AIGP Exam Dumps - Artificial Intelligence Governance Professional

The correct answer isA. While location of processors may have implications (such as for data transfers under GDPR), thereis noabsoluterequirement thatthird-party processors be based in the same country.

From the AI Governance in Practice Report2025and ILT Guide:

“Data controllers are responsible for ensuring that third-party processors have adequate protections, but not necessarily that they reside in the same jurisdiction. What is required is legal safeguards (e.g., SCCs) for international transfers, not same-country location.”

In contrast, DPIAs, DSARs, and implementation of technical/organizational safeguardsare explicitlyrequired underGDPR and responsible AI frameworks.

===========

Machine learning (ML) is a subset of artificial intelligence (AI) where systems use data to learn and improve over time without being explicitly programmed. Option B accurately describes machine learning by stating that systems can automatically improve from experience through predictive patterns. This aligns with the fundamental concept of ML where algorithms analyze data, recognize patterns, and make decisions with minimal human intervention. Reference: AIGP BODY OF KNOWLEDGE, which covers the basics of AI and machine learning concepts.

The EU AI Act categorizes certain applications of AI as high-risk due to their potential impact on fundamental rights and safety. High-risk applications include those used in critical areas such as employment, education, and essential public services. A government-run social scoring tool, which assesses individuals based on their social behavior or perceived trustworthiness, falls under this category because of its profound implications for privacy, fairness, and individual rights. This contrasts with other AI applications like resume scanning tools or customer service chatbots, which are generally not classified as high-risk under the EU AI Act.

AI's resource-intensive computing demands pose significant environmental risks. High-performance computing required for training and deploying AI models often leads to substantial energy consumption, which can result in increased carbon emissions and other environmental impacts. This is particularly relevant given the growing concern over climate change and the environmental footprint of technology. Organizations need to consider these environmental risks when developing AI systems, potentially exploring more energy-efficient methods and renewable energy sources to mitigate the environmental impact.

The GDPR privacy principles that this scenario violates are Purpose Limitation and Data Minimization. Purpose Limitation requires that personal data be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Data Minimization mandates that personal data collected should be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. In this case, collecting extensive personal information (e.g., IP address, location, gender) and potentially using it beyond the necessary scope for the app's functionality could violate these principles by collecting more data than needed and possibly using it for purposes not originally intended.

The correct answer isB. The EU AI Act assigns atiered penalty systembased on the severity of the violation. A breach ofobligations related to high-risk AI systemsfalls into the mid-tier category, triggering fines of €15 million or 3% of annual global turnover.

From the AIGP ILT Guide – EU AI Act Module:

“Providers of high-risk AI systems must comply with strict documentation, testing, monitoring, and registration obligations. Breaches of these result in significant fines of up to €15 million or 3% of turnover.”

AI Governance in Practice Report2025supports this:

“Non-compliance with obligations under Title III (high-risk systems) leads to financial penalties under Article 71(3) of the EU AI Act.”

Note: Thehighest penalty (€35 million or 7%)applies toprohibited AI uses, not to obligations for high-risk systems.

===========

The correct answer isC.Registration in the EU databaseis an obligation ofprovidersof high-risk AI systems—not distributors.

From the AIGP ILT Guide – Roles & Obligations Module:

“Distributors must verify CE marking, ensure instructions for use are provided, inform authorities of risks, and take corrective action when necessary. However, registration duties in the EU database lie with the provider.”

Also from the AI Governance in Practice Report2025:

“The AI Act differentiates responsibilities for developers, providers, importers, and distributors. Only providers of high-risk systems are obligated to register their systems in the EU AI Database.”

Distributors focus onverification and communication, not formal registration.

 

 

The correct answer isA. TheAcceptable Use Policy (AUP)sets the primary terms and conditions under which the AI model can be used, including limitations, prohibited uses, and operational constraints.

From the AIGP ILT Guide:

“The AUP is the most critical document to assess what you can and cannot do with the AI system. It governs use cases, outlines forbidden uses (e.g., disinformation), and supports responsible AI practices.”

Also confirmed in the AI Governance in Practice Report2025(Third-Party AI Assurance section):

“Reviewing and adhering to the acceptable use policy ensures that the model is being used in a manner that aligns with both provider expectations and ethical AI practices.”

===========