πŸ€– AI Tools
Β· 3 min read

AI Risk Assessment Template for Developers β€” Quick and Practical

You need to assess the risk of your AI system before deploying it. This template takes 15 minutes and covers what regulators and auditors actually look for.

The template

Fill this out for each AI system you deploy:

1. System identification

FieldYour answer
System namee.g., Customer support chatbot
DescriptionWhat it does in one sentence
AI modele.g., Claude Sonnet 4.6 via API
Providere.g., Anthropic
Data processedWhat data does it see?
UsersInternal only? External customers?
Decision impactWhat happens based on its output?

2. Risk scoring

Score each factor 1-3:

Factor1 (Low)2 (Medium)3 (High)
Impact of wrong outputMinor inconvenienceFinancial lossPhysical/legal harm
Data sensitivityPublic dataInternal dataPII / regulated data
Autonomy levelHuman reviews all outputHuman reviews someFully autonomous
User vulnerabilityTechnical usersGeneral publicVulnerable groups
Scale<100 users100-10K users>10K users
ReversibilityEasy to undoDifficult to undoIrreversible

Total score: Add all six factors.

ScoreRisk levelAction needed
6-9LowBasic controls (logging, monitoring)
10-14MediumEnhanced controls (human review, testing, observability)
15-18HighFull controls (governance framework, legal review, EU AI Act compliance)

3. Controls checklist

Based on your risk level:

Low risk (all AI systems):

  • Logging of all AI interactions
  • Spending limits set
  • Provider has DPA (if processing personal data)
  • Team knows the system exists (AI inventory)

Medium risk (add these):

High risk (add these):

4. Sign-off

FieldValue
Assessed byName, role
DateYYYY-MM-DD
Risk levelLow / Medium / High
Approved byName, role (for medium/high)
Next reviewDate (quarterly recommended)

Examples

Example 1: AI coding assistant (internal)

  • Impact: Low (developer reviews code)
  • Data: Medium (source code)
  • Autonomy: Low (human reviews)
  • Users: Low (technical)
  • Scale: Low (<50 devs)
  • Reversibility: Low (git revert)
  • Score: 7 β†’ Low risk
  • Controls: Logging, spending limits, GDPR-compliant provider

Example 2: Customer support chatbot

  • Impact: Medium (wrong answers lose customers)
  • Data: High (customer PII)
  • Autonomy: High (responds without review)
  • Users: Medium (general public)
  • Scale: High (>10K users)
  • Reversibility: Medium (can correct but damage done)
  • Score: 15 β†’ High risk
  • Controls: Full governance, human escalation, bias testing, legal review

Keep it simple

This template is intentionally lightweight. A 15-minute assessment is infinitely better than no assessment. You can always add depth later as your AI usage matures.

See our AI governance guide for the full framework.

Related: AI Governance for Startups Β· EU AI Act for Developers Β· AI Security Checklist Β· LLM Observability

You might also like

AI Policy Template for Startups β€” Copy, Customize, Ship

A ready-to-use AI usage policy template for startups. Covers approved tools, data handling, code review, and compliance. Copy and customize for your team.

AI Compliance Automation β€” Stop Doing Governance Manually

Automate AI compliance checks: model inventory tracking, data flow auditing, policy enforcement, and EU AI Act reporting with scripts and tools.

AI Governance Framework for Startups β€” What You Actually Need (2026)

A practical AI governance framework for startups and small teams. Risk assessment, documentation, compliance, and how to avoid over-engineering it.

GDPR-Approved AI Models for Europe β€” Which Models Can You Actually Use? (2026)

Which AI models comply with GDPR and EU AI Act? Mistral (French), open-weight self-hosting, US vs Chinese models, data residency, and practical compliance guide for European companies.