Zum Hauptinhalt springen
← Back to templates

AI System Register Template

Comprehensive register template aligned with EU AI Act registration and traceability expectations.

Category: Inventory • Risk level: Minimal

AI System Register (EU AI Act-Aligned)

Purpose: This register helps providers and deployers maintain structured records of AI systems used or placed on the market.
Legal references: Art. 6, Art. 9-15, Art. 17, Art. 26, Art. 49, Art. 60, Annex III, Annex VIII (EU AI Act 2024/1689).

Section A — Record Control

  1. Register entry ID: [REG-YYYY-###]
  2. Date created: [YYYY-MM-DD]
  3. Last updated: [YYYY-MM-DD]
  4. Record owner (name/role): [Name]
  5. Business unit: [Unit]
  6. Review frequency: [Monthly/Quarterly]
  7. Version history link: [URL or folder path]

Why this matters: Traceability and accountability are foundational across AI Act obligations.

Section B — System Identification

  1. AI system name: [Name]
  2. Internal code name: [Code]
  3. Model/system version: [vX.Y]
  4. Deployment status: [Design/Pilot/Production/Retired]
  5. Intended purpose: [Short statement]
  6. Primary use case: [Use case]
  7. Secondary use cases: [List]
  8. Geographic scope: [EU member states / global]
  9. User groups affected: [Customers/Employees/Candidates/etc.]

Example:
- AI system name: "TalentRank Assist"
- Intended purpose: "Support recruiter shortlisting for junior analyst roles"
- Status: "Production"

Section C — Role & Market Placement

  1. Role in this system: [Provider/Deployer/Importer/Distributor/Authorized Representative]
  2. If provider: legal entity name and EORI/VAT: [Details]
  3. If deployer: legal entity and responsible manager: [Details]
  4. Placed on market date (if applicable): [YYYY-MM-DD]
  5. Placed in service date: [YYYY-MM-DD]
  6. Trademark/branding owner: [Entity]
  7. Substantial modification performed? [Yes/No]
  8. If yes, modification summary: [Description]

Why this matters: Obligations differ heavily by role (not just by technology type).

Section D — Risk Classification

  1. Initial risk classification: [Minimal/Limited/High/Unacceptable candidate]
  2. Classification rationale: [Reasoning]
  3. Annex III category (if high-risk): [Category + point]
  4. Prohibited practice screening completed? [Yes/No]
  5. Prohibited practice result (Art. 5): [No hit / escalated]
  6. Date of latest classification review: [YYYY-MM-DD]
  7. Reviewer name/role: [Name]

Guidance note: Record both the category and the legal trigger, not just a color label.

Section E — Data & Inputs

  1. Input data types: [Text/Image/Biometric/Behavioral/etc.]
  2. Personal data involved? [Yes/No]
  3. Special category data involved? [Yes/No]
  4. Data source(s): [Internal/Vendor/Public]
  5. Training data provenance documented? [Yes/No/N/A]
  6. Validation/testing datasets documented? [Yes/No/N/A]
  7. Data quality controls in place? [List]
  8. Bias testing completed? [Yes/No]
  9. Data retention period: [Duration]

Related AI Act context: Art. 10 data governance and quality requirements for high-risk systems.

Section F — Human Oversight & Operations

  1. Human oversight owner: [Role]
  2. Human override mechanism available? [Yes/No]
  3. Escalation path defined? [Yes/No]
  4. Logging enabled? [Yes/No]
  5. Event log retention period: [Duration]
  6. Monitoring cadence: [Daily/Weekly/Monthly]
  7. Incident response owner: [Role]
  8. Serious incident threshold documented? [Yes/No]

Related AI Act context: Art. 12 logging, Art. 14 human oversight, Art. 62 incident reporting.

Section G — Transparency & Communication

  1. User-facing AI notice required? [Yes/No]
  2. Notice implemented? [Yes/No]
  3. Content labeling required? [Yes/No]
  4. Employee information obligations triggered? [Yes/No]
  5. Customer challenge/appeal channel: [Email/portal/process]

Related AI Act context: Art. 50-52 transparency obligations.

Section H — Documentation & Conformity

  1. Technical documentation status: [Not started/In progress/Complete]
  2. Risk management file status: [Not started/In progress/Complete]
  3. Post-market monitoring plan status: [Not started/In progress/Complete]
  4. Conformity assessment required? [Yes/No]
  5. Notified body involvement needed? [Yes/No]
  6. EU database registration required? [Yes/No]
  7. If required, EU database registration ID: [ID]

Related AI Act context: Art. 11, Art. 17, Art. 43, Art. 49, Art. 60.

Section I — Controls & Action Plan

  1. Open compliance gaps: [List]
  2. Risk severity per gap: [Low/Medium/High]
  3. Owner per gap: [Name/Role]
  4. Target completion dates: [Dates]
  5. Dependencies (legal/security/product): [List]
  6. Next governance review date: [YYYY-MM-DD]
  7. Executive sign-off required? [Yes/No]
  8. Sign-off status: [Pending/Approved]

Quick Validation Checklist

  • [ ] Role is explicitly identified (provider/deployer/etc.)
  • [ ] Risk classification includes legal rationale
  • [ ] Prohibited practice screening is documented
  • [ ] Oversight and incident owners are assigned
  • [ ] Transparency obligations are assessed
  • [ ] Action plan has owners and deadlines

Common Mistakes to Avoid

  1. Treating one tool as one use case (multiple uses can mean multiple risk profiles).
  2. Storing only technical details without legal rationale.
  3. Missing ownership fields (no accountable person).
  4. No timestamp/version history for auditability.
  5. Assuming deployers have no obligations.

Record Sign-Off

  • Prepared by: [Name, Role, Date]
  • Reviewed by: [Name, Role, Date]
  • Approved by: [Name, Role, Date]
Download Markdown AI Fill — Pro Plan

Related resources

Risk quiz Glossary Blog