A plain-language reference for the AI, compliance and governance terms you will meet across our platform — written for the people who have to act on them, not just the specialists.
AI terms
LLM (Large Language Model)
A model trained on large volumes of text to predict and generate language. It powers chat assistants, summarisation and drafting, and is the engine behind most generative AI tools.
Agentic AI
AI that can plan and take a sequence of actions toward a goal, often calling tools or other systems along the way. Because it acts rather than just answers, it needs tighter oversight.
RAG (Retrieval-Augmented Generation)
A technique that retrieves relevant documents and feeds them to a model so its answers are grounded in your own data. It improves accuracy and lets you trace where an answer came from.
Shadow AI
AI tools and assistants used inside an organisation without approval or visibility from IT or governance. It is a common source of unmanaged risk because no one owns or monitors it.
Model drift
The gradual decline in a model's accuracy as the real-world data it sees moves away from the data it was trained on. Drift is why deployed models need ongoing monitoring.
Inference
The act of running a trained model to produce an output for a given input. In practice, inference is what you pay for every time a model answers a request.
Fine-tuning
Further training a base model on your own examples so it performs better on a specific task or domain. It tailors behaviour without building a model from scratch.
Foundation model
A large, general-purpose model trained broadly so it can be adapted to many downstream tasks. It serves as the starting point that teams customise or build on.
Compliance terms
EU AI Act
The European Union's regulation governing AI, which sorts systems into risk tiers and sets obligations for each. It is a primary driver of formal AI governance for organisations operating in or selling into the EU.
High-risk AI system
An AI use case the EU AI Act treats as carrying significant potential for harm, such as systems affecting employment or access to services. These systems attract the strictest obligations.
Obligation
A specific requirement a law or standard places on you, such as keeping documentation or running human oversight. Governance work largely consists of meeting obligations and proving you have.
Conformity assessment
The process of checking that an AI system meets the requirements that apply to it before and during use. It produces the evidence that the system is compliant.
ISO/IEC 42001
The international management-system standard for artificial intelligence, describing how to govern AI responsibly across its lifecycle. It gives organisations a recognised framework to align to.
NIST AI RMF
The US National Institute of Standards and Technology AI Risk Management Framework, a voluntary structure for identifying and managing AI risk. It is widely used to organise governance practice.
DORA (Digital Operational Resilience Act)
EU regulation that sets operational-resilience requirements for financial entities, including oversight of the technology and third parties they depend on. AI systems often fall within its scope.
Segregation of Duties (SoD)
A control principle that splits a sensitive process across people so no single person can both perform and approve it. It reduces the risk of error and abuse.
Governance terms
Control
A safeguard put in place to manage a specific risk, such as a review step or an access restriction. Controls are how policy turns into something that actually happens.
Evidence
The records that show a control was applied and an obligation was met, such as logs, approvals or assessments. Without evidence, compliance is only a claim.
Risk register
A single record of the risks you have identified, along with their severity, owner and treatment. It is the central view auditors and leaders use to understand exposure.
Audit log
A durable, time-stamped record of who did what and when. A trustworthy audit log lets you reconstruct events and demonstrate accountability.
Assurance
Independent confidence that controls are working as intended, based on evidence rather than assumption. It is what lets leadership and regulators rely on your governance.
Readiness score
A summary measure of how prepared an AI system or organisation is against a given standard or regulation. It turns a complex picture into a starting point for action.
Chargeback
Attributing the cost of AI usage back to the team or business unit that incurred it. Chargeback makes consumption visible and gives owners a reason to manage it.
Cost per successful task (CPST)
The total AI spend divided by the number of tasks completed successfully, not just calls made. It reframes AI cost around value delivered rather than raw usage.
Know the terms? Now see your exposure.
Put the concepts to work against your own AI estate.