliance burden.

M

Machine LearningCore AI Governance
A subset of AI in which systems improve their performance on a task through exposure to data, rather than through explicit, hand-written rules. Most AI systems regulators are concerned with — from credit scoring to content recommendation — are built using machine learning.
Management ReviewISO 42001 & Management Systems
A periodic, documented review by leadership of the AI management system's performance, suitability and effectiveness — a required ISO 42001 activity that keeps AI governance a leadership responsibility, not just a compliance team task.
Maturity LevelNIST AI RMF
A rating, typically on a 1-to-5 scale, describing how developed an organisation's AI risk management practice is for a given system — from ad hoc and undocumented to fully integrated and continuously improved.
Minimal-Risk AI SystemEU AI Act
The large majority of AI systems in everyday use — spam filters and AI-enabled video games are common examples — that carry no mandatory obligations under the EU AI Act, though voluntary codes of conduct are encouraged.
Model CardCore AI Governance
A structured document describing an AI model's intended use, training data, performance metrics, limitations and known risks. Model cards are a standard artefact requested by the EU AI Act's technical documentation requirements and by enterprise procurement teams alike.
See alsoDocuments
Model DriftCore AI Governance
The gradual degradation of an AI model's performance over time as real-world data diverges from the data it was trained on. Detecting drift is a core reason frameworks require ongoing monitoring rather than a one-time validation.
See alsoOversight

N

NIST AI RMFNIST AI RMF
The AI Risk Management Framework published by the US National Institute of Standards and Technology — a voluntary framework organised around four functions (Govern, Map, Measure, Manage) that has become the de facto US baseline for trustworthy AI, frequently required in enterprise procurement.
See alsoRead the full NIST AI RMF guide
NonconformityISO 42001 & Management Systems
A finding, during an internal or external audit, that a requirement of ISO/IEC 42001 or the organisation's own AIMS has not been met. Nonconformities require a documented corrective action to close.
See alsoCorrective Action
Notified BodyEU AI Act
An independent organisation designated by an EU member state to assess the conformity of certain high-risk AI systems before they reach the market. Not every high-risk system requires a notified body — many can be self-assessed by the provider.

O

ObligationCompliance Operations
A legal or contractual duty a provider or deployer owes under a specific regulation for a specific AI system. Obligations vary by the system's risk classification and the organisation's role — a Deployer never owes Provider-only obligations, for instance.
Onboarding WizardUnorma Platform
A guided, multi-step setup flow that gets a new organisation from sign-up to a working AI compliance workspace — typically covering company profile, framework recommendations and initial team invitations — in minutes rather than days.

P

PDCA CycleISO 42001 & Management Systems
Plan-Do-Check-Act — the continuous improvement cycle underlying ISO management system standards, including ISO 42001. Certification is not a one-time achievement; it requires evidence that the cycle is genuinely repeating.
Post-Market MonitoringEU AI Act
A provider's obligation to actively collect and review data on a high-risk AI system's performance after it is deployed, to catch emerging risks or non-conformities that weren't visible before release.
Privacy by DesignCompliance Operations
An approach that embeds data protection considerations into the design of a system from the outset, rather than adding them after the fact. It is a recurring principle across data protection law and AI governance frameworks alike.
Procurement PackUnorma Platform
A single downloadable bundle of an organisation's compliance documentation, evidence and certifications, prepared in advance so a procurement team's due-diligence questions can be answered with one download instead of a back-and-forth email chain.
Prohibited AI PracticeEU AI Act
A category of AI use the EU AI Act bans outright, including social scoring by public authorities, manipulative AI that exploits vulnerabilities, and most real-time remote biometric identification in public spaces for law enforcement. Prohibitions took effect ahead of the rest of the Act.
Provider (AI)Core AI Governance
The organisation that develops an AI system, or has one developed, and places it on the market or puts it into service under its own name. Providers carry the heaviest compliance obligations — conformity assessment, technical documentation and registration among them.
See alsoDeployer

R

Readiness ScoreCompliance Operations
A percentage or numeric measure of how completely an organisation has met a framework's obligations for a given AI system, typically calculated from the proportion of controls that are documented and evidenced versus outstanding.
Red Teaming (AI)Core AI Governance
The practice of deliberately probing an AI system for weaknesses, harmful outputs or exploitable behaviour before or after deployment. Red teaming is increasingly expected for high-risk and general-purpose AI systems as part of a documented risk management process.
Regulatory SandboxEU AI Act
A controlled environment, typically set up by a national authority, where organisations can develop and test innovative AI systems under regulatory supervision before full market rollout. The EU AI Act requires every member state to establish at least one.
Remote Biometric IdentificationEU AI Act
The use of AI to identify individuals at a distance by comparing their biometric data, such as facial images, against a reference database — without their active involvement. Real-time use in public spaces for law enforcement is banned under the EU AI Act except in narrowly defined circumstances.
Responsible AICore AI Governance
An umbrella term for developing and deploying AI in ways that respect human rights, safety, fairness and transparency. It is broader than legal compliance — an AI system can be lawful and still fail the bar of responsible AI if it ignores foreseeable harms.
Review QueueUnorma Platform
A centralised list of documents, evidence or obligations awaiting approval, used by compliance managers or agency consultants to process approvals across one or many clients from a single place.
Risk Management SystemCompliance Operations
A continuous, documented process for identifying, assessing, mitigating and monitoring the risks an AI system poses across its lifecycle — explicitly required by name under EU AI Act Article 9 and echoed throughout NIST and ISO 42001.
Risk TreatmentISO 42001 & Management Systems
The process of selecting and implementing measures to modify an identified AI risk — by mitigating, transferring, avoiding or accepting it. ISO/IEC 42001 requires risk treatment decisions to be documented and revisited over time.
Risk-Based ApproachEU AI Act
A regulatory strategy that scales obligations to the level of risk an AI system poses, rather than applying one uniform rulebook to every system. The EU AI Act is the clearest example, sorting systems into prohibited, high-risk, limited-risk and minimal-risk tiers.
Role-Based Access Control (RBAC)Compliance Operations
A security model that grants system permissions based on a user's role within an organisation rather than to each individual separately. RBAC is a baseline expectation for any platform handling AI compliance evidence and documentation.

