Risk-Management Register and Controls Map
A risk register and control map structured per Article 9 of the EU AI Act, with risk IDs, owner-ready next steps, and a controls inventory.
When this sample fits
Send when a prospect asks "what does an AI risk register actually look like" or has been asked for one by an enterprise buyer.
Sprint Agreement reference
Risk-management register and controls map (Sprint Agreement §4.2 — Documentation Sprint).
The full deliverable is produced in a paid GeraCompliance fixed-scope sprint. See the £2,500–£10,000 sprint catalogue for scope and pricing.
Browse the rest of the pack
- Annex IV Technical Documentation SkeletonA 9-section skeleton matching Annex IV of the EU AI Act, populated with the structure a high-risk AI provider would actually file.
- EU AI Act Risk Classification MemoA worked classification memo placing one AI system into the EU AI Act risk tiers with the reasoning and evidence trail an SME compliance reviewer expects.
- Human Oversight and Transparency ChecklistA practical checklist covering the human-oversight (Article 14) and transparency (Article 13) duties for a high-risk AI system, with implementation notes.
- GDPR DPIA Starter PackA Data Protection Impact Assessment starter, including the lawful-basis analysis, ROPA stub, and proportionality reasoning a UK GDPR DPO would expect.
- Supplier Questionnaire Response PackPre-prepared answers to the AI-supplier questionnaire that EU enterprise buyers send with their procurement pack — written in the voice a buyer's vendor-risk team can paste into their decision file.
- 30-Day Compliance Action PlanA week-by-week 30-day action plan to take a UK SME from "we know we have AI exposure" to "we have the evidence pack for the next buyer review".
Or return to the full sample-pack catalogue.