AI Register Template: What to Include and How to Maintain It

The AI Register is the single most important document for EU AI Act compliance. It is also the one most SMBs do not have. It is the first thing a regulator, auditor, or buyer's compliance officer will ask for — and the absence of one is harder to explain than imperfect content.

Minimum columns

• System name — what your team calls it
• Vendor — the company that provides it
• Purpose — what you use it for, in plain language
• Data categories — what data it processes
• Legal basis — GDPR Article 6 ground
• Risk class — minimal, limited, high, or prohibited under EU AI Act
• Hosting region — EU, US, or unknown
• DPA signed — yes / no / check
• Trains on your data — yes / no
• Internal owner
• Last reviewed

Vendors to pre-populate

Most SMBs use a recurring set of 15-25 AI tools: ChatGPT, Microsoft 365 Copilot, Anthropic Claude, Google Gemini, Notion AI, Grammarly Business, DeepL Pro, GitHub Copilot, Cursor, Otter.ai, Fathom, Read.ai, Midjourney, DALL-E, ElevenLabs, Synthesia, HeyGen, HubSpot AI, Salesforce Einstein, Intercom Fin, Zendesk AI, Perplexity, Zapier AI, Make.com.

How to maintain it

• Quarterly review on the calendar. 30 minutes. Confirm every active row, add new tools, remove dead ones.
• Onboarding hook — when someone joins, give them the AUP and ask about AI tools they intend to bring.
• Procurement hook — any new SaaS purchase triggers a one-question check: does it use AI?

Done-for-you AI Register

Ready AI Act's Compliance Documentation Package (€499) includes a personalised AI Register tailored to your specific stack — 20+ vendors pre-populated, your risk classifications, your hosting regions, your internal owners. Delivered within 48 hours of intake, reviewed by qualified ICT/privacy counsel.