1# AIGF Principles Catalog
2title: AI Governance Framework Principles
3metadata:
4 id: AIR-PRIN
5 type: PrincipleCatalog
6 gemara-version: "1.1.0"
7 description: >
8 Core principles underpinning the FINOS AI Governance Framework.
9 Each principle represents a foundational value that one or more
10 AIGF mitigations (guidelines) are designed to uphold.
11 version: 0.1.0
12 author:
13 id: finos
14 name: FINOS
15 type: Human
16 mapping-references:
17 - id: FINOS-AIR
18 title: AI Governance Framework
19 version: 0.1.0
20 url: "https://aigf.finos.org"
21 description: FINOS AI Governance Framework mitigations and risks
22
23groups:
24 - id: data-protection
25 title: Data Protection
26 description: >
27 Principles governing the handling, classification, and minimization
28 of sensitive data within AI systems.
29 - id: security-architecture
30 title: Security Architecture
31 description: >
32 Principles addressing layered defenses and resilience in AI
33 system design.
34 - id: governance
35 title: Governance
36 description: >
37 Principles ensuring transparency, accountability, and auditability
38 of AI data processing activities.
39
40principles:
41 - id: AIR-PRIN-001
42 title: Proactive Data Sanitization
43 group: data-protection
44 description: >
45 Apply filtering and anonymization techniques before data enters the
46 AI processing pipeline, vector databases, or any external service
47 endpoints.
48
49 - id: AIR-PRIN-002
50 title: Data Classification Awareness
51 group: data-protection
52 description: >
53 Understand and respect the sensitivity levels and access controls
54 associated with source data when determining appropriate filtering
55 strategies.
56
57 - id: AIR-PRIN-003
58 title: Principle of Least Exposure
59 group: data-protection
60 description: >
61 Only include data in AI systems that is necessary for the intended
62 business function, and ensure that even this data is appropriately
63 de-identified or masked when possible.
64
65 - id: AIR-PRIN-004
66 title: Defense in Depth
67 group: security-architecture
68 description: >
69 Implement multiple layers of filtering at data ingestion, during
70 processing, and at output generation to create robust protection
71 against data leakage.
72
73 - id: AIR-PRIN-005
74 title: Auditability and Transparency
75 group: governance
76 description: >
77 Maintain clear documentation and audit trails of what data filtering
78 processes have been applied and why.