Implementation Checklists — Foundations

Implementation Checklists — Foundations

Zen AI Governance — Knowledge Base EU/UK alignment Updated 05 Nov 2025 www.zenaigovernance.com ↗

Implementation Checklists (build → approve → operate)

EU AI Act Compliance Foundations EU/UK aligned
+ On this page
Key takeaways
  • Ship safely by checklist: classify risks, design controls, evaluate, approve, operate with PMM, and keep evidence.

Classify & plan

  • Define intended purpose; high-risk pathway; sectoral overlays; RACI and milestones.

Design & data

  • RMS kickoff; data governance plan; privacy/bias mitigations; security design; oversight pattern.

Build & evaluate

  • Model/data cards; evaluation suites; red-team; acceptance thresholds per cohort; docs linked to evidence.

Approve & CE

  • Conformity route; technical file; Declaration; CE marking; go/no-go with residual risk rationale.

Operate & oversee

  • PMM metrics live; incidents & CAPA; oversight drills; dashboards with paging.

Improve & report

  • Quarterly governance reviews; risk/threshold updates; user comms; audit snapshots.

Docs & evidence

  • Matrix, snapshots, approvals, incidents, CAPA effectiveness; supplier attestations.

Security & privacy

  • Key/secret rotation; isolation; redaction in logs; DPIAs/LIAs; unlearning plan.

Suppliers & APIs

  • Due diligence; SLAs; incident cooperation; evaluation attestations.

People & training

  • Operator competency; bias/safety training; escalation drills; annual refreshers.

Cadence & governance

  • Monthly PMM review; quarterly governance forum; yearly independent assurance.

Handover & roll-back

  • Ops runbook; rollback criteria/buttons; comms templates; on-call schedule and contacts.

© Zen AI Governance UK Ltd • Regulatory Knowledge • v1 05 Nov 2025 • This page is general guidance, not legal advice.

    • Related Articles

    • Provider vs Deployer — Responsibilities — Foundations

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Provider vs Deployer — Responsibilities EU AI Act Compliance Foundations EU/UK aligned + On this page On this page Roles & definitions Provider ...

    • Human Oversight Patterns — Foundations

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Human Oversight Patterns EU AI Act Compliance Foundations EU/UK aligned + On this page On this page Oversight goals Oversight modes Escalation ...

    • Governance, Evidence & Records — Foundations

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Governance, Evidence & Records EU AI Act Compliance Foundations EU/UK aligned + On this page On this page Org structure & roles Policies & decision ...

    • Conformity Assessment & CE Marking — Foundations

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Conformity Assessment & CE Marking (high-risk AI) EU AI Act Compliance Foundations EU/UK aligned + On this page On this page When CE/UKCA applies ...

    • Vendor Due Diligence & Contracts — Foundations

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Vendor Due Diligence & Contracts EU AI Act Compliance Foundations EU/UK aligned + On this page On this page Screening & criticality DD questionnaire ...