IAPP

The IAPP is a professional association for information privacy. Its certifications cover regional data protection laws, privacy program management, technical privacy engineering, and artificial intelligence governance.

7Exams

Available Exams

AIGP

Artificial Intelligence Governance Professional

CIPP-E

Certified Information Privacy Professional/Europe (CIPP/E)

CIPM

Certified Information Privacy Manager

CIPP-US

Certified Information Privacy Professional/United States (CIPP/US)

CIPT

Certified Information Privacy Technologist (CIPT)

CIPP-A

Certified Information Privacy Professional/Asia (CIPP/A)

CIPP-C

Certified Information Privacy Professional/Canada (CIPP/C)

The Organization Behind the Credentials

The International Association of Privacy Professionals (IAPP) formed in 2000. At the time, data privacy was a niche concern handled primarily by legal departments. Today, the IAPP reports over 75,000 members worldwide, making it the largest professional association focused on information privacy.

As governments introduced strict data protection regulations over the last decade, organizations faced heavy fines for non-compliance. They needed proof that their legal, IT, and management teams understood how to handle sensitive data. The IAPP filled this gap. Its certifications act as the baseline standard for hiring Data Protection Officers, compliance managers, and privacy engineers across both public and private sectors.

Continue Reading

IAPP Certification Paths

The IAPP divides its credentialing into specific domains rather than vertical experience tiers. The Certified Information Privacy Professional (CIPP) focuses on regional laws and regulations. The Certified Information Privacy Manager (CIPM) covers privacy program operations. The Certified Information Privacy Technologist (CIPT) targets IT professionals building privacy into technology. A fourth path, the Artificial Intelligence Governance Professional (AIGP), addresses the safe and responsible deployment of AI systems.

Navigating Regional Privacy Laws

Privacy legislation changes depending on where the data subject lives. The IAPP addresses this by splitting the CIPP credential into regional variants.

The CIPP-E (Certified Information Privacy Professional/Europe (CIPP/E)) is the most widely recognized credential in the IAPP catalog. Its popularity surged alongside the enforcement of the General Data Protection Regulation (GDPR). The exam tests your knowledge of European data protection frameworks, cross-border data transfer mechanisms, and the specific rights of data subjects under EU law. Multinational corporations view the CIPP-E as mandatory for compliance teams operating within the European Economic Area.

For professionals working with American data, the CIPP-US (Certified Information Privacy Professional/United States (CIPP/US)) focuses on the fragmented landscape of US privacy law. Unlike Europe, the US lacks a single federal privacy framework. The CIPP-US covers federal requirements for healthcare and finance, alongside state-level mandates like the California Consumer Privacy Act (CCPA). It requires candidates to understand how different jurisdictional rules overlap and conflict.

Privacy Operations and Engineering

Knowing the law is only half the requirement. Organizations must operationalize those rules.

The CIPM (Certified Information Privacy Manager) tests your ability to run a privacy program. The exam asks you to translate legal mandates into daily business practices. Candidates must demonstrate how to manage data inventories, conduct privacy assessments, and respond to data breaches. Hiring managers look for the CIPM when filling privacy operations roles, as it proves a candidate can manage risk across an entire organization.

While the CIPM targets management, the CIPT (Certified Information Privacy Technologist (CIPT)) targets the engineering and IT departments. The CIPT proves you can build privacy controls directly into software, networks, and data architectures. It covers encryption, anonymization techniques, and privacy-by-design principles. If your job involves designing databases or securing cloud infrastructure, the CIPT shows you understand the technical side of data protection.

AI Governance

In April 2024, the IAPP launched the AIGP (Artificial Intelligence Governance Professional). The rapid adoption of machine learning created new legal and ethical risks, prompting the IAPP to create a dedicated credential for AI oversight.

The AIGP tests your understanding of the AI technology stack, machine learning lifecycles, and emerging regulatory frameworks like the EU AI Act and NIST guidelines. It targets compliance officers and product managers who must evaluate whether an AI model operates safely and legally. The exam places a heavy emphasis on identifying the core risks posed by AI systems and implementing responsible AI principles during the development phase.

Exam Format and Delivery

IAPP exams carry a reputation for difficulty. They do not test simple rote memorization. Most questions present complex organizational scenarios and ask you to identify the correct legal or operational response.

Core exams, including the CIPP, CIPM, and CIPT, contain 90 multiple-choice questions. You have 150 minutes to complete the test. Out of the 90 questions, only 75 count toward your final score. The IAPP uses the remaining 15 as unscored pre-test items to evaluate future exam material.

The AIGP exam follows a slightly longer format. It contains 100 questions, with 85 scored items, and gives candidates 180 minutes. The test is split into two sections of 50 questions, with a break in the middle. Once you submit the first section, you cannot return to review those answers.

All IAPP exams use a scaled scoring system from 100 to 500. You must achieve a score of 300 to pass. Because the difficulty of individual questions varies, the exact number of correct answers needed to reach 300 shifts slightly from one exam form to another. The IAPP does not provide a specific breakdown of how many questions you answered correctly upon completion, returning only a percentage performance across the exam's domains.

Maintaining the Credential

Privacy frameworks do not remain static. The IAPP updates its exam blueprints and bodies of knowledge annually to reflect new legislation and court rulings. For example, a new version of the AIGP body of knowledge takes effect in February 2026 to cover recent developments in artificial intelligence regulation.

Once certified, professionals must maintain their status through continuing privacy education (CPE). The IAPP requires credential holders to earn 20 CPE credits every two years and pay an annual certification maintenance fee. Members fulfill these requirements by attending privacy conferences, writing articles, or participating in IAPP chapter meetings. If a credential holder fails to meet the CPE requirement by their biennial deadline, their certification is suspended and they must retake the exam to regain their status.