v2.4.0 | Report Errata
docs resources docs resources

Governance Readiness All ten governance and technical roles appointed: AI Governance Lead with sufficient authority, AI System Assessor(s) with independence from development, Technical SME, Technical Owner, Business Owner, Conformity Assessment Coordinator, Legal and Regulatory Advisor, DPO Liaison, Internal Audit Assurance Lead, and Classification Reviewer with independence from the Assessor. Roles documented and communicated. Multi-role assignments justified and approved. Key outputs

  • Ten roles appointed and documented
  • Independence requirements satisfied
  • Communication to organisation completed

Classification Readiness Complete inventory of AI systems in the organisation’s portfolio. Classification Decision Record produced for each system. Risk tier determination reviewed and approved by the AI Governance Lead. Systems requiring no AISDP (minimal risk) documented with rationale. Systems requiring AISDP prioritised for preparation. Key outputs

  • Complete AI system inventory
  • Per-system CDR produced and approved
  • Portfolio prioritisation for AISDP preparation

Infrastructure Readiness Version control system operational for code, data, and model artefacts. Model registry deployed and integrated with CI/CD pipeline. CI/CD pipeline includes model validation gates (performance, fairness, robustness). Monitoring infrastructure capable of collecting and analysing production data. Document management system with version control and access controls. Each missing item represents a workstream the AI Governance Lead initiates in parallel with AISDP preparation. Key outputs

  • Five infrastructure prerequisites assessed
  • Missing items trigger parallel workstreams
  • Foundation for automated evidence generation

Process Readiness Data governance framework documented (quality standards, lineage tracking, bias assessment methodology). Development methodology documented (coding standards, testing requirements, review processes). Incident response plan drafted with roles assigned. PMM plan drafted with metrics, thresholds, and escalation procedures. End-of-life process defined with responsibilities assigned for post-decommission obligations. Key outputs

  • Five process prerequisites assessed
  • End-of-life process included in readiness
  • Missing items trigger parallel workstreams

Knowledge Readiness Key personnel have received AI Act training appropriate to their roles. The engineering team understands the compliance implications of their work. The legal team understands the technical architecture and its compliance dimensions. Cross-functional literacy ensures that governance gates function as designed. Key outputs

  • Role-appropriate AI Act training completed
  • Cross-functional understanding established
  • Foundation for effective governance gates
On This Page