Every AI governance program starts with the same problem: you cannot govern what you cannot see. Risk assessments, compliance documentation, oversight workflows, audit trails — none of it works if the underlying picture of what AI systems actually exist is incomplete or wrong.
That is what an AI inventory solves. It is a structured, maintained registry of every AI system in your organization: the ones IT approved, the ones procurement bought, the ones individual teams quietly started using, and the ones embedded in software you already pay for. Done properly, it becomes the anchor for everything else your governance program depends on.
This guide covers how to build one from scratch — what to capture, where to look, how to classify risk, and how to keep the inventory useful over time rather than letting it decay into a document no one trusts.
What is an AI inventory?
A centralized registry of every AI system in an organization — with ownership, purpose, risk tier, data sources, and compliance status documented in one place.
Why does governance need one?
The NIST AI RMF, EU AI Act, and ISO/IEC 42001 all require documented AI inventories as a foundational requirement before any risk classification or control can be applied.
What fields must it include?
At minimum: system name, purpose, business owner, risk tier, data sources, model/provider, deployment status, last review date, and links to approval records.
What is shadow AI?
AI tools employees or teams use without formal approval — often through browser extensions, SaaS subscriptions, or embedded features in existing software — outside any governance register.
How often should it be reviewed?
At minimum quarterly, with automated or process-triggered updates whenever a new AI system is procured or deployed.
Where to start if you have nothing?
Start with your top 10–20 highest-impact systems. A partial inventory that is accurate is more useful than a complete one that nobody maintains.
Why an AI Inventory Is Not Just a Compliance Exercise
The word “inventory” makes this sound like a bureaucratic task. And if it is done poorly — a spreadsheet somebody fills out once and never touches again — it stays bureaucratic. But when it actually works, an AI inventory is the difference between running a governance program and pretending to run one.
Here is the practical problem. When a CIO is asked how many AI tools their employees use, the typical answer is somewhere between 60 and 70. They have deployed a handful of enterprise platforms and approved a few dozen specialized tools. Then they turn on proper discovery monitoring. The real number is usually 200, sometimes 300, according to enterprise governance data published in early 2026. The reaction is always the same: surprise, then a grudging recognition that it makes sense.
That gap — between what leadership thinks is deployed and what is actually running — is where governance programs silently fail. Risk cannot be assessed for systems that are not in the register. Logging cannot be applied to tools that were never documented. Audit evidence cannot be produced for deployments that were never tracked. Every control that governance builds sits on top of the inventory. If the inventory is incomplete, the controls are incomplete too — they just look solid on paper.
The regulatory pressure makes this more urgent. The EU AI Act reached full enforcement for high-risk AI systems on August 2, 2026, with penalties scaling to €35 million or 7% of global annual turnover. The NIST AI Risk Management Framework (AI RMF) identifies the Map function — which requires a documented AI system inventory — as the starting point of the entire framework. ISO/IEC 42001, which has become the first certifiable international standard for AI management systems, includes AI asset identification as a foundational requirement. These are not soft suggestions. For organizations selling into EU markets or competing for US federal contracts, a missing or fictitious inventory creates direct regulatory exposure.
Key framing: A functioning AI governance program needs a complete inventory of all AI systems in the environment, risk classifications mapped to regulatory tiers, documented ownership with explicit decision accountability, and an audit trail connected to production systems — not just described in policy. That last part matters. The gap between documented policy and actual operations is where enforcement exposure lives.
The Scope Problem: What Counts as an AI System
Before building the inventory, the organization needs to agree on what goes in it. This sounds obvious, and it is routinely skipped — which causes the inventory to miss entire categories of AI deployment from the start.
A narrow definition — one that only covers machine learning models built internally — will miss most of what actually needs governance. The EU AI Act uses a deliberately broad definition of AI system. NIST AI RMF takes a similarly expansive view. For practical purposes, the inventory scope should include all of the following:
Internally built models — machine learning models, large language model deployments, classification systems, recommendation engines, forecasting models, and anything trained on organizational data.
