§ Free tool·AI system inventory & use-case register

Stand up your AI inventory in minutes.

Enter each AI system once and download a ready-to-use register — CSV for your tracker, Markdown for your governance doc — with the EU AI Act fields that actually matter: provider vs deployer role, risk tier, data sensitivity, owner, and review cadence.

Starts with one worked example so you can see the shape before you clear it and add your own. It is a starting point, not a certification.

This runs entirely in your browser. Nothing you type is sent to a server.
§ 01 — Build your register·add a row per system

Your AI systems

Each system is one row. Owner is a role or team, never a person. Not sure of a risk tier? Use the EU AI Act Risk Classifier first, then enter the result here.

§ 02 — Live preview·updates as you type

Your inventory, as it will export

This is exactly what lands in the CSV and Markdown files below.

Both files open with the disclaimer and provenance header. Generation and download happen in your browser — no network request fires.

§ 03 — Why each field matters·field → regulation tie

Field-to-regulation legend

Show how each column maps to AI governance obligations
System name
The asset of record. An inventory you can name and locate is the precondition for every downstream control — you cannot govern what you have not catalogued.
Purpose / use case
Context of use drives the risk tier. The same model is minimal-risk in one use and high-risk in another, so the use case is the unit of governance, not the model.
Provider vs deployer
The EU AI Act assigns different obligations to providers (who develop/place a system on the market) and deployers (who use one). Recording the role decides which duties apply to you.
Data used + PII flag
Special-category / personal data raises both GDPR and AI Act data-governance expectations. Flagging it early routes the system to the right DPIA and data-quality controls.
Risk category
The EU AI Act tiers systems (prohibited / high / limited / minimal). High-risk uses are enumerated in Annex III and carry the heaviest obligations; this field is your triage signal.
Owner (role/team)
Accountability must attach to a role, not a named individual, so it survives staff turnover. An unowned AI system is an unmanaged risk.
Lifecycle stage
Obligations scale with deployment. A planned system needs design-stage review; a production system needs live monitoring and incident handling.
Last / next review date
AI governance is continuous, not one-and-done. Recording review dates makes the ongoing-monitoring obligation auditable and surfaces overdue systems.

Field-to-regulation notes last reviewed: 2026-06-10. References reflect the EU AI Act framework as published; regulation status (including the 2 Aug 2026 deadline) is re-checked quarterly. This is guidance, not legal advice.

Last reviewed: 2026-06-10 · Initial release — repeatable-row inventory editor with live preview, CSV + Markdown export, and the EU AI Act field legend.

§ When you want it done for you·fixed-fee, senior-only

From a starter register to an auditor-ready program.

This tool gets your inventory started. When you need a defensible AI governance program — risk classification, control mapping, and the evidence an auditor will ask for — a principal scopes a fixed-fee engagement in a 30-minute call.

Get an auditor-ready inventory built for you AI Security Assessment

More free tools: All AI Governance Tools  ·  EU AI Act Risk Classifier

§ What this is·and what it isn't

A template and starting point. Not certification.

DSE provides AI governance and compliance readiness consulting. We are not an accredited certification body and do not issue ISO/IEC 42001 certificates or certify EU AI Act or NIST AI RMF compliance. We cannot guarantee passing an audit or avoiding enforcement, and we do not provide legal advice. We work alongside your counsel.

The inventory this tool generates is a template and a starting point — readiness, not a warranty of an outcome we do not control. Review the output with your counsel before adopting it.