An AI project team needs to consider compliance with data regulations and explainability standards as requirements for a new AI solution.
At what point in the project should the requirements be approached?
Correct Answer: B
In PMI-CP/CPMAI-aligned practice, compliance requirements such as data protection regulations (e.g., privacy laws, data residency) and explainability standards are treated as business and regulatory constraints, not as late technical details. They must therefore be identified and incorporated during the business understanding phase. At this stage, the project manager and stakeholders clarify the problem statement, success criteria, risk appetite, and constraints under which the AI solution must operate. That includes explicitly stating: which regulations apply, what level of transparency or explainability is required, which stakeholders must be able to understand model outputs, and which decisions must remain under human control.
By capturing these requirements early, they directly influence the choice of AI pattern, model families, data sources, architecture, and governance mechanisms. If these constraints are postponed until data preparation or final testing, the team risks discovering that the chosen models are too opaque, the data cannot legally be used as collected, or additional documentation and controls are needed that fundamentally change scope and timeline. CPMAI stresses that responsible AI and regulatory compliance are "built in from the beginning," so the correct point to approach these requirements is the business understanding phase.