Version: 1.0 | Updated: December 2024
This glossary contains technical terms used in the AI-Native Entry Framework™ documentation.
| Term | Definition |
|---|
| AI Act | EU Regulation 2024/1689 - The European Artificial Intelligence Act, world’s first comprehensive regulation of AI systems |
| GDPR | General Data Protection Regulation (EU 2016/679) - EU regulation governing processing of personal data |
| NIS2 | Network and Information Security Directive 2 (EU 2022/2555) - EU cybersecurity regulation for critical infrastructure |
| EDPB | European Data Protection Board - Independent EU body ensuring consistent application of GDPR |
| NÚKIB | National Cyber and Information Security Agency (Czech Republic) |
| ÚOOÚ | Czech Data Protection Authority (Úřad pro ochranu osobních údajů) |
| Term | Definition |
|---|
| Access Control | Security mechanism regulating who can view or use resources |
| Accountability | GDPR principle requiring demonstration of compliance |
| Accuracy | Degree of correctness of AI system outputs |
| AI System | System utilizing artificial intelligence technologies |
| Annex | Appendix to a regulation or directive |
| Annex III | List of high-risk AI application areas in AI Act |
| Anonymization | Irreversible removal of identifying information from data |
| Audit | Systematic review of processes or systems |
| Audit Log | Chronological record of all activities in a system |
| Audit Trail | Chronological record documenting sequence of activities |
| Automated Decision-Making | Decision-making performed by AI without human intervention |
| Term | Definition |
|---|
| Backup | Copy of data stored separately for recovery purposes |
| Balancing Test | Assessment of legitimate interest vs. data subject rights |
| BCM | Business Continuity Management - processes ensuring operations during disruptions |
| Bias | Systematic error in AI model leading to unfair outcomes |
| Bias Testing | Evaluation of AI system for discriminatory outcomes across groups |
| Biometric Data | Physical or behavioral characteristics used for identification |
| Board | Board of Directors - governing body providing oversight |
| Breach | Security incident with unauthorized access to personal data |
| Business Continuity | Ability to continue operations during incidents |
| Term | Definition |
|---|
| CE Marking | Mark confirming compliance with EU legislation |
| Chatbot | AI-powered conversational interface |
| Checklist | Structured list for tracking compliance requirements |
| CISO | Chief Information Security Officer - executive responsible for information security |
| Classification | Categorization according to risk level |
| C-level | Executive leadership (CEO, CTO, CISO, CFO, etc.) |
| Cloud Computing | IT services delivered over the internet |
| Compliance | Adherence to legal requirements |
| Conformity Assessment | Verification that AI system meets requirements |
| Consent | Freely given, specific, informed agreement to data processing |
| Controller | Entity determining purposes and means of personal data processing |
| Critical Infrastructure | Infrastructure essential for society functioning |
| Cryptography | Protection of data using mathematical algorithms |
| CTO | Chief Technology Officer - executive responsible for technology strategy |
| Term | Definition |
|---|
| Dashboard | Visual display of key metrics and status |
| Data Breach | Security incident resulting in unauthorized access to personal data |
| Data Controller | Organization determining purpose of data processing |
| Data Mapping | Process of identifying what data organization processes |
| Data Minimization | Principle of processing only necessary data |
| Data Processing Agreement (DPA) | Contract between controller and processor |
| Data Processor | Entity processing data on behalf of controller |
| Data Protection Impact Assessment (DPIA) | Risk assessment for personal data processing |
| Data Protection Officer (DPO) | Person responsible for GDPR compliance |
| Data Subject | Individual whose personal data is being processed |
| Data Subject Access Request (DSAR) | Individual’s request to access their personal data |
| Deadline | Final date for meeting a requirement |
| Deepfake | AI-generated synthetic media appearing authentic |
| Deployer | Entity that uses AI system under its authority |
| Disaster Recovery | Process of restoring systems after catastrophic event |
| Drift Detection | Monitoring AI system performance changes over time |
| Due Diligence | Thorough investigation of partner or supplier |
| Term | Definition |
|---|
| Encryption | Protection of data using cryptography |
| Encryption at Rest | Encryption of stored data on disk |
| Encryption in Transit | Encryption of data during transfer (TLS) |
| Endpoint Protection | Antivirus and other protection on devices |
| Essential Entity | Category under NIS2 with higher obligations (Annex I sectors) |
| Term | Definition |
|---|
| Fail-safe | Mechanism for safe system failure |
| Firewall | Network perimeter protection |
| Fraud Detection | AI system for detecting fraudulent activity |
| Framework | Structured approach or methodology |
| Term | Definition |
|---|
| General Purpose AI (GPAI) | AI models like GPT, Claude usable for multiple purposes |
| Global Turnover | Total worldwide annual revenue of organization |
| Governance | System of rules, practices, and processes for direction and control |
| Term | Definition |
|---|
| Hallucination | AI-generated output that is factually incorrect |
| High-Risk AI | AI systems classified under AI Act Annex III with significant impact on rights |
| Human Oversight | Ability of humans to intervene in AI decision-making |
| Human-in-the-loop | Requirement for human approval of AI decisions |
| Term | Definition |
|---|
| Important Entity | Category under NIS2 with moderate obligations (Annex II sectors) |
| Incident Management | Process of responding to security incidents |
| Incident Response | Procedures during security incident occurrence |
