Question 12
IIAn organization is evaluating a new AI system and wants to identify legal obligations beyond privacy requirements. Based on the source material, which approach is most appropriate?
Correct answer: B
Explanation
AI systems may be subject to existing non-privacy laws and other legal requirements, so compliance review should extend beyond privacy-focused analysis. — aigp-study-guide-2026.pdf
Why each option is right or wrong
A. Review only privacy laws because AI obligations are limited to personal data use
Existing laws beyond privacy may apply to AI systems and related activities.
B. Assess how non-privacy laws and other existing legal requirements may apply to the AI system
The source material states that organizations should understand how non-privacy laws and other existing legal requirements may apply to AI systems. Because the organization is identifying obligations beyond privacy requirements, a broader legal review is the appropriate approach here.
C. Delay legal review until the AI system is deployed and any issues become concrete
The material addresses how existing laws apply to AI systems, not only after deployment.
D. Assume existing laws do not apply unless a statute specifically mentions artificial intelligence
Existing legal requirements may apply to AI even when framed as general laws.