Purchased or licensed AI products — third-party tools procured through formal channels, including specialized AI platforms, AI-powered analytics tools, and vendor products where AI is the primary function.
AI features embedded in existing software — this is the most commonly missed category. Major enterprise software vendors have integrated AI features into existing products at extraordinary speed in 2025 and 2026. A CRM platform that introduced predictive lead scoring, an HR system that added resume screening, a customer support tool that deployed automated response generation — these all arrived as feature updates to existing subscriptions, not as new procurements. They are AI systems. They process organizational data. They need to be in the inventory.
Robotic process automation with cognitive elements — rule-based automation that includes AI-driven decision nodes often falls outside both IT asset management and data science oversight. It needs explicit inclusion in scope.
Shadow AI — AI tools employees use without organizational approval. This is covered in its own section below, because it requires different discovery methods.
The scope definition should be documented and signed off at the governance level. Anyone who builds the inventory later will need to refer back to it when deciding whether a given system belongs in the register.
check about EU AI Act vs. NIST AI RMF vs. ISO/IEC 42001
Step 1: Discovery — Finding What You Actually Have
The discovery phase is where most organizations realize how incomplete their assumptions were. It is not comfortable, and that discomfort is useful information.
The starting approach is a structured survey across every business unit. Send a short form — not a long one — asking each team to identify AI tools in active use, systems under development, and anything that automates a decision. Keep it short enough that completing it takes under 20 minutes. A long survey gets ignored. A short one gets completed and escalated when something important surfaces.
Pair the survey with IT and procurement data. Pull every software subscription and SaaS contract from the past three years. Filter for any vendor that mentions AI, machine learning, automation, or analytics in their product description. Cross-reference against the survey responses. The gaps between these two lists — things in the contracts that do not appear in the survey, and things in the survey that do not appear in the contracts — are your first governance signals.
For organizations with sufficient technical infrastructure, network traffic analysis can surface AI tool usage that neither survey responses nor procurement records capture. Browser-based AI tools accessed through employee accounts, API calls to external model providers, and AI-powered browser extensions all leave traces. This is not about surveillance — it is about building an accurate picture. In practice, there is always something here that surprises the governance team.
Step 1
Run a structured business unit survey
Short, standardized form. Ask each team lead: what AI tools is your team using, what is each one doing, and who approved it? Assign a two-week deadline. Escalate non-responses to department heads, not IT.
Step 2
Pull procurement and contract records
Every SaaS contract, software license, and vendor agreement from the past 36 months. Flag every vendor that mentions AI, ML, automation, or intelligent processing. This surfaces AI embedded in tools teams do not think of as “AI.”
Step 3
Review internal development repositories
Data science notebooks, machine learning pipelines, and analytics dashboards often get promoted from proof-of-concept to production without going through formal release management. Engineering and data leadership need to walk these environments explicitly.
Step 4
Scan for shadow AI through network and browser monitoring
AI tools accessed through employee browsers — AI writing tools, meeting transcription, AI-powered communication tools — leave network and authentication traces. Surface-level monitoring can identify tool usage without detailed content visibility.
Step 5
Consolidate, deduplicate, and do a gap review
Combine all four sources into a single list. Flag duplicates (the same tool appearing in multiple business units). Identify systems that appear in procurement but not surveys, or vice versa — those gaps are almost always worth investigating before the inventory is finalized.
The Shadow AI Problem: What Your Governance Register Is Missing
Shadow AI deserves its own section because it is both the largest gap in most inventories and the hardest one to close through traditional IT governance methods.
The scale of it is harder to catch than shadow IT ever was. With shadow IT, an employee using Dropbox instead of SharePoint still shows up in network traffic in ways that were relatively easy to identify. Shadow AI tools often live in browser tabs on personal or work devices, look exactly like normal web browsing, and are accessed through accounts that are entirely outside IT’s visibility — personal email addresses, credit cards, and individual sign-ups.
