Not sure where your AI use stands?
Run the free AI compliance checkup to get a practical readiness score, likely risk bucket, missing controls and next actions.
AI Risk Matrix
Score a use case by impact, likelihood, data sensitivity, external exposure and control maturity. Use the output to prioritise your AI inventory.
Example AI risk matrix
Use the matrix below as a simple governance conversation starter. Higher impact and higher likelihood should move the use case toward more formal review, more evidence and stronger human oversight.
Monitor
Review controls
Formal assessment
Escalate before launch
How to use the score
- Score every material AI use case in your AI inventory.
- Review high and critical bands first.
- Link each score to evidence: owner, data notes, vendor documents, testing, human oversight, monitoring and incident process.
- Re-score when the use case changes, expands to new users or starts using more sensitive data.
FAQ
Is a low score automatically compliant?
No. A low score only means the use case may be lower priority for governance review.
Should I use this instead of a formal risk assessment?
No. Use it to prioritise your inventory and decide which systems need deeper assessment.
How often should I rescore a use case?
At least during monthly governance review and whenever users, data, model, vendor or deployment scope changes.
Sources and review method
This page is written as general business guidance, not legal advice. It is maintained from official AI Act materials, European Commission / AI Office updates, the NIST AI Risk Management Framework and practical AI governance controls.