v2.4.0 | Report Errata
docs getting-started docs getting-started

AISDP preparation requires clearly assigned roles with documented responsibilities. Ten roles are defined across this documentation, though smaller organisations may combine them provided responsibilities are explicitly allocated.

The AI Governance Lead holds ultimate accountability: reviewing and approving the AISDP, signing the Declaration of Conformity, managing competent authority relationships, and holding authority to compel remediation or halt deployment. The AI System Assessor handles discovery, classification, risk assessment, and AISDP compilation, combining regulatory and technical understanding. The Technical SME is the subject-matter expert for the system’s technical design, data, and operational behaviour, providing engineering evidence across architecture, model evaluation, data governance, and testing.

The Technical Owner (typically an engineering lead) ensures that design, implementation, and testing satisfy Articles 9 through 15. The Business Owner (product manager or business unit head) ensures that intended purpose, deployment context, and human oversight measures are correctly documented. The Conformity Assessment Coordinator manages the end-to-end certification workflow, non-conformity register, Declaration of Conformity preparation, and EU database registration.

The Legal and Regulatory Advisor reviews evidence for legal sufficiency and advises on novel or ambiguous requirements. The DPO Liaison confirms consistency between data governance documentation and GDPR obligations. The Internal Audit Assurance Lead provides independent verification that the certification process was followed correctly and that evidence is complete and authentic. The Classification Reviewer independently reviews the AI System Assessor’s risk tier determination for each system, providing a structural safeguard against classification bias; disagreements are escalated to the AI Governance Lead.

Organisational scale determines team composition. Small organisations (5 to 10 AI systems) may combine the Assessor and Conformity Assessment Coordinator roles, with legal, DPO, and audit support on a consultancy basis. Medium organisations (10 to 30 systems) field a dedicated governance team. Large enterprises (30+ systems) operate a full AI Compliance Office with domain-organised assessors and embedded legal and audit functions.

Key outputs

  • Role assignment register for each AI system
  • Documented responsibility matrix
On This Page