- Exam Structure Overview
- Domain Weights & Question Distribution
- Domain 1: Foundational Concepts of AI (18%)
- Domain 2: AI Development Life Cycle (18%)
- Domain 3: Implementing Responsible AI (20%)
- Domain 4: Risk Management for AI (22%)
- Domain 5: AI Regulatory & Jurisdictional Landscape (22%)
- Domain Difficulty Rankings
- Study Time Allocation
- Cross-Domain Concepts
- Frequently Asked Questions
Understanding what's actually on the AIGP exam is the foundation of effective preparation. The exam tests knowledge across 5 distinct domains, each covering different aspects of AI governance—from technical fundamentals to regulatory compliance.
This guide breaks down each domain in detail: what topics are covered, how they're weighted, which are most difficult, and how to allocate your study time effectively. Use this as your roadmap for targeted, efficient exam preparation.
Exam Structure Overview
Domain Weights & Question Distribution
Not all domains are weighted equally. Domains 4 and 5 together account for 44% of the exam—nearly half your score. Understanding this distribution is critical for prioritizing your study time.
Domains 4 and 5 are both the highest weighted (22% each) AND the most difficult according to candidate feedback. These domains deserve disproportionate study attention—not just proportional to their weight, but extra time because they're harder to master.
Domain 1: Foundational Concepts of AI (18%)
Foundational Concepts of Artificial Intelligence
This domain establishes the technical foundation you need to govern AI systems effectively. You don't need to build ML models, but you must understand how they work well enough to assess their risks and governance implications.
For technical professionals: Don't skip this domain just because you know ML. The exam tests concepts through a governance lens—focus on how technical characteristics create governance challenges.
For non-technical professionals: Invest extra time here. You don't need to code, but you must understand concepts like bias in training data, model opacity, and why certain AI applications are higher risk.
Domain 2: AI Development Life Cycle (18%)
AI Development Life Cycle
This domain covers how AI systems are built, from data collection through deployment and monitoring. Understanding the development lifecycle is essential for knowing where governance controls should be applied.
Focus on understanding where governance interventions belong in the lifecycle. The exam tests your ability to identify which stage of development a governance control addresses.
High-value topics: Data documentation (datasheets for datasets), model documentation (model cards), and post-deployment monitoring are heavily tested.
Domain 3: Implementing Responsible AI (20%)
Implementing Responsible AI
This domain covers the practical implementation of ethical AI principles. It bridges abstract ethics concepts with concrete organizational practices, policies, and governance structures.
Key distinction: Know the difference between fairness definitions (demographic parity, equalized odds, individual fairness) and when each is appropriate. This is frequently tested.
Organizational focus: Many questions ask about governance structures—who should be on an AI ethics board, how to structure oversight, when human review is required.
Domain 4: Risk Management for AI (22%)
Risk Management for AI
This domain focuses on identifying, assessing, and mitigating AI-specific risks. Heavy emphasis on the NIST AI Risk Management Framework (AI RMF) and practical risk assessment methodologies.
NIST AI RMF is critical: Know the four core functions (Govern, Map, Measure, Manage) cold. Understand what activities belong to each function and how they interrelate. Many questions present scenarios and ask which function applies.
Practical application: Focus on how to actually conduct risk assessments, not just theory. The exam tests your ability to identify appropriate risk responses in real scenarios.
The NIST AI Risk Management Framework is the backbone of Domain 4. Download and study the actual NIST AI RMF document (free at nist.gov). Know each function's purpose, subcategories, and how they connect. This single framework could represent 10-15 exam questions.
Domain 5: AI Regulatory & Jurisdictional Landscape (22%)
AI Regulatory and Jurisdictional Landscape
The most challenging domain according to candidate feedback. Covers global AI regulations with heavy emphasis on the EU AI Act, plus US approaches, sector-specific rules, and emerging international frameworks.
EU AI Act dominates: This single regulation could represent 50%+ of Domain 5 questions. Know the risk classification system cold: what's prohibited, what's high-risk, what triggers each category, and what requirements apply.
Classification scenarios: Many questions present AI use cases and ask you to classify them under the EU AI Act. Practice this skill extensively.
Candidates consistently report Domain 5 as the most difficult. The EU AI Act alone contains hundreds of specific requirements, classifications, and exceptions. Allocate at least 25-30% of your total study time to this domain. Read the actual EU AI Act text, not just summaries.
Domain Difficulty Rankings
Based on candidate feedback and community discussions, here's how the domains rank by difficulty:
| Rank | Domain | Difficulty | Why It's Challenging |
|---|---|---|---|
| 1 (Hardest) | Domain 5: Regulatory Landscape | ⭐⭐⭐⭐⭐ | EU AI Act complexity, constantly evolving, detailed requirements |
| 2 | Domain 4: Risk Management | ⭐⭐⭐⭐ | NIST AI RMF depth, practical application scenarios |
| 3 | Domain 3: Responsible AI | ⭐⭐⭐ | Nuanced ethical concepts, organizational implementation |
| 4 | Domain 2: Development Lifecycle | ⭐⭐⭐ | Technical processes, documentation requirements |
| 5 (Easiest) | Domain 1: Foundations | ⭐⭐ | Conceptual understanding, less application-focused |
Notice that the two hardest domains (4 and 5) are also the two most heavily weighted (22% each). This isn't coincidence—these domains represent the core competencies IAPP wants AIGP holders to demonstrate. Don't underestimate them.
