AI Model Inventory Template: Track Every Model Your Organization Runs in Production
SR 11-7, EU AI Act, and ISO 42001 all require a model inventory. Here's a complete template with every field you need, plus guidance on what to capture and why.
Regulators don't accept "we use AI" as a governance posture. They want a list — every model, its version, its owner, its risk level, who validated it, and when it was last reviewed. If you can't produce that list on demand, you have a compliance gap.
This article gives you the complete template. Copy it, adapt the field names to your tooling, and start filling it in today.
Why Regulators Require Model Inventories
Three major frameworks have converged on the same requirement: you must maintain a formal register of every AI system you operate.
SR 11-7 (Federal Reserve / OCC) requires banks and their holding companies to maintain comprehensive documentation of all models used in business decisions. "Model" is defined broadly — any quantitative method that produces estimates or decisions. That includes credit scoring, fraud detection, chatbots used in loan origination, and any LLM-assisted workflow that touches a regulated outcome.
EU AI Act Article 11 requires technical documentation for high-risk AI systems before they are placed on the market or put into service. That documentation must be kept up to date throughout the system's lifecycle. For deployers (organizations using high-risk systems), Article 26 requires maintaining logs and conducting human oversight — which is only possible if you know what systems you're running.
ISO/IEC 42001 (AI Management System standard) requires organizations to establish an AI system register as part of their AI management system. Clause 6.1.2 explicitly requires identifying AI systems and their associated risks.
An inventory isn't optional for organizations subject to any of these frameworks. It's the foundation everything else is built on.
What a Model Inventory Is (and What It Isn't)
A model inventory is a structured register of every AI/ML system your organization operates in production. It includes:
- Models you built internally
- Models from vendors (including API-accessed models like GPT-4, Claude, Gemini)
- Fine-tuned models, even if the base was a vendor's
- Models running on-premises and in the cloud
- Models embedded in third-party software you deploy
It is not just a list of APIs you call. If a vendor's model makes or influences a business decision, it belongs in your inventory — including the version pinned, the date it was last changed, and who owns the outcome if it fails.
Shadow AI — models deployed by individual teams outside the formal procurement process — is the most common gap. Your inventory is only useful if it's honest about what's actually running.
The Model Inventory Template
Use one row per model deployment. If the same model version is deployed in two separate production contexts (e.g., one for customer service, one for internal ops), create two rows.
| Field | Description |
|---|---|
| Model ID | Unique identifier (e.g., MDL-2024-047). Use a sequential or structured scheme. |
| Model Name | Human-readable name (e.g., "Customer Churn Predictor v3", "Support Chat LLM") |
| Version | Exact version string — model version, not just your application version. For API models: the pinned model ID (e.g., gpt-4-0613). |
| Type | Discriminative / Generative / Reinforcement / Ensemble / Rules-based hybrid |
| Vendor / Source | "Internal", or vendor name (OpenAI, Anthropic, Mistral, etc.) or open-source project |
| Deployment Environment | Production / Staging / Shadow (running but not acting) |
| Business Purpose | One sentence: what decision or output does this model support? |
| Risk Tier | High / Medium / Low — based on your classification policy |
| Owner / Accountable Team | The team and named individual responsible for this model's performance and compliance |
| Validation Status | Not Validated / Initial Validation Complete / Ongoing Monitoring / Validation Overdue |
| Last Validation Date | Date of most recent formal validation or review |
| Next Review Date | Scheduled date of next review — High risk: quarterly; Medium: semi-annual; Low: annual |
| Data Inputs | Types of data fed to this model (e.g., customer transaction history, free-text support tickets, images) |
| Data Outputs | What the model returns (e.g., probability score 0-1, classified label, generated text) |
| Regulatory Scope | Which regulations apply: SR 11-7 / EU AI Act / HIPAA / GDPR / CCPA / None identified |
| Human Oversight Level | HITL (human-in-the-loop, approves each output) / HOTL (human-on-the-loop, monitors with override) / HOOTL (human-out-of-the-loop, fully automated) |
| Incident Log Link | URL or reference to the incident log for this model |
| Retirement Date | Date model was or is planned to be decommissioned (leave blank if active) |
Populated Example Row
| Field | Example Value |
|---|---|
| Model ID | MDL-2026-012 |
| Model Name | Loan Eligibility Screener |
| Version | internal-v2.3.1 |
| Type | Discriminative (binary classifier) |
| Vendor / Source | Internal |
| Deployment Environment | Production |
| Business Purpose | Screens mortgage applications for eligibility before human underwriter review |
| Risk Tier | High |
| Owner / Accountable Team | Credit Risk Team / Jane Smith |
| Validation Status | Ongoing Monitoring |
| Last Validation Date | 2026-01-15 |
| Next Review Date | 2026-04-15 |
| Data Inputs | Applicant income, credit history, debt-to-income ratio, employment status |
| Data Outputs | Eligibility score (0-100), recommended action (Proceed / Review / Decline) |
| Regulatory Scope | SR 11-7, Equal Credit Opportunity Act, ECOA |
| Human Oversight Level | HOTL |
| Incident Log Link | /incidents/MDL-2026-012 |
| Retirement Date | — |
Model Change Log Template
Every change to a model in production — version updates, retraining, threshold adjustments — must be logged. This is separate from your main inventory table; the inventory shows current state, the change log shows history.
