advanta

HomeGlossaryGovernance

Framework

Governance

P4

Risk Register

Audience

GC / CLORisk & ComplianceLegal Operations

DEFINITION

The operational artefact in which every AI-related entry in the legal function maps to one of the nine classes of the Risk Taxonomy 2026. Paired with the Evidence Register, the Risk Register constitutes the minimum governance posture for institutional AI use: the Taxonomy is the inventory, and the Risk Register is the function's working record of exposure against it.

Detailed Explanation

GOV-02 · Risk Register (Concept Summary)

Purpose

The Risk Register is the institution’s authoritative, living record of every AI capability in operation or development, the risks they carry, and how those risks are governed. It is the primary artefact regulators, auditors, counterparties, and internal assurance functions use to assess the defensibility of the AI function.

Core Role in the Governance Stack

  • Canonical artefact: Published as GOV-02, the operational instantiation of the AI Governance Charter (GOV-01).
  • Living document: Updated on the cadence defined in GOV-01; never treated as a one-off catalogue.
  • Defensibility spine:
    • DE-3 (operational evidence) is generated directly from the Register.
    • DE-4 (governance posture) is evidenced by how the Register is maintained and used.

Quick Facts

Term Type

Framework

Category

Governance

Related Pillar

P4 · Governance

Governance

Methodology
v2026.1

Explore Glossary

← All Terms