Organizations with high levels of shadow AI suffered an extra $670,000 in average breach costs compared to those with proper AI oversight, according to 2026 governance analysis. More directly, 20% of organizations suffered a breach specifically tied to security incidents involving shadow AI. In regulated industries, the compliance exposure is even more concrete: an employee at a healthcare organization pasting patient notes into an unapproved AI tool has created a HIPAA violation regardless of their intent. GDPR requires clear documentation of how personal data is processed — undocumented AI tool usage makes that documentation impossible.
Common shadow AI categories to look for
- AI writing and content tools accessed via individual accounts (not enterprise license)
- AI meeting transcription and summary services (often embedded in video call platforms)
- Browser extensions with AI functionality — grammar, summarization, translation, search
- Consumer ChatGPT or Claude accounts used for business work outside enterprise agreements
- AI-powered research, competitive intelligence, or market analysis tools on individual subscriptions
- Embedded AI features in communication tools (Slack AI, email AI features, collaboration platforms)
- AI coding assistants on individual developer licenses, outside enterprise agreements
- Automated decision scripts or analytics models built by individual analysts outside data science teams
The governance response to shadow AI is not blanket prohibition — that rarely works and often backfires. The better approach is making the official path easier than the unofficial one. If the enterprise-approved AI tools are harder to access, less capable, or more restrictive than what someone can set up in five minutes on a personal account, employees will use the personal account. Governance programs that close the shadow AI gap do so primarily by providing better sanctioned alternatives and creating a lightweight registration process that is easier to use than it is to work around.
What to Capture: The Core Registry Fields
The inventory needs to be comprehensive enough to support risk assessment, compliance reporting, and audit responses. It also needs to be practical enough that people actually maintain it. Capturing too little renders it useless for governance. Capturing too much creates a maintenance burden that causes it to decay.
The following field structure is drawn from the minimum requirements identified in the NIST AI RMF Playbook, EU AI Act Article requirements, ISO/IEC 42001, and practical governance programs currently operating at enterprise scale in 2026. Fields are marked as Must Have (required for regulatory compliance and audit readiness), Should Have (important for mature programs), and Nice to Have (valuable once the foundation is stable).
| Field | What to capture | Priority |
|---|---|---|
| System name | Official name used internally, with any vendor name noted separately | Must |
| Purpose / function | What the system does in plain language — not technical specs, but what decision or task it supports | Must |
| Business owner | Named individual (not a team or department) who is accountable for the system’s business outcomes | Must |
| Technical owner | Named individual responsible for the system’s technical operation and maintenance | Must |
| Risk tier | Classification level — Critical, High, Medium, or Low — with the rationale documented | Must |
| Data sources | What data the system processes, including any personal data, sensitive data, or regulated data categories | Must |
| Model / provider details | Underlying model type, vendor, version where applicable, and whether it is internally built or third-party | Must |
| Deployment status | Live in production / In development / Deprecated / Under review | Must |
| Deployment environment | Where the system runs — cloud provider, on-premises, third-party SaaS, hybrid | Must |
| Last review date | When the inventory entry was last verified as accurate | Must |
| Next recertification | Scheduled date for the next formal review — should align with risk tier (higher risk = more frequent review) | Must |
| Affected populations | Who is impacted by the system’s outputs — employees, customers, external third parties | Should |
| Human oversight mechanism | Whether the system’s decisions are reviewed by a human before action, and what that process looks like | Should |
| Logging / monitoring status | Whether outputs are logged, what is captured, and how long logs are retained | Should |
| Regulatory mapping | Which frameworks apply — EU AI Act risk category, NIST alignment tier, GDPR relevance, sector-specific regulation | Should |
| Approval history | Links to approval records, risk assessments completed, and any waivers granted | Should |
| Known limitations | Documented failure modes, bias risks, accuracy gaps, or use-case restrictions | Nice |
| Third-party dependencies | External APIs, data providers, or foundation model providers the system relies on | Nice |
| Incident history | Any past incidents, near-misses, or audit findings related to this system | Nice |
Common mistake: Assigning a team or department as the “owner” rather than a named individual. When an audit question or incident response requires a decision, “the data science team” cannot be accountable. A person can. If a system genuinely does not have a single named owner, that is a governance gap worth surfacing — not papering over with a team name in the registry.
