aicomply.
aicomply.
Home
Understand OverviewLearning ModulesGlobal RegulationsEU AI Act TextGlossaryFAQ
Assess Overview1. Register2. Classify3. Requirements4. Comply5. Monitor
Implement OverviewPoliciesStandardsControlsProceduresTemplates
Resources
GitHubGet Started
Step 1

AI System Inventory

Catalog all AI systems in your organization. Document what AI you develop, deploy, or distribute and classify your role for each system.

Interactive

Start Your Assessment Journey

Use our interactive wizard to walk through system identification, role determination, risk classification, and compliance scoring — all in one guided flow.

Inventory Checklist

Follow these steps to build a complete inventory of AI systems in your organization.

1

Identify all AI systems

List every AI system your organization develops, uses, imports, or distributes — including embedded AI in third-party products.

2

Determine your role per system

For each AI system, determine whether you are a Provider, Deployer, Importer, or Distributor. You may hold multiple roles.

3

Document system details

Record the system name, purpose, intended use, domain, vendor/developer, and deployment date for each AI system.

4

Map to business processes

Identify which business processes and teams rely on each AI system and who the internal owner is.

5

Classify risk level

Screen each system against prohibited practices (Article 5), high-risk criteria (Article 6, Annex III), and transparency obligations (Article 50).

6

Prioritize by risk

Focus compliance efforts on high-risk and prohibited-candidate systems first. Minimal-risk systems need no mandatory action.

Operator Roles Under the EU AI Act

Article 3

Your obligations depend on your role. You may hold different roles for different AI systems.

Provider

Article 3(3)

Develops or commissions an AI system and places it on the market or puts it into service under own name or trademark.

Key obligations:

Conformity assessment
CE marking
Technical documentation
Quality management system
Post-market monitoring

Deployer

Article 3(4)

Uses an AI system under its authority, except where used in a personal non-professional activity.

Key obligations:

Fundamental rights impact assessment
Human oversight implementation
Input data quality
Monitoring & logging
Inform workers

Importer

Article 3(6)

Places on the EU market an AI system that bears the name or trademark of a person established outside the EU.

Key obligations:

Verify conformity assessment done
Verify CE marking present
Verify documentation available
Storage & transport conditions
Cooperate with authorities

Distributor

Article 3(7)

Makes an AI system available on the EU market without being the provider or importer.

Key obligations:

Verify CE marking present
Check documentation
Storage & transport conditions
Withdraw non-compliant systems
Inform provider of issues

Practical Tips

Start with high-impact systems

Focus first on AI systems used in hiring, credit scoring, healthcare, law enforcement, or critical infrastructure — these are most likely to be high-risk under Annex III.

Don't forget embedded AI

AI may be embedded in third-party SaaS tools, CRM platforms, or enterprise software. Survey department heads to uncover AI usage you may not be aware of.

Use a spreadsheet template

Download our Excel inventory template to structure your catalog. It includes columns for all required fields and auto-calculates risk indicators.

View templates
Back to AssessmentNext: Start Assessment