1. Company profileIndustry, size, country, EU exposure, contact person and starting point.
2. AI useTools and use cases already in use or planned.
3. AI systemsPurpose, supplier, departments, user groups and status.
4. Data typesPersonal data, customer data, internal information and sensitive data.
5. Third-party AISaaS, cloud, chatbots, model providers and external AI features.
6. Human oversightWho checks outputs, who approves decisions and where automation occurs.
7. GovernanceResponsibilities, AI policy, approval process and incident process.
8. AI literacyTraining, briefing, records and affected staff.
9. Risk signalsHR, recruiting, education, product context, scoring, biometric or sensitive contexts.