Async review
Recap core topics:
- Unit 2: Data Privacy and Governance in Machine Learning
- Unit 3: Regulatory Compliance and Risk Management in Machine Learning
Unit 2: Data Privacy and Governance in Machine Learning
In Unit 2, you explored…
- Privacy and ethical foundations– Key regulations such as GDPR, HIPAA, and CPRA, and the importance of privacy-by-design when handling sensitive ML data.
- Governance frameworks – AREA and SAFE-D as tools to embed accountability, fairness, and explainability across ML systems.
- Compliant data strategies – Practices for data minimisation, metadata tracking, retention limits, and access control to meet legal and ethical standards.
- Quality and fairness – Frameworks to assess data completeness, consistency, and bias, and ensure equitable model performance across user groups.
- Trust through transparency – How strong governance, clear documentation, and inclusive review practices build confidence in ML system outcomes.
Unit 3: Regulatory Compliance and Risk Management in Machine Learning
In Unit 3, you explored…
- ML compliance frameworks – Key regulations and standards, including the EU AI Act, ISO/IEC 23053, and NIST AI RMF, and how they guide safe, transparent ML development.
- System-level risk – Common vulnerabilities across the ML lifecycle, from third-party dependencies and infrastructure gaps to model failure and versioning issues.
- Mitigation and escalation – Proactive practices like workflow gating, anomaly thresholds, and peer reviews, alongside tiered escalation protocols to manage incidents.
- Audit readiness – Documentation and processes needed to demonstrate compliance, including model cards, access logs, and risk registers.
- Organisational accountability – Responsibility mapping across roles, ensuring risks are owned and addressed across development, deployment, and monitoring stages.
What’s at risk in ML systems?
Common compliance risks in real-world ML projects:
- Privacy breaches from poor data governance.
- Fairness gaps due to unrepresentative or biased data.
- Lack of transparency in how models make decisions.
- Missing controls for access, auditability, or incident response.
Governance and compliance foundations in ML
Core frameworks shaping ML practices:
- Regulations: GDPR, AI Act, HIPAA, CCPA – define boundaries for privacy, fairness, and data use.
- Standards: ISO/IEC 23053, NIST AI RMF – guide system interoperability, risk control, and continuous monitoring.
- Frameworks: AREA and SAFE-D – support accountability, explainability, fairness, and ethical oversight across the ML lifecycle.Compliance artefacts****Key artefacts likerisk matrices, audit checklists, and escalation plans help teams anticipate and manage compliance risks.
Action item: Quick reflection - Governance in your role
Which governance or compliance concept feels most relevant to your role—and why?
Think about:
- Where your current work intersects with regulation, transparency, or risk.
- How applying these principles could strengthen trust in your ML systems. Share your response in the chat!