This guide covers every domain tested in the AIFA examination. The exam is free, scenario-based, and assesses applied understanding rather than memorisation. Work through each domain and the embedded scenarios — that is the preparation.
What separates a production AI system from a prototype
Production systems include monitoring, logging, fallback mechanisms, and defined incident response — a notebook that works is not production-ready.
Training knowledge cutoffs cause stale answers about post-cutoff events. The fix is retrieval augmentation or fine-tuning, not prompt engineering.
Distribution shift — production data drifting away from training data — is the most common cause of silent degradation over time.
"Hallucination" is a precise term for confidently-stated false information. Confidently wrong answers about post-cutoff events are knowledge gaps, not hallucination.
SCENARIO
A chatbot trained in 2022 is still in production in 2025 giving wrong answers about new product releases. The correct diagnosis is distribution shift / training cutoff — the fix is retrieval augmentation or scheduled retraining, not a bigger model.
Domain 2 · Data Protection and Privacy
Personal data flows through AI systems differently
GDPR right-to-erasure extends to derived data — trained models and vector embeddings count as personal data if they can identify the individual via retrieval or extraction.
Any third-party AI API that processes EU personal data is a data processor under GDPR — a Data Processing Agreement and a lawful basis are required before sending data.
Sending personal data to a processor without a DPA is a GDPR violation. Depending on risk it can be a notifiable breach with a 72-hour supervisory authority window.
RAG-based assistants that embed customer data store personal data in the vector database. Erasure must delete both source records and derived vectors.
SCENARIO
You discover an AI assistant has been sending customer names and emails to an LLM API for three months without a DPA. The correct response includes assessing breach notifiability, notifying the DPO, potentially notifying the supervisory authority within 72 hours, and documenting the incident.
Domain 3 · Ethics and Bias
How bias enters AI systems and what to do about it
Disparate impact — systematic performance differences across demographic groups — is treated as discrimination regardless of intent.
Proxy discrimination uses a seemingly neutral variable (like zip code) that encodes a protected characteristic. Allowed by no fairness framework.
Feedback loop bias perpetuates historical inequality — a model trained on outcomes from a discriminatory historical process will reproduce that discrimination.
Survivorship bias affects credit and hiring models trained only on accepted candidates — the model has no information about excluded populations.
Demographic parity (equal positive prediction rate across groups) is mathematically in tension with equal accuracy. Choose the right metric for the context.
SCENARIO
A hiring AI flags female candidates as "flight risk" based on historical attrition data tied to childcare. The correct framing is feedback loop bias — the model is perpetuating systemic inequality, not predicting individual potential.
Domain 4 · Human Oversight and Governance
Where humans must stay in the loop
Human-in-the-loop design is about accountability and error interception, not throughput. High-stakes decisions require substantive — not performative — human review.
Automation bias is when humans always follow AI recommendations, rendering oversight functionally meaningless. Regulators look at substance.
Consequential automated actions (account suspensions, treatment plans, loan declines) require human review before execution, not after.
EU AI Act high-risk systems (employment, credit, healthcare, law enforcement) must provide explanations, allow human review, and permit contestation.
Ultimate accountability for AI deployment rests with leadership — they authorised it.
SCENARIO
A bank deploys an AI loan model where officers always accept the recommendation. The bank claims "humans make final decisions." This is functionally automated decision-making and triggers GDPR Article 22 obligations.
Domain 5 · Security and Adversarial Inputs
AI-specific attack surfaces
Prompt injection — malicious instructions in user-controlled content — has no traditional security analogue. Treat any user input that reaches the prompt as untrusted.
Adversarial examples exploit decision boundaries with inputs imperceptible to humans. Test accuracy alone does not guarantee robustness.
Training data extraction attacks let attackers reconstruct verbatim training data via repeated queries. Risk is highest for unique or rare content.
Token-aware rate limiting — not just request-count limiting — is required to prevent cost-amplification attacks.
Domain 6 · Reliability and Operations
Detecting and recovering from AI failures
Roll back first, investigate second. A regressed model in production causes ongoing harm. Rollback should be fast and rehearsed.
Silent failures — wrong outputs delivered without errors — require output quality monitoring against a baseline. Infrastructure monitoring does not catch them.
Vendor model updates can silently change output schema. Always validate output schema and run regular eval suites.
Production resilience requires model abstraction, fallback logic, and availability monitoring — not single-provider dependency.
SCENARIO
Your system has been live for four months with no major incidents. The CEO asks "is it still performing as well as launch?" The honest answer requires automated quality eval scores compared to a launch baseline — not ticket volume, not API latency.
Domain 7 · Responsible Deployment
Pre-launch and live obligations
EU AI Act Article 52 requires disclosing AI interaction to users unless objectively obvious. Applies broadly, not just to high-risk systems.
High-risk AI systems (Annex III) require a conformity assessment covering risk management, data governance, transparency, human oversight, accuracy, and robustness before placing on the market.
Safety controls cannot be bolted on after launch — they are architecturally foundational. An incident before controls is company-ending.
Hallucination mitigation in high-stakes domains requires both technical controls (RAG with citation) and process controls (qualified human review).
Domain 8 · AI Governance and Documentation
What organisations must document and review
Model cards include intended use, limitations, training data overview, subgroup performance, and bias evaluations — not just aggregate accuracy.
GDPR Article 35 mandates a Data Protection Impact Assessment before high-risk processing — large-scale personal data plus new technology (AI) triggers a DPIA.
Consent is purpose-limited. Training a commercial model on data collected for "service improvement" exceeds the original consent and requires fresh legal basis.
Employment AI (recruitment, screening, performance review) is explicitly high-risk under EU AI Act Annex III.
Domain 9 · Practical AI Literacy
The judgment calls a fundamentals-level practitioner must get right
For high-stakes decisions, equitable performance across demographic groups matters as much as aggregate accuracy.
LLM-to-database pipelines need structured output enforcement, schema validation, and fallback handling — not one of the three.
Eval suites measure what you tested. Synthetic eval data systematically misses real user behaviour. Build evals from real production queries.
Agents with destructive tool access (delete, send, transfer) require explicit confirmation for irreversible actions even given general user authorisation.
Production readiness is multi-dimensional: technical (evals, validation, monitoring, rollback), operational (incident response), and compliance (legal, regulatory).