AI governance basics for working professionals

Explain why an organization has AI rules by connecting them to three sources: frameworks like NIST's AI RMF that require transparent policies based on organizational risk priorities[^5]; regulations like the EU AI Act…

Time: 20–25 min
Type: exercise
Bloom: Apply → Create
XP: 100

Concept architecture for AI governance basics for working professionals — Lesson 2.11 — concept architecture

You'll be able to

Explain why an organization has AI rules by connecting them to three sources: frameworks like NIST's AI RMF that require transparent policies based on organizational risk priorities[^5]; regulations like the EU AI Act that sort AI systems by risk level and assign obligations accordingly[^1][^3]; and management-system standards like ISO/IEC 42001 that sit above individual tools as a procurement trust signal.
Classify an AI system as high-risk or not under the EU AI Act by checking whether it falls into categories like medical diagnosis, hiring decisions, or credit scoring, and explain how the Act treats "trustworthy" as shorthand for "acceptable risk" rather than measuring whether people actually trust the system[^1][^3].
Locate the organizational gap by asking the three readiness questions, which AI systems are in use, who is accountable when one is wrong, and whether you can show you are compliant, and recognize that workforce AI literacy under EU AI Act Article 4 is itself a governance control your organization is on the hook for[^2].
Create an inventory-and-accountability checklist for one AI system that integrates governance framework requirements[^5][^6] and the EU AI Act's obligations for high-risk systems[^3], showing how rules shape an organization's AI policies in practice.

Key concepts · tap to reveal

1/15·Watch·Beat 1 · Hook

Hook

Still OWN, now at organizational scale. You learned to be accountable for one AI tool. Now you count fourteen across the company and ask: who owns the risk if one is wrong? Nobody can answer.

Prompt Labruns here · claude

Your task Write a prompt that asks Claude to recommend the right AI setup for a real task you're facing — then weigh its answer against this lesson, "AI governance basics for working professionals."

a strong prompt:role · context · task · format · example

⌘↵ to run

Create a layered pyramid diagram showing AI governance hierarchy with three distinct tiers. Bottom tier: foundational frameworks (NIST AI RMF, OECD AI Principles) in blue boxes. Middle tier: regulatory requirements (EU AI Act, sector-specific regulat — Diagram · generated brief

Exercise · scenario

A regional credit union is deploying an AI system to automate loan approval decisions for personal loans under $50,000. The system analyzes credit history, income verification, and debt-to-income ratios to recommend approval or denial. The compliance officer asks whether this falls under 'high-risk' AI systems as defined by the EU AI Act, given that the credit union has a small European subsidiary serving expatriate customers. The system will make autonomous decisions affecting approximately 200 loan applications monthly in the EU market, with human review available only upon customer appeal.

Deliverable

You will produce a **markdown AI Inventory & Accountability Map** for a real or representative slice of your organization. It must include: (1) an **inventory** of at least three AI systems in use, each with a one-line description and the team that uses it; (2) a **named owner** for each system, the person accountable when it is wrong, or an explicit "no owner yet" flag where there is none; (3) a **risk classification** for each system (is it high-risk under the EU AI Act, and why), citing the applicable category[^3]; (4) a short **GOVERN self-check** covering at least one subcategory from…

Reveal model answer

High-risk AI system under EU AI Act Article 6

Practice · Scenarios

0 of 8 revealed

Scenario 1 of 8

A multinational pharmaceutical company develops an AI system to screen resumes and rank candidates for clinical research positions. The system analyzes education credentials, publication records, and prior research experience to generate a shortlist of top candidates for human recruiters to interview. HR leadership notes that the system will be used across their European, North American, and Asian operations, processing approximately 15,000 applications annually. The Chief People Officer questions whether different governance requirements apply in different jurisdictions and what classification this system receives under EU regulations.

Step 1 · Classify

High-risk AI system under EU AI Act Annex III (employment)Not high-risk because final hiring decisions remain with humansHigh-risk only for EU operations; standard risk elsewhereMinimal-risk system as it assists rather than replaces human judgment

Common misconceptions

“governance only matters if you build models from scratch, so a third-party API or a vendor's pre-trained model is the vendor's problem”
the EU AI Act defines

Sources

[1]OpenAlex API·OpenAlex API > Trustworthy artificial intelligence and the European Union <scp>AI</scp> act: On the conflation of trustworthiness and a > Ab (2025) · Research
[2]OpenAlex API·OpenAlex API > Guiding AI in radiology: ESR’s recommendations for effective implementation of the European AI Act > Abstract (2025) · Research
[3]NIST AI Risk Management Framework 1.0·NIST AI Risk Management Framework 1.0 > Function: GOVERN > Category: GOVERN 1 > GOVERN 1.4: The risk management process and its outcomes are (2025) · Regulation
[4]EU AI Act Article 4 + EC AI Literacy FAQ·EU AI Act Article 4 + EC AI Literacy FAQ > Article 113: (a) (2025) · Regulation
[5]OpenAlex API·OpenAlex API > Guidelines for Human-AI Interaction > INTRODUCTION (2025) · Research

Capstone artifact · auto-graded

Submit your work for review

Paste your capstone artifact below. You'll get back a 4-level rubric grade, per-criterion feedback, and three concrete edits to strengthen it.

0 chars · minimum 50