The IAPP catalogue of professional credentials has expanded rapidly as the privacy and AI fields have grown. The Artificial Intelligence Governance Professional (AIGP) credential, launched in 2024, sits alongside the established CIPP family (Certified Information Privacy Professional, with regional variants for Europe, US, Canada, and Asia). The credentials cover overlapping but distinct subject matter, and choosing between them — or sequencing them — depends on the role you are aiming at over the next two to three years.
AIGP: The Newest, Fastest-Growing Credential
AIGP covers the foundations of AI, AI risks and harms, AI governance frameworks (including the EU AI Act, NIST AI RMF, ISO 42001, and emerging requirements), AI risk management, and operational deployment of AI governance programmes. The credential is positioned for professionals building or operating AI governance programmes — the responsible AI lead, the AI governance lead, the privacy professional whose remit has expanded to include AI.
AIGP demand has grown rapidly because the underlying role is being created across organisations — most enterprises did not have a named AI governance owner two years ago. The credential signals a level of fluency in the framework landscape that hiring managers can verify quickly. For professionals looking to position themselves for AI governance roles, it is currently the most direct credentialing path.
CIPP: The Established Privacy Foundation
The CIPP family — CIPP/E for European data protection law, CIPP/US for US privacy law, CIPP/C for Canadian, CIPP/A for Asia — provides depth in privacy law and regulation. CIPP/E is the most widely held internationally because GDPR has the broadest extraterritorial reach. A CIPP credential signals genuine expertise in privacy law, not just programme operation, and remains the baseline for senior privacy roles.
CIPP holders typically work as data protection officers, privacy counsel, privacy programme managers, or in legal teams advising on data protection. The credential is heavily regulatory and legal in orientation. Operational privacy practitioners often pair CIPP with the Certified Information Privacy Manager (CIPM) credential, which focuses on operating a privacy programme rather than knowing the law.
How They Overlap and Where They Diverge
Both AIGP and CIPP/E cover EU regulation around personal data, automated decision-making, and individual rights. The overlap is meaningful — privacy and AI governance share substantial ground because most AI systems process personal data. The divergence is in depth versus breadth. CIPP/E goes deep on data protection law specifically. AIGP goes broad across multiple AI governance frameworks while staying lighter on legal detail.
A pattern that is becoming common: privacy professionals adding AIGP to their credential portfolio because their organisation's AI initiatives have landed on their plate. The combination of CIPP/E + AIGP is genuinely valuable for the practitioner whose remit is privacy with significant AI overlap. Doing AIGP without any privacy foundation is possible but loses some of the regulatory grounding the field requires.
Sequencing for Different Career Stages
- Early-career privacy professional — start with CIPP regional credential matched to your jurisdiction
- Mid-career privacy professional with AI exposure — add AIGP, especially if AI governance is becoming part of the role
- AI governance role from a non-privacy background — start with AIGP, consider CIPP later for regulatory depth
- Legal counsel covering both areas — CIPP for law, AIGP for framework fluency
- Senior privacy programme leader — CIPP + CIPM + AIGP is a complete portfolio that aligns to where the field is going
A Note on Other Adjacent Credentials
CDPSE (Certified Data Privacy Solutions Engineer) from ISACA fills a different role — privacy engineering and technical implementation rather than governance or law. For technical privacy professionals working on system design, encryption strategy, data minimisation in architecture, CDPSE complements CIPP and AIGP rather than substituting for them. The right portfolio for a senior privacy leader at a technically complex organisation often includes a representative from each domain.