AI Risk Register: EU AI Act, ISO 42001, and GDPR Art. 22 — What SaaS Founders Need to Document
As AI features become standard in SaaS products, a new category of operational risk has emerged: AI-specific risks that don't fit neatly into traditional IT security frameworks. Prompt injection attacks, hallucinations causing material harm, algorithmic bias producing discriminatory outputs, model drift silently degrading accuracy — these are the risks your engineers know about but your compliance documentation probably doesn't cover.
The EU AI Act, ISO 42001, and GDPR Art. 22 each require documentation of AI risks. Enterprise customers are increasingly asking for AI risk registers as part of procurement due diligence. This guide covers what belongs in an AI risk register and how to build one that satisfies regulatory requirements and enterprise buyers.
Use the ComplyKit AI Risk Register Generator to create a tailored AI risk register with inherent risk scores and mitigation plans for your specific AI system.
Why you need an AI risk register
Three separate regulatory drivers are converging on the same requirement:
| Regulation/Standard | Requirement | Article/Clause |
|---|---|---|
| EU AI Act (high-risk systems) | Mandatory risk management system covering entire AI system lifecycle | Art. 9 |
| EU AI Act (all systems) | Document AI system purpose, risks, limitations for transparency obligations | Art. 13, Art. 50 |
| GDPR | DPIA required for high-risk processing including large-scale AI; document risks to data subject rights | Art. 35 |
| GDPR Art. 22 | Document automated decision-making safeguards, lawful basis, human review mechanism | Art. 22 |
| ISO 42001 | Risk assessment for AI management system; identify and treat AI-specific risks | Clause 6.1, 8.4 |
| SOC 2 (AI-enabled systems) | Auditors increasingly request AI risk documentation as part of CC3 (risk assessment) | CC3.2 |
EU AI Act risk classification: where does your system sit?
The first step in any AI risk register is classifying your system under the EU AI Act. This determines your compliance obligations:
| Risk Tier | Examples | Key Obligations | Timeline |
|---|---|---|---|
| Unacceptable (Art. 5) | Social scoring, real-time biometric surveillance, subliminal manipulation | Prohibited — cannot be placed on market | In force Feb 2025 |
| High-risk (Annex III) | HR/recruitment AI, credit scoring, biometric identification, healthcare diagnostics, education assessment | Risk management system (Art. 9), technical documentation (Annex IV), conformity assessment, EU AI Office registration, post-market monitoring | In force Aug 2026 |
| Limited risk (Art. 50) | Chatbots, deepfakes, emotion recognition, AI-generated content | Transparency disclosures to users | In force Aug 2026 |
| Minimal risk | General productivity AI, content recommendation, search | Voluntary code of conduct | No mandatory deadline |
| GPAI / Foundation models | LLMs, multimodal models (GPT-4, Claude, Gemini deployed as foundation) | Technical documentation (Annex XI/XII), copyright compliance, training data summary, systemic risk assessment if >10^25 FLOPs (Art. 51) | In force Aug 2025 |
Important: Most SaaS companies using AI features (chatbots, content generation, recommendations) sit in the limited risk or minimal risk tier. This means Art. 50 transparency obligations apply, but the full Art. 9 risk management system is not mandatory. However, an AI risk register is still best practice — and required by ISO 42001 and enterprise procurement.
The 12 AI risk categories to document
A comprehensive AI risk register should cover these categories:
1. Regulatory & legal risks
- EU AI Act Art. 50 non-compliance: Failing to disclose that users are interacting with an AI system (chatbots, AI-generated content). Applies from August 2026.
- GDPR Art. 22 violations: Making automated decisions with legal or similarly significant effects without lawful basis, safeguards, or right to human review. High enforcement risk.
- Prohibited practices (Art. 5): Even minimal-risk systems should verify they don't inadvertently implement prohibited techniques (subliminal manipulation, exploiting vulnerable groups).
2. Privacy & data risks
- Training data privacy: Was the training data lawfully collected? Does it contain personal data processed without adequate lawful basis?
- Special category data processing: AI systems frequently infer sensitive attributes (health, political views, ethnicity) from seemingly innocuous inputs. This triggers Art. 9 GDPR requirements.
- Inference attacks: Model inversion and membership inference attacks can extract training data from deployed models — a data breach risk.
3. Bias & fairness risks
- Discriminatory outputs: AI models can produce outputs that systematically disadvantage protected groups — even without explicit protected characteristics in the input. This creates GDPR, EU AI Act, and equality law exposure.
- Insufficient evaluation: Deploying without pre-deployment bias evaluation and ongoing monitoring is the highest-frequency mistake in AI governance.
4. Security risks
- Prompt injection: Malicious instructions embedded in user input override AI behaviour — the OWASP Top 10 for LLMs #1 risk. Can exfiltrate data, manipulate outputs, or cause the AI to take unauthorised actions.
