What is an AI governance record?
An AI governance record is not a document. It is a living, structured data object that connects an AI system to its regulatory context, risk classification, actor role, applicable obligations, evidence state, approval history, and any re-screening events.
Unlike a compliance report or a filled-in form, a governance record is continuously updated as the system, the regulation, or the organisational context changes. It is the authoritative source for answering: what do we know about this system, what have we decided, and can we prove it?
Key points
- A governance record is not static. It reflects the current state of the AI system's compliance lifecycle — including changes, re-screenings, and updated evidence.
- It connects all governance dimensions: system identity, business context, technical characteristics, risk classification, actor role, obligation mapping, evidence status, approval decisions, and audit trail.
- Each governance record has a history. Point-in-time snapshots preserve what was known and decided at each governance event, even when the current state has changed.
- The governance record is what an auditor examines. If the record is incomplete, fragmented, or not reconstructable, the governance is incomplete — regardless of what actually happened.
- A filled-in PDF, a completed spreadsheet row, or an email confirmation is not a governance record. A governance record requires structure, attribution, versioning, and evidence linkage.
Why it matters
The difference between documentation and governance is the record. Documentation describes what should happen or what was done. A governance record proves it — with structure, attribution, evidence, and history. Organisations that confuse the two discover the gap at audit, when they are asked to show not just what they documented, but what the record looked like at the time the decision was made.
How EAB approaches this
Every AI system in EAB has a governance record from the moment it is registered in the AI System Registry. The record accumulates governance data through screening, obligation mapping, evidence tracking, and approval. Versioned Screening Records preserve point-in-time snapshots. The audit trail makes the full record history reconstructable.