AI Risk Register Template: 30 Risks Every Deployment Should Catalog

A risk register has five fields per row: risk name, likelihood (H/M/L), impact (H/M/L), risk score (a product of likelihood and impact), and mitigation. Risk score determines prioritization — High/High risks require immediate mitigations with named owners before the project advances; Low/Low risks get noted and reviewed quarterly. Adapt the default ratings to your context. If you operate in a HIPAA-regulated environment, every data privacy risk defaults to High impact regardless of likelihood. If your AI system makes no customer-facing decisions, risks related to AI bias in customer outcomes drop in impact. The ratings here reflect typical mid-market deployments — your operating environment changes the numbers. Assign an owner to every risk. Unowned risks get ignored when project pressure builds. The owner doesn't personally implement the mitigation; they track it, escalate when a risk materializes, and report status in project reviews. This register should live somewhere the project team sees regularly — not in a document created once and opened again only in a post-mortem.

**Risk 1 — Poor data quality** | Likelihood: High | Impact: High | Score: Critical Mitigation: Complete a data audit before contract signature. Rate each data source on completeness, consistency, and recency using a 1–5 scale. Require the vendor to validate data quality as a project prerequisite, not a deliverable. **Risk 2 — Sensitive data exposed to AI systems** | Likelihood: Medium | Impact: High | Score: High Mitigation: Map what data flows to the AI system before implementation begins. Remove or mask PII, PHI, and financial identifiers where the AI can function without them. Get written confirmation from the vendor on where data is stored, who can access it, and how long it's retained. **Risk 3 — Training data bias encoding historical discrimination** | Likelihood: Medium | Impact: High | Score: High Mitigation: Audit training datasets for demographic representation before deployment. For any system that makes decisions about people — hiring, lending, service eligibility — run a pre-deployment bias audit and schedule quarterly demographic disparity checks in production. **Risk 4 — Data breach through the AI system** | Likelihood: Low | Impact: High | Score: High Mitigation: Require the vendor to document their security architecture. Confirm encryption in transit and at rest, access logging, and incident response SLAs. Ensure your data is within scope of their SOC 2 or ISO 27001 certification. **Risk 5 — Vendor using your data to train models for other clients** | Likelihood: Medium | Impact: Medium | Score: Medium Mitigation: Require explicit contractual language confirming your data will not be used to train models for other clients or improve the vendor's foundation models without your written consent. Non-negotiable for any proprietary business data.

**Risk 6 — Model underperforms on real production data** | Likelihood: Medium | Impact: High | Score: High Mitigation: Require a pilot using your actual data before full deployment. Validate performance against your own success metrics, not vendor benchmarks. Run parallel processing — AI and manual — for the first 4–6 weeks of production before removing the manual fallback. **Risk 7 — Model performance drifts over time** | Likelihood: High | Impact: Medium | Score: High Mitigation: Define a monitoring cadence and performance floor before launch. Establish who monitors output quality, how often, and what triggers a retrain or rollback. For systems using frontier LLMs, schedule quarterly reviews — base model updates can alter behavior meaningfully. **Risk 8 — AI hallucinations in customer-facing outputs** | Likelihood: Medium | Impact: High | Score: High Mitigation: Never deploy AI for customer-facing content without a human review step or a confidence threshold that routes uncertain outputs to human review. Design the system to surface uncertainty visibly rather than suppress it. **Risk 9 — Narrow training coverage fails edge cases** | Likelihood: Medium | Impact: Medium | Score: Medium Mitigation: Build a test suite of edge cases and failure scenarios before launch. Include inputs that are ambiguous, out of distribution, or malformed. Confirm the system degrades gracefully — failing clearly — rather than producing confident wrong answers on unexpected inputs. **Risk 10 — Over-reliance on AI output without human verification** | Likelihood: High | Impact: Medium | Score: High Mitigation: Document explicitly which decisions require human review before action is taken. Build review steps into the workflow rather than relying on users to exercise discretion. This is a process design problem, not a technology problem.

**Risk 11 — Integration scope significantly underestimated** | Likelihood: High | Impact: High | Score: Critical Mitigation: Require the vendor to document every integration point before contracting. For each: which system, what data flows, which API version, who owns the connection, and what happens if it breaks. Add 30–50% to the vendor's quoted integration timeline before using it for planning. **Risk 12 — Vendor lock-in with no exit path** | Likelihood: Medium | Impact: High | Score: High Mitigation: Confirm data portability before signing. You should be able to export all your data in a standard format on 30 days' notice. Understand switching costs before you're locked in — what data migration, retraining, or re-integration would changing vendors require? **Risk 13 — System downtime disrupts business operations** | Likelihood: Medium | Impact: Medium | Score: Medium Mitigation: Negotiate SLA terms covering uptime percentage, incident response times, and planned maintenance windows. Document the fallback process — what do employees do if the AI system is unavailable for 2 hours? For 2 days? **Risk 14 — API and inference costs exceed projections** | Likelihood: Medium | Impact: Medium | Score: Medium Mitigation: Estimate API call volume under normal and peak conditions before deployment. Build cost monitoring and anomaly alerts into the architecture from day one. Many teams find API costs are 3–5x their initial estimate because actual usage patterns under production load differ from planning assumptions. **Risk 15 — Employees use unauthorized AI tools with business data** | Likelihood: High | Impact: Medium | Score: High Mitigation: Publish an AI acceptable use policy before the first deployment. Train employees on what tools are approved and why unauthorized tools create data risk. Shadow AI use — employees using personal ChatGPT, Claude, or similar tools with business data — is the most common governance gap in companies with formal AI programs.

