A 2023 survey by Microsoft and CrowdStrike found that 71% of UK knowledge workers said they had used generative AI at work. Of those users, 71% said their employer had given them no formal training on it. In a ten-person business, that’s around five or six people using AI tools you haven’t reviewed, with data you may not have thought carefully about, and no clear record of who would know if something went wrong. A simple risk register changes that picture quickly.
What is an AI risk register?
An AI risk register is a structured list of every AI tool or use case running in your business, recording the data it touches, who is responsible for each one, what could go wrong, what controls exist, and when you’ll next review it. The point is having a clear record that tells you what’s running, who owns each use case, and who would know if something went wrong.
A register is different from a policy. A policy sets the rules: what staff can use, what’s banned, and how outputs should be reviewed. A register records what’s actually happening, the exposure that comes with each use case, and the decision you’ve made about each one. Many owner-managed businesses find the register easier to begin with, because it starts with observation rather than rules. You list what’s already running, name an owner for each use case, and work through the risk. That sequence gives you the full picture before you write any rules around it.
The ICO’s AI and data protection guidance recommends tracking AI use that involves personal data and carrying out a Data Protection Impact Assessment where the risk to individuals is significant. A register is the foundation that makes either of those tasks practical rather than theoretical.
Why does this matter for an owner-managed business?
The ICO’s AI guidance creates accountability requirements for businesses of any size. The NCSC flags prompt injection, data leakage, hallucinations, and automation bias as practical operational risks. The FCA frames the underlying governance question plainly: can you explain what your AI is doing, who reviewed the outputs, and who is accountable if something goes wrong? A risk register is the practical structure for being able to answer.
The UK government’s Mitigating Hidden AI Risks toolkit adds concerns that sit alongside the technical ones: automation bias, deskilling, and the loss of clear accountability when AI-generated content is treated as authoritative without verification. These apply to small services firms just as directly as they apply to large organisations.
In 2023, UK court proceedings involving fabricated AI-generated citations prompted intervention from legal regulators. For professional services firms using AI to draft client-facing work, that is a concrete accountability failure with real professional consequences, not an edge case.
The ICO’s £7.5 million enforcement action against Advanced Computer Software Group in 2024, following a cyber incident affecting personal data, reinforces the point. Security governance failures carry serious regulatory consequences. A risk register is one of the tools that makes your governance visible and defensible if a regulator ever asks.
What goes in a simple AI risk register?
A proportionate register for a five-to-fifty person services firm needs twelve fields: the AI use case, a named process owner, the data involved, the business purpose, the risk written in plain English, likelihood and impact ratings, current controls, a residual risk rating, a review date, an escalation trigger, and a three-way decision: allow, restrict, or stop. A spreadsheet handles this comfortably.
The sequence matters as much as the columns. Start with the three to five AI tools or processes already running in the business. Name a person for each one, someone who knows why the tool is there, what it does, and who would notice if it went wrong. Then record the data involved and flag whether any personal data is used. That is the step where many owner-managed businesses discover a gap: the tool is in use, but nobody has checked whether client or staff data is included in prompts going to a public AI service.
Write the risk in plain English rather than in categories. “Staff are using a public chatbot to draft client reports and client data is included in prompts” is more useful than “AI failure risk.” List the controls already in place before adding new ones. Set a review date, quarterly is the right default for active AI use, and write a stop rule: the specific condition under which you would suspend or withdraw the use case.
ISO 31000, the international risk management standard, uses broadly this structure: risk description, owner, likelihood, impact, controls, and review date. The ICO’s AI risk toolkit and standard UK governance frameworks follow the same shape. You are applying a known format to your AI use.
When is a basic register enough, and when do you need more?
A lightweight register handles the common situation in an owner-managed business: a handful of AI tools, a mix of personal and non-personal data, and no highly regulated processes. Two situations warrant more than a register alone: you’re using AI to make decisions about individuals, or a vendor is handling client data without clear contractual terms about how it is used and stored.
Where AI tools are used only for low-risk internal tasks, such as summarising internal meeting notes or drafting team communications with no personal data involved, the register can be minimal. A short list with a named owner and a review date is proportionate.
If AI is used in client communications, screening, or any process that affects individuals, the register needs to trigger a Data Protection Impact Assessment. The ICO’s guidance is clear: significant automated processing that affects people requires structured impact assessment. The register triggers the process; it does not replace the assessment.
The EU AI Act adds a further consideration for any business selling into or handling data from the EU. Deployers of certain higher-risk systems, including those used for screening, ranking, or decision support, face documentation and human oversight requirements. A register that records vendor-managed AI use explicitly is the starting point for tracking those obligations.
What does an AI risk register connect to in your governance picture?
The register is one layer in a proportionate governance structure. It sits alongside your AI policy, which sets the rules for what’s allowed and who decides; your data classification framework, which tells staff which information can go into which tools; and your vendor due diligence process, which covers how you evaluate any AI supplier before signing. All three are lighter than many owners expect to build.
A data classification framework needn’t be complex. A four-tier scheme, public, internal, confidential, and restricted, covers the typical range of AI uses in an owner-managed business. The register uses that scheme to flag which rows involve data that should never go into a public AI tool.
Vendor due diligence runs before you add a new row to the register. A short checklist covering data handling, training data practices, UK and EU data residency, and exit terms is proportionate for a small firm. The CMA’s foundation model work highlights transparency and fairness in AI-enabled services as a consumer protection consideration. For any business using AI in client-facing recommendations, pricing, or lead handling, that is a practical lens to apply.
The register also makes your AI policy easier to maintain. When the policy says staff must log all AI use and review it quarterly, the register is what turns that sentence into a working discipline. A register connected to your policy, your classification scheme, and your vendor checklist is a governance structure. Any one of them alone is just a document.
If you want to think through where to start with your firm’s AI governance, or how to scope a proportionate register for your specific situation, a conversation is the quickest way to work out what actually applies to you. Book a conversation and we can take it from there.