Risk Classification: How to Tier Your AI Systems
Once systems are documented, they need to be classified by risk. Risk classification determines the level of oversight applied — how often a system is reviewed, whether human oversight is required, what monitoring is in place, and which regulatory frameworks govern it. Applying the same oversight to a low-risk internal analytics dashboard as to a high-stakes hiring algorithm wastes resources and creates bottlenecks. Applying the same light-touch oversight to both in the other direction creates real exposure.
A four-tier framework that maps to regulatory requirements and practical governance capacity looks like this:
Critical
Systems making or directly influencing consequential decisions about individuals: hiring, credit, healthcare diagnosis, legal outcomes, benefits eligibility. Full EU AI Act high-risk requirements apply. Quarterly review minimum. Human oversight required before action.
High
Customer-facing systems, fraud detection, significant process automation, systems processing large volumes of personal data. Semi-annual formal review. Monitoring and logging required. Human escalation path documented.
Medium
Internal analytics, content generation tools under editorial oversight, recommendation systems with human review layer. Annual review. Basic logging. Lightweight oversight documentation.
Low
Administrative automation, internal productivity tools, non-consequential classification tasks. Biennial review. Basic registration sufficient. No special oversight required beyond standard IT security controls.
Risk tier assignment should be documented with a rationale, not just a label. “This system is High risk because it processes employee performance data and influences compensation decisions” is a defensible classification. “High” with no explanation is not, because it cannot be challenged, corrected, or consistently applied by different teams making independent classification decisions.
The classification process also surfaces disagreements that are worth having. Technical owners sometimes classify systems lower than business owners, because they focus on technical accuracy while business owners consider the organizational consequence of an error. Legal and compliance teams often disagree with both. Running the classification as a cross-functional conversation rather than a solo task leads to more accurate tiers and distributes governance knowledge across teams at the same time.
“Risk-based governance is the only scalable approach. Not every model needs the same oversight, but every model needs the right oversight.” — StackAI AI Governance Guide, February 2026
Ownership: Why Cross-Functional Works and Siloed Doesn’t
One of the most consistent failure modes in AI inventory programs is ownership sitting entirely in one function. IT-owned inventories systematically under-capture business-side AI adoption. Compliance-owned inventories end up with technical details that are sparse or wrong. Data science-owned inventories miss the embedded AI features in SaaS tools that never crossed a technical review.
The inventory needs cross-functional ownership, which in practice means defining explicit roles with clear responsibilities rather than having everyone nominally responsible (which means no one is actually responsible).
A governance committee with executive sponsorship and representation from security, legal, compliance, risk, data/ML engineering, product, and key business units creates the right decision-making structure. Executive sponsorship is not optional — without it, the inventory effort stalls when the first business unit pushes back on registering their tools. The executive sponsor provides the organizational authority to make registration a requirement rather than a request.
The practical division of accountability that works well in organizations running mature programs is something like this: the central governance team owns the registry structure, classification standards, review cadence, and audit reporting. Business unit owners own the accuracy of their systems’ entries. Technical owners own the technical field completeness. Legal and compliance own the regulatory mapping. No one person or team owns everything, but every field in the registry has a clear owner who can be held accountable for its accuracy.
From direct observation in governance program buildouts: the most common breakdown is not that people refuse to document their systems — it is that the intake process is too burdensome relative to the perceived benefit. If registering a new AI system takes three hours and requires submitting documentation to four different teams before getting approved, teams will delay registration, deprioritize it, and eventually work around it. The intake form should take under 30 minutes for the initial fields. Full documentation can follow after registration, but the barrier to getting into the registry must be low.