S

Scrutiny HeatmapUnorma Platform
A visual, colour-coded breakdown of which areas of an AI system's compliance an auditor is most likely to scrutinise closely, generated from an audit simulation to help teams prioritise remediation before a real audit.
See alsoAudit Simulation
Serious IncidentEU AI Act
Under Article 73 of the EU AI Act, an event involving an AI system that directly or indirectly causes death, serious harm to health, serious disruption of critical infrastructure, or a breach of fundamental rights. Providers must report serious incidents to market surveillance authorities on strict timelines.
See alsoIncident Management
Shadow AICore AI Governance
AI tools and systems used within an organisation without the knowledge, review or approval of IT, security or compliance teams. Shadow AI is one of the most common reasons companies discover, during a gap analysis, that their AI inventory was incomplete.
See alsoAI Inventory
Singapore Model AI Governance FrameworkOther Global Frameworks
Singapore's widely referenced governance framework, organised around internal governance, human involvement in AI decisions, operations management, and stakeholder communication. It carries no penalties but functions as the de facto AI governance baseline across Asia-Pacific.
See alsoRead the full Singapore AI Gov guide
Socio-Technical SystemNIST AI RMF
NIST's framing of AI systems as inseparable from the human and institutional context they operate in — the same model can produce different real-world outcomes depending on who uses it, how, and under what oversight. This is why the AI RMF treats risk as context-dependent rather than a fixed property of a model.
Statement of Applicability (SoA)ISO 42001 & Management Systems
A core ISO 42001 document listing every Annex A control, whether it applies to the organisation, and if so how it is implemented. It is typically the first document a certification auditor reviews.
Synthetic DataCore AI Governance
Artificially generated data that mimics the statistical properties of real data, often used to train or test AI models without exposing real personal information. Synthetic data can help satisfy data governance requirements, but its quality and representativeness still need to be evaluated.

T

Technical DocumentationEU AI Act
Comprehensive documentation a provider must keep and update, proving that a high-risk AI system complies with the EU AI Act — covering design, development, capabilities, limitations and risk management. It must be available for regulators on request and kept current for the system's lifetime.
See alsoAI Documents
Third-Party AI RiskNIST AI RMF
Risk introduced by AI components — models, datasets, APIs — sourced from vendors rather than built in-house. NIST and ISO 42001 both require organisations to extend their risk management practices to cover these external dependencies, not just systems they build themselves.
Top ManagementISO 42001 & Management Systems
The person or group who directs and controls an organisation at the highest level, referenced throughout ISO/IEC 42001 because AI governance failures are treated as a leadership accountability issue, not solely a technical one.
Training DataCore AI Governance
The dataset used to teach an AI model to perform its task. Frameworks including the EU AI Act (Article 10) require training data to be relevant, sufficiently representative, and checked for errors and bias before a system is deployed.
See alsoData Governance
Trust ProfileUnorma Platform
A public-facing page summarising an organisation's AI governance posture — active frameworks, verified compliance scores, certifications and downloadable documents — shared with procurement teams, partners and regulators via a single link.
See alsoTrust Profile
Trustworthy AICore AI Governance
AI that is valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful bias managed. This is the seven-characteristic definition used by NIST and widely referenced across other frameworks.
See alsoNIST AI RMF
Trustworthy AI Characteristics (NIST)NIST AI RMF
The seven properties NIST defines as essential to trustworthy AI: valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful bias managed.

U

UK AI Cyber Security Code of PracticeOther Global Frameworks
The United Kingdom's voluntary code covering secure design, deployment and operation of AI systems — from supply chain integrity to incident response. It is the clearest AI security benchmark referenced by UK buyers and regulators.
See alsoRead the full UK AI Code guide

V

Vendor Risk ManagementCompliance Operations
The practice of assessing and monitoring the compliance and security posture of third-party AI vendors, models and data providers an organisation relies on. Frameworks increasingly hold organisations accountable for AI risk introduced by their supply chain, not just systems built in-house.
See alsoThird-Party AI Risk

W

Whistleblower ProtectionCompliance Operations
Legal and organisational safeguards for employees who report AI-related misconduct, safety concerns or compliance failures without fear of retaliation. Several frameworks reference whistleblower channels as part of a mature AI governance programme.
White-LabelUnorma Platform
The practice of rebranding a software platform with a reseller's or consultancy's own logo, colours and domain so their end clients see the reseller's brand rather than the underlying vendor's — common among compliance consultancies and law firms managing AI governance for multiple clients.

Don’t see a term you’re looking for?

We’re adding to this glossary regularly — tell us what’s missing.

Suggest a term