- Adversarial attacks: Specially crafted inputs causing misclassification, evasion, or poisoning of model outputs.
5. Reliability risks
- Hallucinations: LLMs generate plausible-sounding false information. In medical, legal, financial, or safety contexts, this creates material harm risk and potential liability.
- Model drift: Performance degrades silently as real-world data distribution shifts from training distribution. Without monitoring, you won't know until users complain or an audit finds failures.
6. Third-party AI supply chain risks
- API dependency: Reliance on OpenAI, Anthropic, or other model providers creates availability risk (API outages), terms-of-service risk (policy changes restricting use cases), and data processing risk (what happens to prompts?).
- Sub-processor obligations: Under GDPR Art. 28, AI API providers processing personal data must be sub-processors with signed DPAs. Many SaaS companies miss this.
Risk scoring methodology
The standard approach is a 4-level likelihood × impact matrix:
| Likelihood | Low Impact | Medium Impact | High Impact | Critical Impact |
|---|---|---|---|---|
| Low | Very Low | Low | Medium | Medium |
| Medium | Low | Medium | High | High |
| High | Medium | High | High | Critical |
| Critical | Medium | High | Critical | Critical |
For each risk, document: inherent risk (before controls), controls/mitigations in place, and residual risk (after controls). Risks that remain High or Critical after mitigation require escalation to senior leadership and a documented decision to accept or further reduce.
Mitigation strategies for high-frequency AI risks
Prompt injection
- Input validation and sanitisation (strip instruction-injection patterns)
- Separate system prompt from user input at the API level
- Output filtering — LLM-as-judge pattern to detect unexpected output types
- Principle of least privilege for AI agents (restrict what actions they can take)
- Adversarial testing — red team your own prompts before deployment
Algorithmic bias
- Pre-deployment fairness evaluation: test disparate impact across protected characteristics (gender, race, age)
- Disaggregated performance metrics — not just overall accuracy, but accuracy by subgroup
- Ongoing bias monitoring dashboard with alerting
- Diverse test dataset representing full population
- Human oversight for high-stakes decisions (hiring, credit, healthcare)
Hallucinations
- Retrieval-augmented generation (RAG) to ground outputs in verified sources
- Confidence scoring and low-confidence output flagging
- Explicit uncertainty disclosure in UI ("AI responses may contain errors")
- Domain restrictions — constrain model to specific knowledge domains
- Human review requirement for high-stakes outputs (medical, legal, financial)
GDPR Art. 22: automated decision-making risk
Art. 22 applies when your AI makes decisions "based solely on automated processing" that produce "legal effects" or "similarly significant effects" on individuals. This is broader than it sounds:
- Credit scoring that determines loan approval: Art. 22 applies
- Resume screening that determines who gets an interview: Art. 22 applies
- Insurance pricing that determines your premium: Art. 22 applies
- Content recommendation that affects what news you see: probably NOT Art. 22
- Personalised pricing affecting purchase decision: contested, increasingly considered Art. 22
Where Art. 22 applies, you must: (1) have a lawful basis (consent, contract necessity, or EU/member state law), (2) implement suitable safeguards including right to human review and right to contest, (3) provide meaningful information about the logic (not necessarily full explainability — but enough to challenge).
ISO 42001 alignment
If you're pursuing or preparing for ISO 42001 (AI Management System) certification, your risk register maps to these clauses:
- Clause 4.1/4.2 (context): Understanding your AI system's purpose and interested parties' expectations
- Clause 6.1 (risks and opportunities): The risk register itself — identifying and assessing AI-specific risks
- Clause 6.2 (AI objectives): Measurable objectives linked to risk reduction (e.g. bias metrics, hallucination rate)
- Clause 8.4 (AI system impact assessment): Structured assessment of AI system impacts on individuals and society
- Clause 9.1 (monitoring): KPIs and monitoring programme — what you measure, how often, who reviews
- Clause 10.1 (improvement): How risk register findings drive model improvements and policy updates
Review triggers
Your AI risk register is a living document. Review it when:
- A new model version is deployed
- New training data is added
- A new use case or feature is launched
- A security incident involving the AI occurs
- A regulatory complaint or DSR related to the AI is received
- Significant regulatory guidance is published (EU AI Office, EDPB)
- At minimum: quarterly review
Related guides
- AI Privacy Impact Assessment (AI-PIA): GDPR Article 35 for AI Systems
- EU AI Act for SaaS Founders: What You Need to Know
- AI Governance for SaaS: Documentation and Compliance in 2026
Generate your AI Risk Register → /generate/ai-risk-register
⚠️ This guide is for informational purposes only and does not constitute legal advice. AI governance requirements depend on your specific system classification, jurisdiction, and applicable regulatory guidance. Engage qualified AI governance and privacy counsel.