Building the Intake Process: How New Systems Get Registered
Discovery gets the existing inventory populated. The intake process keeps it current as new systems are adopted. Without a functioning intake process, the inventory becomes accurate once and then progressively less accurate over time as new tools are deployed without registration.
The intake process should trigger registration at three points: when a new AI tool is procured, when an internal AI system moves to production, and when an existing software subscription adds AI features that change its risk profile. That last trigger is the one most organizations miss. The point at which a familiar SaaS tool becomes an AI system requiring governance documentation is rarely marked with a formal procurement event — it arrives as a product update notification.
Practical setup: Create a simple web form — linked from the IT procurement portal, the software approval process, and the data science team’s internal documentation. The form captures the minimum required fields: system name, purpose, business owner, technical owner, and an initial risk tier assessment. The governance team reviews the submission, assigns a registry ID, and schedules a full documentation review within 30 days. Registration happens in under 30 minutes. Full documentation follows on a structured timeline based on the risk tier.
Mandate registration before go-live for all new AI initiatives. This is the most effective governance control available, because it catches systems at the point where it is cheapest to apply governance requirements — before they are embedded in production workflows and before teams have built dependencies around them. A system that is never registered before deployment becomes a system that is eventually discovered in an audit and is now far harder and more expensive to bring into compliance.
Keeping the Inventory Alive: Review Cadence and Decay Prevention
The hardest part of an AI inventory is not building it. It is keeping it accurate over time. Inventories decay. Systems get updated, retired, or significantly changed without the registry entry being updated. Vendors change their underlying models. Business contexts shift. An entry that was accurate six months ago may be materially wrong today — and a materially wrong entry is worse than no entry in some cases, because it gives a false sense of governance coverage.
A quarterly formal review cadence is the minimum for mature programs. Each review should assess three things: completeness (have new systems been added since the last cycle?), accuracy (are the details for existing systems still correct?), and compliance posture (are any systems operating outside their approved risk parameters?).
The review does not need to revisit every system with equal depth every quarter. Risk-tiered review cadences make this tractable at scale. Critical systems get reviewed every quarter. High systems every six months. Medium systems annually. Low systems every two years, with a trigger-based review if their use-case or data inputs change significantly. This concentrates governance effort where the stakes are highest without creating a quarterly burden that burns out the governance team on low-risk administrative tools.
The metrics that indicate whether the inventory is staying accurate are worth tracking formally. Unauthorized AI tool usage rate — the percentage of AI usage that falls outside governance coverage — is the leading indicator. An industry benchmark from 2026 governance programs suggests 3–4% as a reasonable target for unsanctioned tool usage. Organizations significantly above that benchmark have a discovery or intake process problem. New tool discovery rate — how frequently previously unknown AI tools appear in monitoring — tells you whether the intake process is working or whether teams are consistently bypassing it.
A pattern worth knowing: The decay problem accelerates in periods of rapid AI adoption, which describes 2025–2026 for most organizations. When new AI capabilities are releasing monthly and employees are experimenting at a pace that outstrips governance review cycles, the inventory can fall behind not because teams are hiding things but because the governance process simply cannot keep up with the rate of change. The answer is not more process — it is a simpler, faster intake workflow combined with automated discovery scanning that surfaces new tools without waiting for self-reporting.
Connecting the Inventory to Governance Workflows
An AI inventory that exists in isolation from the rest of the governance program is a documentation exercise. Its value comes from being connected to the workflows that depend on it.
The risk assessment process draws from the inventory to identify which systems require a full impact assessment, which regulatory frameworks apply to each, and which systems need external review before deployment. Without an accurate inventory as the input, risk assessments are conducted on whatever systems come to the governance team’s attention — which is not the same as the systems that most need assessment.