| Date | Model ID | Change Type | Changed By | Approved By | Pre-Change Version | Post-Change Version | Validation Completed | Rollback Plan |
|---|---|---|---|---|---|---|---|---|
| 2026-02-10 | MDL-2026-012 | Version update | Data Science Team | Credit Risk Director | internal-v2.2.0 | internal-v2.3.1 | Yes — shadow testing 30 days | Revert to v2.2.0 via deployment config |
| 2026-01-22 | MDL-2026-008 | Threshold adjustment | ML Ops | AI Risk Officer | Threshold: 0.65 | Threshold: 0.70 | Yes — backtested on Q4 2025 data | Revert threshold in config file |
Change Type options: Version update / Threshold adjustment / Input feature change / Training data update / Infrastructure migration / Emergency rollback
How to Populate Each Field
Risk Tier is the field most organizations get wrong. Don't assign it based on technical complexity. Assign it based on consequences of failure. A simple logistic regression that affects credit decisions is High Risk. A sophisticated transformer model that suggests internal meeting summaries is Low Risk. The question is: if this model outputs something wrong, who is harmed, and how badly?
Human Oversight Level needs to match reality, not aspiration. If your policy says HITL but reviewers rubber-stamp 98% of outputs in under 10 seconds, document that honestly — the gap between policy and practice is itself a finding.
Version for third-party API models requires you to pin model versions, not use "latest" aliases. If you're calling gpt-4 instead of gpt-4-0613, you don't know what model you're actually running. Pin versions. Log them.
Regulatory Scope should be populated by your legal or compliance team, not by engineers. Engineers know what the model does; legal knows which regulations attach to that activity.
Maintaining the Inventory
A model inventory that isn't maintained is worse than no inventory — it creates false confidence and will actively mislead auditors.
Minimum review cadence:
- High-Risk systems: quarterly
- Medium-Risk systems: semi-annually
- Low-Risk systems: annually
- After any production incident: within 5 business days
Triggers for a new inventory entry (not just an update to an existing row):
- New model deployed to production
- Existing model applied to a new business purpose or new data type
- Model moved from one deployment environment to another (staging → production)
Triggers for an update to an existing row:
- Version change
- Owner change
- Validation status change
- Retirement
Common Mistakes
Treating the inventory as a one-time project. Organizations stand up an inventory for an audit, then let it go stale. Regulators check for recent updates. An inventory last touched 18 months ago is evidence of a governance gap, not governance.
Under-reporting shadow AI. Individual teams spin up AI tools — Copilot integrations, vendor-specific AI features, custom API integrations — without going through formal procurement. Survey business units directly, not just IT. Ask: "Are there any AI tools your team uses that aren't managed by central IT?" The answer is almost always yes.
Conflating the model with the use case. The same model version (e.g., GPT-4o) deployed in two different contexts — customer-facing support chat vs. internal legal document summarization — represents two different inventory entries with potentially different risk tiers, oversight requirements, and regulatory scope.
Not tracking API-accessed models by version. "We use OpenAI" is not an inventory entry. The specific model ID, the date it was pinned, and any subsequent updates are all required information.
Connecting to Your Data Pipeline
The Model Change Log columns — particularly Change Type, Changed By, and Validation Completed — map directly to the output of a well-instrumented data processing pipeline. If your training data pipeline tracks every transformation with operator attribution and timestamps, you already have the raw material for the change log. The gap is usually connecting that operational log to the governance register.
Ertas Data Suite generates a complete, immutable audit trail of every data transformation step — who ran it, when, what changed — which feeds directly into the Model Change Log without manual entry.
Next Steps
- Export a list of all models currently running in your environment (work with ML Ops and IT)
- Assign a risk tier to each using your classification policy (or adopt the three-tier framework above)
- Identify owners for each model — if no one is accountable, that's your first governance finding
- Schedule the first formal review for all High-Risk systems within 90 days
- Implement a change notification process so the inventory stays current
The inventory is the foundation. Model cards, validation documentation, audit trails, and incident response all reference it. Build it well, and the rest of your governance program has something to stand on.
Turn unstructured data into AI-ready datasets — without it leaving the building.
On-premise data preparation with full audit trail. No data egress. No fragmented toolchains. EU AI Act Article 30 compliance built in.
Keep reading
The EU AI Act's High-Risk System Requirements: What They Demand and What They Don't Tell You
The EU AI Act's Annex III defines high-risk AI categories. If you're deploying in healthcare, legal, finance, or HR, you're almost certainly in scope. Here's what compliance actually requires.
EU AI Act Article 30 Documentation Checklist: What High-Risk AI Providers Must Log
EU AI Act Article 30 requires providers of high-risk AI systems to maintain detailed logs. This checklist covers every requirement with practical implementation guidance.
NIST AI RMF vs. EU AI Act vs. ISO/IEC 42001: A Practical Comparison for Enterprise Teams
Three major AI governance frameworks, each from a different jurisdiction and philosophy. Here's what each requires, where they overlap, and how to build a unified compliance posture.