| Incident Response Plan (IRP) | Document describing incident procedures |
| Information Security Management System (ISMS) | Systematic approach to security management per ISO 27001 |
| Inventory | List of all AI systems in organization |
| Term | Definition |
|---|
| Key Performance Indicator (KPI) | Metric for measuring success |
| Knowledge Cutoff | Date beyond which AI model has no training data |
| Term | Definition |
|---|
| Law Enforcement | Police and judicial authorities |
| Legal Basis | Lawful justification for processing personal data |
| Legitimate Interest | Legal basis under Article 6(1)(f) GDPR |
| Legitimate Interest Assessment (LIA) | Test for legitimate interest justification |
| Limited Risk AI | AI requiring transparency obligations (chatbots, deepfakes) |
| Logging | Recording of events in a system |
| Term | Definition |
|---|
| Machine Learning (ML) | AI technology enabling systems to learn from data |
| Minimal Risk AI | AI with no specific regulatory obligations |
| Mitigation | Measures to reduce risk |
| Model Card | Technical documentation describing AI model |
| Monitoring | Continuous observation of systems |
| Multi-Factor Authentication (MFA) | Authentication using multiple verification methods |
| Term | Definition |
|---|
| 72-hour Rule | GDPR requirement to notify authority of breach within 72 hours |
| Term | Definition |
|---|
| Onboarding | Process of integrating new employees |
| Opt-in | Active granting of consent (checkbox) |
| Oversight | Control and supervision |
| Term | Definition |
|---|
| Patch Management | Process of applying security updates |
| Penalty | Financial punishment for violation |
| Penetration Testing | Simulated attack for security testing |
| Personal Data | Any information relating to identified individual |
| PII | Personally Identifiable Information |
| Policy | Formal statement of organizational rules |
| Post-Market Monitoring | Monitoring of AI system after deployment |
| Privacy by Design | Principle of incorporating protection from the start |
| Privacy Policy | Document informing about data processing |
| Procedure | Step-by-step instructions for performing task |
| Processor | Entity processing data on behalf of controller |
| Prohibited AI | AI systems banned under Article 5 of AI Act |
| Provider | Entity developing or training AI system |
| Pseudonymization | Replacing identifiers with pseudonyms |
| Purpose Limitation | GDPR principle of processing only for specified purposes |
| Term | Definition |
|---|
| RBAC | Role-Based Access Control |
| Record Keeping | Obligation to maintain documentation |
| Records of Processing Activities (ROPA) | List of all personal data processing activities |
| Recovery Point Objective (RPO) | Maximum acceptable data loss |
| Recovery Time Objective (RTO) | Maximum acceptable downtime |
| Resilience | System ability to handle problems |
| Retention | Period of data storage |
| Right to Access | Data subject’s right to obtain copy of their data |
| Right to be Forgotten | Data subject’s right to erasure of data |
| Right to Data Portability | Right to receive data in machine-readable format |
| Right to Object | Data subject’s right to object to processing |
| Right to Rectification | Right to correct inaccurate data |
| Right to Restriction | Right to limit processing of data |
| Risk Assessment | Identification and evaluation of risks |
| Risk Management | Systematic approach to reducing risks |
| Robustness | System ability to function despite errors |
| Term | Definition |
|---|
| SaaS | Software as a Service - cloud-based software delivery |
| Sanction | Penalty for non-compliance |
| Scope | Area to which regulation applies |
| Security Incident | Event threatening security |
| SIEM | Security Incident and Event Management |
| SLA | Service Level Agreement |
| Social Scoring | Evaluation of persons based on behavior (prohibited by AI Act) |
| Special Category Data | Sensitive data under Article 9 GDPR (health, biometric, race, religion, political opinions, genetic data, sex life, trade union membership) |
| Standard Contractual Clauses (SCCs) | Mechanism for data transfer outside EU |
| Storage Limitation | GDPR principle of retaining only as long as necessary |
| Sub-processor | Processor engaged by another processor |
| Supply Chain Security | Protection of products throughout supply chain |
| Term | Definition |
|---|
| Template | Prepared document format with placeholders |
| Terms of Service (ToS) | Contractual conditions with provider |
| Third-party | External provider |
| Threat | Potential danger to system |
| Timeline | Plan of deadlines and milestones |
| Training Data | Data used for training AI model |
| Transfer Impact Assessment (TIA) | Risk analysis for data transfer outside EU |
| Transparency | Openness and clarity |
| Term | Definition |
|---|
| Vendor | External service provider |
| Vendor Management | Process of selecting and managing suppliers |
| Vulnerability | Security weakness in system |
| Vulnerability Management | Process of identifying and fixing vulnerabilities |
| Term | Definition |
|---|
| Wireframe | Visual guide representing user interface structure |
| Workflow | Defined sequence of steps |
| Abbreviation | Full Name | Description |
|---|
| AI Act | Artificial Intelligence Act | EU Regulation 2024/1689 on artificial intelligence |
| GDPR | General Data Protection Regulation | EU Regulation 2016/679 on personal data protection |
| NIS2 | Network and Information Security Directive 2 | EU Directive 2022/2555 on cybersecurity |
| Abbreviation | Full Name | Description |
|---|
| CEO | Chief Executive Officer | Highest-ranking executive |
| CFO | Chief Financial Officer | Executive responsible for finances |
| CISO | Chief Information Security Officer | Executive responsible for information security |
| CTO | Chief Technology Officer | Executive responsible for technology |
| DPO | Data Protection Officer | Person responsible for GDPR compliance |
Last updated: December 2024