Audit readiness is where the inventory earns its keep most visibly. When a regulator or internal auditor asks “what AI systems do you have, who owns them, and what controls are in place?” — the answer should be a report generated from the registry in under an hour, not a multi-week excavation across IT, legal, procurement, and business unit records. Organizations that have experienced AI-related regulatory inquiries without a functional inventory describe the experience as consuming months of staff time and producing documentation that is still incomplete by the end of it.
The incident response process also depends on the inventory. When an AI system produces an unexpected output — a biased recommendation, a factual error in a client-facing output, a security incident — the inventory tells the response team immediately who owns the system, what data it processes, what its approved use case is, and what oversight mechanisms are supposed to be in place. That information determines whether the incident is contained within one system or whether it implies a broader problem across similar systems in the environment.
ISO/IEC 42001 is the governance backbone that connects all of these workflows. Anthropic received ISO/IEC 42001 certification in January 2025, making the implementation approach publicly visible for organizations trying to understand what a certifiable AI management system looks like in practice. The standard requires that AI asset identification — which is what the inventory provides — sits at the foundation of the management system, feeding into risk assessment, policy implementation, and continuous improvement. The inventory is not separate from compliance. It is the foundation compliance is built on.
Tooling: Spreadsheet vs. Dedicated Platform
The honest answer is that a well-structured spreadsheet is a reasonable starting point and a poor long-term solution. Most organizations begin with a spreadsheet because the tooling decision is secondary to actually getting systems documented. Starting with a spreadsheet and building the habit of registration is better than waiting to select the perfect platform before collecting any data.
The spreadsheet breaks down at scale for predictable reasons. It does not have workflow integration — there is no automated trigger when a new procurement is approved or a model version changes. It does not have audit trails for changes to the registry itself. It does not generate compliance reports. It does not connect to the risk assessment and monitoring workflows that mature governance programs require. And it decays faster than a database-backed system because there is no access control or validation preventing fields from being overwritten incorrectly.
Dedicated AI governance platforms — including Credo AI (recognized in Gartner’s Market Guide for AI Governance Platforms in 2025), Microsoft Purview with Azure AI Foundry, OneTrust, and purpose-built agent inventory platforms — provide automated discovery, centralized registries, compliance framework mapping, and audit-ready reporting. The evaluation criteria that matter most for platform selection: coverage of all AI types in the environment, integration with existing security and compliance tools, regulatory alignment with applicable frameworks, and scalability as the AI inventory grows.
The most practical approach for organizations that are currently running spreadsheets: migrate to a structured database format first — even a well-configured Airtable or SharePoint list with field validation — before investing in a dedicated platform. This builds the discipline of structured data entry and makes the eventual platform migration much cleaner, because the data is already in a format that can be exported and imported rather than requiring manual reconstruction from free-text spreadsheet cells.
Pre-Publication Checklist: Is Your Inventory Actually Working?
AI inventory readiness check
Scope documented and agreed: Organization has a written definition of what constitutes an AI system for inventory purposes, signed off by governance leadership.
All four discovery methods completed: Business unit survey, procurement and contract review, internal development repository audit, and shadow AI scanning — all conducted, not just one or two.
Named owners assigned: Every system in the registry has a named business owner and a named technical owner — not a team or department, a person.
Risk tiers documented with rationale: Every system has a classification — Critical, High, Medium, or Low — with a written rationale, not just the label.
Intake process operational: There is a functioning lightweight intake form. New AI systems are required to register before going live.
Review cadence scheduled: Quarterly reviews are on the governance calendar. Risk-tiered recertification dates are set for every system in the registry.
Inventory connected to audit workflows: The registry can generate an audit-ready report in under one hour — not a multi-week manual assembly.
Shadow AI rate tracked: The organization is monitoring what percentage of AI usage falls outside governance coverage, with a target threshold defined.
Regulatory mapping completed: High and Critical tier systems have been mapped to applicable frameworks — EU AI Act category, NIST AI RMF tier, sector-specific regulations.
