Is this the same as a formal impact assessment?
No. This is a first-pass internal review structure. Higher-risk, regulated, consequential, or contract-sensitive uses may need a more formal process and qualified review.
AI risk assessment
AI Risk Assessment Template for New Tools and Workflows
You need a lightweight way to decide whether an AI tool or workflow is low risk, needs guardrails, or needs deeper review.
A first-pass AI risk assessment should not try to answer every legal question. It should surface the right facts: what the system does, what data it uses, who is affected, where humans review the output, and what could go wrong.
Practical checklist
A first-pass assessment should ask
What tool, model, vendor, or workflow is being proposed?
What business purpose does it support?
What data goes in, what output comes out, and where records are stored?
Could it affect access to jobs, credit, housing, education, healthcare, insurance, public services, or other important opportunities?
What human review, testing, logging, and escalation steps exist?
What follow-up is needed from legal, privacy, security, HR, procurement, or leadership?
Related resources
Keep going without losing the thread.
These pages connect the search question to the free checklist, the paid Starter Kit, and deeper preview resources where they fit.
Short answers
Common questions before you use a template.
Should every AI tool get the same review?
No. Low-risk internal drafting may need lightweight rules, while tools affecting people, sensitive data, or important decisions deserve deeper review.
AIRegReady materials are educational templates and informational starting points only. They are not legal advice and do not guarantee compliance with any law, regulation, contract, or industry requirement.