Free AI register template for Australian businesses
An editable AI register (inventory) for Australian organisations. Track every AI tool in use across your business: who owns it, what data it touches, whether it is approved, and when it was last reviewed. Available as a Markdown file or a CSV spreadsheet.
A starting template, not legal or compliance advice. Review it against your own obligations before you rely on it.
What an AI register is
An AI register is a structured inventory of every AI tool or system your organisation uses. For each tool it records the owner, the department, the use case, what data is entered, whether personal or sensitive information is involved, the vendor arrangement, whether the tool has been approved, the risk level, controls in place, and the next review date.
The register gives whoever is responsible for AI governance a reliable reference point. Without it, AI use tends to spread across the business invisibly, and no one can say with confidence what tools are in use, what data they touch, or whether they have been assessed.
The register works alongside your AI policy. The policy says what is allowed; the register tracks what you actually have. If you do not yet have a policy, start there, then use this register to record the tools assessed against it.
Who needs an AI register
Any organisation where staff use AI tools in their work should maintain a register. In practice, that now covers most small and mid-sized Australian businesses. It is especially relevant if your organisation:
Handles personal information
The Privacy Act requires you to understand and control how personal information is handled, including by third-party AI tools your staff use.
Has professional obligations
Legal, financial, medical and similar practices face specific duties around client data. A register helps demonstrate appropriate oversight.
Is growing its team
As you add staff, informal AI use spreads quickly. A register establishes a baseline and keeps new starters aligned.
Works with enterprise clients
Many larger clients and procurement processes now ask suppliers to demonstrate AI governance. A register is a practical starting point.
Download the template
The template is available in two formats. The Markdown version suits teams that manage documents in plain text, version control, or a wiki. The CSV version opens directly in Excel, Google Sheets, or Numbers and is the quickest way to start filling in your inventory.
Free. A starting template, not legal or compliance advice. Adapt it to your business before you rely on it.
What columns it should include
The template uses these twelve columns. Each addresses a specific question that matters for risk, privacy, and governance oversight:
- ✓Tool or system
- ✓Owner
- ✓Department
- ✓Use case
- ✓Data entered
- ✓Personal information involved
- ✓Sensitive information involved
- ✓Vendor or account type
- ✓Approval status (approved / conditional / unapproved)
- ✓Risk level
- ✓Controls
- ✓Review date
AI register vs AI policy vs AI risk register
AI policy
The policy sets the rules for how staff may use AI: which tools are approved, what data they can enter, when human review is required, and what is prohibited. It is a governance document. If you do not have one, download the free AI policy template first.
AI register (this template)
The register is an inventory of what your business actually uses. It records each tool, its owner, the data it touches, its approval status, and the controls in place. It is updated regularly as tools are added, changed, or retired. The policy says what is allowed; the register tracks what you have.
AI risk register
A risk register is a separate document focused specifically on identified risks: what could go wrong, the likelihood and consequence, the controls in place, and the residual risk. Some organisations maintain a dedicated AI risk register; others fold risk into the AI register itself. The risk level and controls columns in this template provide a lightweight version of that function.
Example entries
These are illustrative examples showing how common AI tools might appear in a completed register. They are not real client entries. Adapt the details to reflect how your business actually uses each tool.
| Tool | Owner | Dept | Use case | Data entered | PI | SI | Status | Risk | Controls |
|---|---|---|---|---|---|---|---|---|---|
| ChatGPT (OpenAI) | Operations Manager | Operations | Drafting emails and internal documents | Internal text, no client data | No | No | Approved | Low | Staff briefing; no client data rule |
| Microsoft Copilot | IT Manager | All | Email drafting, summarising meetings, code suggestions | Internal emails and documents via M365 | Yes | No | Approved | Medium | M365 data boundary enabled; DLP policy applied |
| Claude (Anthropic) | Marketing Lead | Marketing | Content drafting and research summarisation | Internal briefs, no personal information | No | No | Approved | Low | No client or personal data in prompts |
| Otter.ai | Sales Manager | Sales | Meeting transcription | Meeting audio, participant names | Yes | No | Conditional | Medium | Participants notified; recordings deleted after 30 days |
| Zapier AI | Operations Manager | Operations | Automated lead routing and CRM updates | Contact names, email addresses | Yes | No | Conditional | Medium | Privacy notice updated; data minimisation applied |
PI = personal information involved. SI = sensitive information involved. Illustrative only.
How to review the register quarterly
A quarterly review keeps the register accurate and prevents tool sprawl from going undetected. Work through these steps each quarter:
Check for new tools
Ask each team lead whether any new AI tools have been introduced since the last review. Add a row for each one.
Confirm each tool is still in use
Remove or archive rows for tools that have been discontinued. A stale register is worse than no register.
Review vendor changes
Check whether any vendors have updated their data handling practices, terms, or pricing tier since the last review.
Reassess approval and risk
Confirm that the approval status and risk level for each tool still reflect current use. Usage sometimes expands beyond what was originally assessed.
Update the review date
Set the next review date for each row. Tools with higher risk levels may warrant more frequent review.
When to get help
The register template works well for businesses that have a reasonable picture of their AI use. If you suspect staff are using tools that your leadership team does not know about, the register will reflect that gap rather than close it. In that case, a usage review is the more useful starting point.
- •Not sure where you stand?. Take the free AI risk readiness check for an indicative picture of your current exposure.
- •AI usage review. We find what AI tools are really being used across your team, and where the risks are. The result feeds directly into your register.
- •AI policy template. Pair the register with a policy so staff know which tools are approved and what is off limits.
What our clients say
Josh and the VibeZero team turned a mess of ideas into a working product faster than I thought possible. They actually listened to what we needed, didn't overcomplicate things, and delivered something our team could use straight away. Genuinely one of the best tech experiences I've had as a business owner.
Working with VibeZero was refreshingly straightforward. No jargon, no upselling, just solid work delivered on time. They understood our business from the first call and built exactly what we asked for. I'd recommend them to any small business looking to actually get results from AI.
Frequently asked questions
An AI register should include, at minimum: each AI tool or system in use, who owns it, which department uses it, the use case, what data is entered, whether personal or sensitive information is involved, the vendor or account type, approval status, risk level, controls in place, and a review date. The template provided here covers all of these columns.
Download this template (available as a Markdown file or a CSV spreadsheet), then fill in one row per AI tool or system currently in use across your business. Work through each column: tool name, owner, department, use case, data entered, privacy considerations, approval status, risk level, controls, and next review date. Repeat the review cycle quarterly or when a new tool is introduced.
An AI policy sets the rules: what tools are approved, what staff can and cannot do with AI, and how data must be handled. An AI register is an inventory: it records the specific tools your business actually uses, who owns them, what data they touch, whether they are approved, and when they were last reviewed. The policy says what is allowed; the register tracks what you have. Both are needed.
Review the register at least quarterly. Also update it whenever a new AI tool is introduced, an existing tool is retired or changed, a vendor updates their data handling practices, or a privacy or risk concern is identified. The register is only useful if it reflects the current state of AI use in your business.
Yes, it is free. Download the Markdown or CSV version and adapt it to your business. It is provided by VibeZero as a practical starting point, not as legal or compliance advice. Review it against your own obligations before relying on it.