AI USE CASE GOVERNANCE

Replace the AI spreadsheet with a living register.

Every AI initiative gets a record. Owner, sponsor, business process, data classes, jurisdictions, model choices, deployment intent, autonomy level, required approvals. The record stays alive as the system ships and runs. Evidence connects back automatically.

Most governance work starts too late. The system is already live, the team asks for approval after the fact, and the evidence is scattered across Confluence, ServiceNow, email and three different spreadsheets.

Kosmoy starts with the use case. Every initiative has a single record from idea to live system. Intake forms are configurable per stakeholder — one for the business owner, one for legal, one for security, one for the AI team. Risk assessments trigger extra approvers. Approvals reuse with delta detection when something changes. The EU AI Act dossier — Articles 9, 11, 12, 14, 17, 50 — generates as the system operates.

Register · Assess · Approve · Evidence.

Register

A single inventory of AI initiatives across departments, countries, and business units. Configurable intake forms — one for the business owner, one for legal, one for security, one for the AI team.

  • AI Systems Registry as the source of truth
  • Owner, sponsor, business process, autonomy level
  • Data classes, jurisdictions, deployment intent
  • Linked vendors, datasets, downstream systems
  • CSV import for migration from existing spreadsheets

Assess

Risk questionnaires with policy triggers. High-risk use cases route to extra review. Sensitive data triggers extra controls. Transparency requirements set defaults for end-user disclosure.

  • Configurable risk questionnaires
  • AI Act risk classification (qualification, role, tier, obligations)
  • Data classification triggers
  • Transparency and disclosure flags
  • ISO/IEC 42001 alignment

Approve

Approval workflows by department, geography, data type, autonomy level. Multi-stage routing for high-risk use cases. Approvals reused with delta checks when something changes.

  • Multi-stage routing
  • Conditional approvers based on risk tier
  • Approval reuse with delta detection
  • Audit trail on every decision
  • Reject + reason captured

Evidence

The EU AI Act dossier — Articles 9, 11, 12, 14, 17, 50 — generated as you operate. Risk management. Technical documentation. Record keeping. Human oversight. Quality management. Transparency.

  • Risk management evidence (Article 9)
  • Technical documentation (Article 11)
  • Record keeping from runtime logs (Article 12)
  • Human oversight via Kosmoy Chat (Article 14)
  • QA sessions and feedback (Article 17)
  • Transparency disclosures (Article 50)
  • Export to PDF or share link

How a use case moves through the platform.

Six stages. One record.

  1. 01Register
  2. 02Assess
  3. 03Approve
  4. 04Build
  5. 05Run
  6. 06Evidence

Module questions, answered straight.

Can we customise the intake form per business unit?

Yes. Forms are configurable per stakeholder, per business unit, per jurisdiction. Different intake screens for Legal vs Security vs the AI team are standard.

What happens if a use case changes?

Delta detection on the approval reuse: if a previously approved use case changes its data classes, jurisdictions, model choices, or autonomy level, the affected approvers are re-prompted with a diff view.

Does it integrate with our ticketing system?

Optional integrations exist for Jira, ServiceNow and similar — to create approval tickets in the system of record. The authoritative state stays in Kosmoy; the ticketing system stays in sync.

Where does the dossier live?

Inside Kosmoy, in the customer environment. Exportable as PDF or accessible via API for audit.

Related modules

See Use Case Governance in action.

From idea to live system, with the dossier writing itself as you go.

Book a demoEmail sales@kosmoy.com