← Back to templates
Download Markdown
AI System Register Template
Comprehensive register template aligned with EU AI Act registration and traceability expectations.
Category: Inventory • Risk level: Minimal
# AI System Register (EU AI Act-Aligned) > **Purpose:** This register helps providers and deployers maintain structured records of AI systems used or placed on the market. > **Legal references:** Art. 6, Art. 9-15, Art. 17, Art. 26, Art. 49, Art. 60, Annex III, Annex VIII (EU AI Act 2024/1689). --- ## Section A — Record Control 1. Register entry ID: [REG-YYYY-###] 2. Date created: [YYYY-MM-DD] 3. Last updated: [YYYY-MM-DD] 4. Record owner (name/role): [Name] 5. Business unit: [Unit] 6. Review frequency: [Monthly/Quarterly] 7. Version history link: [URL or folder path] **Why this matters:** Traceability and accountability are foundational across AI Act obligations. --- ## Section B — System Identification 8. AI system name: [Name] 9. Internal code name: [Code] 10. Model/system version: [vX.Y] 11. Deployment status: [Design/Pilot/Production/Retired] 12. Intended purpose: [Short statement] 13. Primary use case: [Use case] 14. Secondary use cases: [List] 15. Geographic scope: [EU member states / global] 16. User groups affected: [Customers/Employees/Candidates/etc.] **Example:** - AI system name: "TalentRank Assist" - Intended purpose: "Support recruiter shortlisting for junior analyst roles" - Status: "Production" --- ## Section C — Role & Market Placement 17. Role in this system: [Provider/Deployer/Importer/Distributor/Authorized Representative] 18. If provider: legal entity name and EORI/VAT: [Details] 19. If deployer: legal entity and responsible manager: [Details] 20. Placed on market date (if applicable): [YYYY-MM-DD] 21. Placed in service date: [YYYY-MM-DD] 22. Trademark/branding owner: [Entity] 23. Substantial modification performed? [Yes/No] 24. If yes, modification summary: [Description] **Why this matters:** Obligations differ heavily by role (not just by technology type). --- ## Section D — Risk Classification 25. Initial risk classification: [Minimal/Limited/High/Unacceptable candidate] 26. Classification rationale: [Reasoning] 27. Annex III category (if high-risk): [Category + point] 28. Prohibited practice screening completed? [Yes/No] 29. Prohibited practice result (Art. 5): [No hit / escalated] 30. Date of latest classification review: [YYYY-MM-DD] 31. Reviewer name/role: [Name] **Guidance note:** Record both the category and the legal trigger, not just a color label. --- ## Section E — Data & Inputs 32. Input data types: [Text/Image/Biometric/Behavioral/etc.] 33. Personal data involved? [Yes/No] 34. Special category data involved? [Yes/No] 35. Data source(s): [Internal/Vendor/Public] 36. Training data provenance documented? [Yes/No/N/A] 37. Validation/testing datasets documented? [Yes/No/N/A] 38. Data quality controls in place? [List] 39. Bias testing completed? [Yes/No] 40. Data retention period: [Duration] **Related AI Act context:** Art. 10 data governance and quality requirements for high-risk systems. --- ## Section F — Human Oversight & Operations 41. Human oversight owner: [Role] 42. Human override mechanism available? [Yes/No] 43. Escalation path defined? [Yes/No] 44. Logging enabled? [Yes/No] 45. Event log retention period: [Duration] 46. Monitoring cadence: [Daily/Weekly/Monthly] 47. Incident response owner: [Role] 48. Serious incident threshold documented? [Yes/No] **Related AI Act context:** Art. 12 logging, Art. 14 human oversight, Art. 62 incident reporting. --- ## Section G — Transparency & Communication 49. User-facing AI notice required? [Yes/No] 50. Notice implemented? [Yes/No] 51. Content labeling required? [Yes/No] 52. Employee information obligations triggered? [Yes/No] 53. Customer challenge/appeal channel: [Email/portal/process] **Related AI Act context:** Art. 50-52 transparency obligations. --- ## Section H — Documentation & Conformity 54. Technical documentation status: [Not started/In progress/Complete] 55. Risk management file status: [Not started/In progress/Complete] 56. Post-market monitoring plan status: [Not started/In progress/Complete] 57. Conformity assessment required? [Yes/No] 58. Notified body involvement needed? [Yes/No] 59. EU database registration required? [Yes/No] 60. If required, EU database registration ID: [ID] **Related AI Act context:** Art. 11, Art. 17, Art. 43, Art. 49, Art. 60. --- ## Section I — Controls & Action Plan 61. Open compliance gaps: [List] 62. Risk severity per gap: [Low/Medium/High] 63. Owner per gap: [Name/Role] 64. Target completion dates: [Dates] 65. Dependencies (legal/security/product): [List] 66. Next governance review date: [YYYY-MM-DD] 67. Executive sign-off required? [Yes/No] 68. Sign-off status: [Pending/Approved] --- ## Quick Validation Checklist - [ ] Role is explicitly identified (provider/deployer/etc.) - [ ] Risk classification includes legal rationale - [ ] Prohibited practice screening is documented - [ ] Oversight and incident owners are assigned - [ ] Transparency obligations are assessed - [ ] Action plan has owners and deadlines --- ## Common Mistakes to Avoid 1. Treating one tool as one use case (multiple uses can mean multiple risk profiles). 2. Storing only technical details without legal rationale. 3. Missing ownership fields (no accountable person). 4. No timestamp/version history for auditability. 5. Assuming deployers have no obligations. --- ## Record Sign-Off - Prepared by: [Name, Role, Date] - Reviewed by: [Name, Role, Date] - Approved by: [Name, Role, Date]