What Is Machine Learning?
Machine learning (ML) is a subset of artificial intelligence in which systems learn patterns from data and improve their performance over time without being explicitly programmed for each task. Instead of following hand-coded rules, ML models are trained on datasets to identify patterns, make predictions, or generate outputs. There are three primary types: supervised learning (trained on labelled examples), unsupervised learning (finds patterns in unlabelled data), and reinforcement learning (learns through trial and reward). Deep learning, which uses neural networks with multiple layers, is a subset of machine learning that powers most modern AI applications including language models, image recognition, and autonomous systems.
Machine Learning — the branch of artificial intelligence in which algorithms learn patterns from data and use those patterns to make predictions or decisions, rather than following explicitly programmed rules.
Machine learning is the underlying technique behind most modern AI — supervised learning (most enterprise ML), unsupervised learning (clustering, anomaly detection), reinforcement learning (decision-making over time), and deep learning (neural networks with many layers). Governance-wise, ML systems require training data governance, model validation, performance monitoring, and bias testing in ways that traditional rule-based software does not.
Source: NIST AI RMF; ISO/IEC 22989 (AI concepts and terminology)
Why it matters for governance
Machine learning creates governance challenges that traditional software does not. ML models learn from data, which means they can learn biases present in training data. Their performance degrades over time as real-world conditions change (model drift). Their decision-making logic may not be easily explainable (the black box problem). They can produce confident-sounding outputs that are factually wrong (hallucination). Each of these characteristics requires specific governance controls — model validation, bias testing, drift monitoring, explainability mechanisms, and human oversight — that go beyond standard software quality assurance.