AI Asset Registers Go Stale Fast
EU AI Act compliance: why your AI asset register goes stale fast
You have recorded your AI systems and created a clean AI inventory. Maybe you have even carried out initial risk assessments.
Congratulations. You are further along than 90 percent of German SMEs.
But here is the problem: your AI inventory is already out of date. Probably since the day you finished it.
The illusion of the one-off inventory
Many companies treat their AI inventory like a tax return. Tick it off once a year, then forget it. That works for office furniture. With AI systems it is a recipe for compliance gaps.
The AI landscape in your company changes constantly. Not dramatically, not visibly, but continuously. And that is exactly what makes it dangerous for your EU AI Act compliance.
Five ways your AI documentation goes out of date
The first way is new tools. An employee discovers an AI tool that makes their work easier. They tell colleagues. Within two weeks five people are using it. Nobody reports it to IT. Nobody thinks about compliance.
The second way is feature updates. Microsoft adds Copilot to Office 365. Salesforce integrates Einstein AI. Your CRM suddenly gets AI-based forecasts. You installed nothing, but you are now using AI systems that did not exist six months ago.
The third way is staff changes. A new employee brings their favourite tools. A department head introduces an AI-based project management tool. Knowledge from the onboarding is lost, new knowledge comes in, uncontrolled.
The fourth way is changed use cases. The marketing team has been using ChatGPT for texts for months. No problem, MINIMAL RISK. Then someone has the idea to also analyse job application letters with it. Suddenly: HIGH-RISK under Annex III. Same tool, new use case, completely different compliance requirements.
The fifth way is shadow upgrades. Free AI tools become premium versions. Browser extensions gain AI features. Your accounting software integrates automatic categorisation. The line between AI and non-AI blurs, and your register falls behind.
The mathematical problem
Let us assume you have 50 software tools in use. Of those, 20 already have AI features or will get them in the next 12 months. On average, two new tools are added each quarter. And you have 30 employees who can independently decide which browser tools they use.
How long does your AI inventory stay current? Weeks if you are lucky. Days, realistically.
Why this is critical for EU AI Act compliance
The EU AI Act does not just require you to know your AI systems. It requires you to monitor them continuously.
Article 26(6) obliges deployers of HIGH-RISK systems to continuously monitor operation. Article 26(5) requires that all employees who operate AI systems are sufficiently trained. How do you want to train employees for systems you do not know exist?
In an inspection by supervisory authorities, what you recorded in January does not count. What counts is what you have in use today. An outdated AI inventory is worse than none, because it creates false confidence.
The hidden compliance gaps
Imagine: in an inspection you proudly present your AI documentation. Ten systems, neatly recorded, all assessed. The auditor asks: what about the AI-based recruiting tool your HR department has been using since March?
You know nothing about it. The tool was never reported. No risk assessment, no documentation, no training. A HIGH-RISK system flying blind.
That is not a hypothetical scenario. It is the norm in companies that treat compliance as a one-off project.
The uncomfortable truth
EU AI Act compliance is not a project with a beginning and an end. It is a continuous process. Like data protection. Like IT security. Like quality management.
The AI regulation will not end on 2 August 2026. That is when it really begins. And it requires you to know at all times which AI systems you use, what you use them for and which risks come with them.
A static AI asset register cannot deliver that. You need a living process.
What this means for your company
The question is not: have we documented our AI systems? The question is: is our documentation still correct today?
If you cannot answer that question with a clear yes, you have a compliance gap. Not maybe. Certainly.
The good news: a continuous recording process does not have to be complicated. It needs no expensive software. It needs clear responsibilities, simple reporting channels and regular review.
Conclusion
Your AI asset register was the first step. An important step. But only the first.
The AI landscape in your company changes faster than you can update lists. New tools, new features, new use cases: every day, potential gaps appear in your EU AI Act compliance.
The AI regulation does not require a perfect snapshot. It requires continuous control over all AI systems.
Compliance is not a state. Compliance is a process.
About the author
Jochen Stier is co-founder of NADOVO with over 20 years of experience in process management and IT service management. He helps German SMEs implement the requirements of the EU AI Act systematically and pragmatically. His 5-phase framework NADOVO combines regulatory requirements with practical feasibility, without enterprise budgets or complex tools.
More articles
AI Technology Website Migration and SEO Ranking
Many fear a website migration destroys the Google ranking. That is true - if you do it wrong. What really happens and what matters.
read more ...
AI Technology Maintaining a Website Without an Agency
If you have a business website, you should be able to maintain it yourself. Why that does not work for most people - and how it can be done differently.
read more ...
AI Compliance Why I Built NADOVO
Why a process consultant with 20 years of experience builds his own AI compliance framework and his own platform - and what that has to do with the EU AI Act.
read more ...