Recommended Study Time Allocation
Allocate your study time based on both domain weight AND difficulty. Here's our recommended distribution for a 60-hour study plan:
Adjust Based on Your Background
| Your Background | Add Time To | Reduce Time From |
|---|---|---|
| Privacy Professional (CIPP) | Domain 1 (AI fundamentals), Domain 2 (technical lifecycle) | Domain 5 (regulatory—you have a head start) |
| Technical AI/ML Background | Domain 5 (regulatory), Domain 4 (governance frameworks) | Domain 1 (foundations), Domain 2 (lifecycle) |
| Legal/Compliance Background | Domain 1 (AI fundamentals), Domain 2 (technical lifecycle) | Domain 3 (governance concepts may be familiar) |
| New to Both Fields | All domains need full attention | None—follow the standard allocation |
Cross-Domain Concepts
Some concepts appear across multiple domains. Mastering these gives you leverage across the exam:
| Cross-Domain Concept | Appears In | Why It Matters |
|---|---|---|
| Bias & Fairness | D1, D2, D3, D4, D5 | Technical causes, lifecycle prevention, ethical frameworks, risk assessment, regulatory requirements |
| Transparency & Explainability | D1, D3, D4, D5 | Technical limitations, governance requirements, EU AI Act mandates |
| Human Oversight | D3, D4, D5 | Governance structures, risk controls, regulatory requirements (EU AI Act) |
| Documentation | D2, D4, D5 | Model cards, risk records, EU AI Act technical documentation |
| Risk Assessment | D3, D4, D5 | Impact assessments, NIST AI RMF, EU AI Act classification |
When studying cross-domain concepts, note how the same topic is treated differently in each domain. For example, "bias" in Domain 1 is about technical causes; in Domain 3 it's about fairness principles; in Domain 4 it's about risk assessment; in Domain 5 it's about regulatory requirements. Understanding these connections helps you answer questions that bridge multiple domains.
Frequently Asked Questions
The 5 AIGP exam domains are: Domain 1 - Foundational Concepts of AI (18%), Domain 2 - AI Development Life Cycle (18%), Domain 3 - Implementing Responsible AI (20%), Domain 4 - Risk Management for AI (22%), and Domain 5 - AI Regulatory and Jurisdictional Landscape (22%).
Domain 5 (Regulatory Landscape) is consistently rated as the most difficult, followed by Domain 4 (Risk Management). Domain 5's difficulty comes from the detailed EU AI Act content and constantly evolving global regulations. These two domains also have the highest weight (22% each), making them critical to master.
Based on domain weights and 85 scored questions: Domain 1 has ~15 questions, Domain 2 has ~15 questions, Domain 3 has ~17 questions, Domain 4 has ~19 questions, and Domain 5 has ~19 questions. Note that 15 additional unscored pretest questions are distributed across domains.
The AIGP Body of Knowledge (BoK) is IAPP's official outline of topics covered on the exam. It defines the 5 domains, their subtopics, and required knowledge areas. The current version is 2.1, effective February 3, 2026. Free access is included with IAPP membership.
Allocate based on weight AND difficulty: Domain 5 (27-30%), Domain 4 (23-25%), Domain 3 (18-20%), Domain 2 (13-17%), Domain 1 (10-13%). Adjust based on your background—technical professionals should spend more on regulatory content, while privacy professionals may need extra time on AI fundamentals.
Yes, extremely. The NIST AI Risk Management Framework is central to Domain 4. Know the four core functions (Govern, Map, Measure, Manage), their subcategories, and how to apply them in scenarios. This single framework could represent 10-15 exam questions.
The EU AI Act is heavily tested—it likely represents 50%+ of Domain 5 questions (approximately 10+ questions total). Know the risk classification system (prohibited, high-risk, limited risk, minimal risk), what triggers each category, and specific requirements for high-risk AI systems.
You need conceptual understanding, not coding ability. Domain 1 tests whether you understand how AI systems work well enough to govern them—types of ML, how bias enters systems, why models are opaque. You don't need to build models, but you must understand their governance implications.
Summary: Mastering the 5 Domains
Success on the AIGP exam requires understanding all five domains, with particular attention to the heavily weighted and more difficult Domains 4 and 5. Key takeaways:
- Domain 1 (18%): AI fundamentals—build conceptual understanding of how AI systems work
- Domain 2 (18%): Development lifecycle—know where governance controls belong in the AI pipeline
- Domain 3 (20%): Responsible AI—bridge ethics principles with practical organizational implementation
- Domain 4 (22%): Risk management—master NIST AI RMF inside and out
- Domain 5 (22%): Regulatory landscape—deep dive into EU AI Act; this is the hardest domain
Allocate your study time strategically: the hardest domains (4 and 5) deserve more than their proportional weight. Adjust based on your professional background, and use practice questions to identify domain-specific weaknesses early in your preparation.
Practice Questions for Every Domain
Test your knowledge across all 5 AIGP domains with our comprehensive practice question bank—with detailed explanations for every answer.