Frequently Asked Questions
What is the difference between an AI inventory and an AI risk register?
They are related but distinct. The AI inventory catalogs what systems exist — it answers “what AI do we have and who owns it?” The risk register documents specific risks associated with those systems — it answers “what could go wrong and how are we mitigating it?” The inventory is the input that makes the risk register possible. You cannot have a meaningful risk register without first knowing what systems you are assessing.
Does the EU AI Act require an AI inventory?
The EU AI Act requires that high-risk AI systems have technical documentation, conformity assessments, and human oversight mechanisms in place before deployment. These requirements effectively require knowing what systems you have and how they are classified — which is precisely what an AI inventory enables. Without an inventory, organizations cannot identify which of their systems are high-risk under the Act’s definitions, making compliance practically impossible. Full enforcement for high-risk systems began August 2, 2026.
How long does it take to build an AI inventory from scratch?
A focused effort with cross-functional cooperation typically takes four to six weeks for the initial discovery and documentation phase. A foundational AI governance program — covering assessment, planning, policy development, and initial controls — takes four to six months in total. The inventory is the first deliverable, not the final one. Starting with a partial but accurate inventory for your highest-risk systems is better than waiting until the full inventory is complete before publishing anything.
What is the NIST AI RMF Map function, and how does the inventory relate to it?
The NIST AI Risk Management Framework is organized into four functions: Govern, Map, Measure, and Manage. The Map function is where organizations establish the context for their AI systems — identifying what exists, how it is used, who it affects, and what risks and benefits it presents. The AI inventory is the structured output of the Map function. Without completing Map, the Measure function (assessing risks) and the Manage function (responding to risks) cannot be executed systematically. The inventory is not a preparatory step before using NIST AI RMF — it is embedded in the framework as a required output.
How do you handle AI systems that vendors have embedded in existing SaaS products?
These need to be in the inventory even though they did not arrive through a formal AI procurement process. The most practical approach is to review your existing software contracts and vendor documentation for any AI features — particularly features that influence decisions, process personal data, or automate responses to customers or employees. Treat these the same as any other AI system in the registry: document what they do, classify their risk, identify the business owner (typically the team that manages that SaaS relationship), and set a review date.
What is a model card, and does every system in the inventory need one?
A model card is a standardized documentation format for an AI model that captures intended use, performance characteristics, training data provenance, known limitations, and ethical considerations. It was originally proposed by Google researchers and has been adopted across the industry as a transparency standard. NIST AI RMF references model card-equivalent documentation as a governance artifact. Not every system in the inventory requires a full model card — low-risk systems typically do not. High and Critical tier systems should have model cards or equivalent documentation. The inventory entry itself does not replace a model card; the card provides deeper technical documentation that the inventory entry links to.
Where to Start If You Have Nothing
The most common reason organizations do not have an AI inventory is not that they decided against having one. It is that the task feels overwhelming when you look at the full scope of it. The answer to that feeling is the same principle that applies to most governance work: a partial inventory that is accurate and maintained is more useful than a complete inventory that nobody updates.
Start with your ten to twenty highest-impact systems. These are likely already known — the customer-facing AI features, the automated decision systems in HR or finance, the AI tools the data science team built and deployed to production. Document those first with the minimum required fields. Get named owners on every one of them. Assign risk tiers with documented rationale. Set review dates.
That gives you a functional starting point within two to four weeks. It also demonstrates to leadership, to auditors, and to the rest of the organization that the inventory is real, maintained, and connected to governance decisions — not a document that was completed once and is now slowly becoming inaccurate in a shared folder somewhere.
The broader discovery, shadow AI assessment, embedded SaaS AI review, and full registry build-out can follow in structured phases. Most governance frameworks suggest a four-to-six week initial foundation phase, followed by one to three months of operationalization, followed by continuous improvement as a permanent program. The critical thing is starting — because the first thing every subsequent governance activity will need is an inventory, and building it later is always harder and more expensive than building it now.
