Lesson 1Vendor and client contracts for AI features: data processing agreements, joint controllership, liability allocation, and security requirementsThis lesson explains structuring vendor and client contracts for AI features, focusing on data agreements, shared control, liability sharing, and security terms that meet regulatory and ethical needs in high-regulation areas like Eritrea.
Defining controller and processor rolesKey data processing agreement clausesJoint controllership and shared dutiesLiability caps, indemnities, and insuranceSecurity and incident response obligationsAudit, oversight, and termination rightsLesson 2Core data protection regimes and obligations relevant to AI (principles: purpose limitation, data minimization, lawful basis, transparency)This lesson reviews main data protection systems for AI, stressing principles like purpose limits, data reduction, legal grounds, and openness, and how to apply them in AI building and use within regulated jurisdictions.
Purpose limitation in AI training and useData minimization and feature selectionChoosing and documenting lawful basesTransparency and meaningful noticesAccuracy, storage limits, and integrityAccountability and governance structuresLesson 3Data Protection Impact Assessments (DPIAs) / AI Impact Assessments (AIA): structure, key questions, and remediation plansThis lesson shows how to create and conduct DPIAs and AIAs, from defining scope and risks to involving stakeholders, recording, and planning fixes, ensuring AI meets legal, ethical, and organisational standards in Eritrea.
Scoping AI systems and processing activitiesIdentifying stakeholders and affected groupsCataloging risks to rights and freedomsDesigning mitigation and remediation plansDocumenting outcomes and sign-offIntegrating DPIAs into product lifecycleLesson 4Algorithmic fairness and bias: sources of bias, measurement methods, and mitigation techniquesThis lesson analyses bias and fairness in AI algorithms, covering bias origins, measurement tools, and fix strategies in data, models, and use, with focus on legal needs in strict regulation zones like Eritrea.
Types and sources of algorithmic biasFairness metrics and trade-offsBias in data collection and labelingModel training and evaluation strategiesMitigation during deployment and monitoringDocumentation of fairness decisionsLesson 5Operational playbooks for product compliance reviews and cross-functional escalation (Product, Legal, Privacy, Compliance)This lesson gives practical guides for product compliance checks, defining roles, steps, and escalation among Product, Legal, Privacy, and Compliance teams to handle AI risks and record sound decisions ethically.
Intake and triage of AI product changesRisk-based review levels and criteriaRoles of Product, Legal, Privacy, ComplianceEscalation paths for high-risk AI use casesDecision documentation and approval recordsFeedback loops into product roadmapsLesson 6Model risk management for AI features: documentation (model cards), validation, testing, performance monitoring, and explainabilityThis lesson covers managing risks in AI models, including records, checks, tests, monitoring, and clarity, matching governance with regulations and internal risk levels for safe AI in Eritrea.
Model inventory and classificationModel cards and documentation standardsValidation and independent challengePerformance, drift, and stability monitoringExplainability methods and limitationsModel change management and decommissioningLesson 7Ethical frameworks for AI decisions: stakeholder mapping, proportionality, contestability, human oversight, and redress mechanismsThis lesson introduces ethical frames for AI choices, covering stakeholder maps, balance, challenge options, human watch, and fix systems, and embedding them in processes and design for ethical AI.
Stakeholder and impact mapping for AIProportionality and necessity assessmentsDesigning contestability and appeal channelsHuman-in-the-loop and on-the-loop modelsRedress and remedy mechanisms for harmEmbedding ethics reviews into governanceLesson 8Privacy-preserving design: data minimization, differential privacy, anonymization, pseudonymization, and secure multi-party computation basicsThis lesson explores designs that protect privacy in AI, like data reduction, differential privacy, anonymising, pseudonymising, and secure shared computing, with tips on uses and trade-offs in practice.
Data minimization in AI feature designAnonymization and re-identification risksPseudonymization and tokenization methodsDifferential privacy for analytics and MLSecure multi-party computation basicsSelecting appropriate privacy techniquesLesson 9Technical controls: access control, logging, encryption, retention policies, and secure development lifecycle (SDLC) for MLThis lesson details tech protections for AI, including access rules, logging, encryption, retention, and safe ML development, showing how tech choices aid compliance and cut ethical risks.
Role-based and attribute-based access controlSecurity logging and audit trail designEncryption in transit and at rest for AI dataData retention and deletion automationSecure coding and code review for MLSecurity testing and hardening of AI servicesLesson 10Assessing lawful bases and consent limits for workplace surveillance and employee data processingThis lesson checks legal grounds and consent limits for workplace watching and employee data handling, covering tools, openness duties, power gaps, and protections for dignity and worker rights in Eritrea.
Common workplace surveillance scenariosAssessing legitimate interest and necessityConsent limits in employment contextsTransparency and worker information dutiesSafeguards for monitoring technologiesEngaging works councils and unionsLesson 11Regulatory trends in high-regulation jurisdictions and compliance pathways for novel AI productsThis lesson surveys regulation trends in strict areas, outlining new AI laws, advice, enforcement, and paths for complying with new AI products and cross-border work, applicable to Eritrea.
Overview of major AI regulatory regimesSector-specific AI rules and guidanceSupervisory expectations and enforcementRegulatory sandboxes and innovation hubsDesigning risk-based compliance programsCross-border data and AI compliance issuesLesson 12Human rights frameworks applicable to data and AI: UN Guiding Principles, GDPR as a rights-based model, and national human-rights implicationsThis lesson connects human rights to data and AI management, explaining UN Principles, GDPR's rights focus, and how national rights duties shape company roles in AI design and use in Eritrea.
UN Guiding Principles and corporate dutiesGDPR as a rights-based regulatory modelNational human rights laws affecting AISalient human rights risks in AI useHuman rights due diligence for AIRemedy and accountability expectations