**Risk 16 — AI-assisted employment decisions violate labor law** | Likelihood: Medium | Impact: High | Score: High Mitigation: Have employment counsel review any AI system that influences hiring, promotion, compensation, or termination before deployment. The EEOC and multiple state agencies have issued guidance on AI in employment decisions — document your compliance posture before any system goes live. **Risk 17 — AI outputs violate consumer protection rules** | Likelihood: Low | Impact: High | Score: Medium Mitigation: Review FTC guidance on AI in marketing and customer communications before deployment. Ensure AI-generated content can be disclosed as such where required. Retain the ability to audit which AI-generated content was shown to which customer and when. **Risk 18 — Copyright infringement in AI-generated outputs** | Likelihood: Low | Impact: High | Score: Medium Mitigation: Understand your vendor's position on training data provenance and copyright indemnification. Some enterprise providers offer IP indemnification; most consumer tools do not. For high-stakes content, have counsel review the vendor's IP terms before go-live. **Risk 19 — GDPR, CCPA, or state privacy law compliance gap** | Likelihood: Medium | Impact: High | Score: High Mitigation: Map all personal data the AI system processes. Document the legal basis for processing each category. Confirm the system can fulfill data subject access requests and deletion requests within the applicable timeframes. Include your AI vendor in your annual data processing inventory. **Risk 20 — Missing required AI interaction disclosure** | Likelihood: Medium | Impact: Medium | Score: Medium Mitigation: Some jurisdictions and contexts now require disclosure when customers interact with AI. Review applicable requirements for your industry and operating locations. Err toward disclosure — it builds trust and avoids regulatory exposure in an area where requirements are tightening.

**Risk 21 — Prompt injection in LLM-based systems** | Likelihood: Medium | Impact: High | Score: High Mitigation: For any system processing user-supplied text through an LLM, require the vendor to document prompt injection mitigations: input sanitization, structured data fencing, output validation, and access controls that limit what the AI can do in response to instructions embedded in user input. **Risk 22 — Unauthorized access to the AI system or outputs** | Likelihood: Low | Impact: High | Score: Medium Mitigation: Implement role-based access controls before launch. Who can access the AI system, what data they can query, and what outputs they can see should map to named business roles — not default to open access for any authenticated user. **Risk 23 — AI system used to exfiltrate business data** | Likelihood: Low | Impact: High | Score: Medium Mitigation: Audit what data the AI system can access and what it can produce in response to queries. A system that can be instructed to summarize all customer records and email the result is a data exfiltration vector. Scope data access to what the system legitimately requires for its task. **Risk 24 — Third-party model provider security breach** | Likelihood: Low | Impact: High | Score: Medium Mitigation: Minimize the sensitive content in prompts sent to external model providers. Use private deployments or enterprise API tiers with stricter data handling agreements where the risk warrants it. Understand exactly which data leaves your environment and to whom. **Risk 25 — AI-enabled fraud targeting your organization** | Likelihood: Low | Impact: High | Score: Medium Mitigation: Train employees to verify identity through out-of-band channels before acting on any request involving money, system access, or sensitive data — even if the request appears to come from a known voice, face, or email. AI voice cloning and email impersonation have enabled multi-million dollar fraud across multiple industries.

**Risk 26 — Employee resistance and low adoption** | Likelihood: High | Impact: High | Score: Critical Mitigation: Involve end users in the pilot — not just in training. People who had input into the tool adopt it at 2–3x the rate of those who received it as a mandate. Build a clear workflow for what employees should do when the AI gets it wrong, so they have a path other than choosing between blind trust and complete rejection. **Risk 27 — AI system has no internal owner after launch** | Likelihood: Medium | Impact: Medium | Score: Medium Mitigation: Name a single internal owner before go-live. This person is responsible for monitoring performance, collecting user feedback, managing the vendor relationship, and escalating issues. AI systems without internal owners decay quickly — nobody advocates for the tool when it needs maintenance or improvement. **Risk 28 — Critical vendor personnel turn over post-implementation** | Likelihood: Medium | Impact: Medium | Score: Medium Mitigation: Require documentation of the implementation as a contract deliverable before project close. The system should be understandable and maintainable by competent third parties, not only by the individuals who built it. Inadequate documentation is the most common handover failure. **Risk 29 — Executive sponsorship lost mid-project** | Likelihood: Low | Impact: High | Score: Medium Mitigation: Tie the project to business metrics the sponsor cares about and report against them at every milestone. Sponsors disengage from projects that report on activity rather than outcome — tasks completed rather than impact on the metrics they were sold on. **Risk 30 — Unrealistic ROI expectations trigger premature cancellation** | Likelihood: Medium | Impact: High | Score: High Mitigation: Set staged ROI expectations before launch. AI implementations typically deliver 20–30% of projected ROI in month one, growing to full projection by months 6–12 as the system is tuned and adoption matures. Projects cancelled at month two because they haven't hit full ROI projection almost always had mismatched expectations, not a failing solution.

A risk register that is not reviewed is decoration. Build three checkpoints into your project plan: **Pre-contract review**: Rate every risk in categories 1–3 using your specific project context. Any risk rated High/High requires a written mitigation plan — with a named owner — before you sign the contract. **Pre-launch review**: Update ratings using everything you learned during implementation. Model quality risks should have dropped if you ran a real pilot. Integration risks should be mostly resolved. Any remaining High/High risk delays launch unless the mitigation plan is solid and the owner has signed off. **Quarterly production review**: Update using real production data. Model drift is highest in the first year. Shadow AI use is an ongoing governance problem, not a one-time training issue. Security risks often increase as more employees interact with the system. Assign a standing agenda item in your quarterly technology review for AI risk. Add your own risks. These 30 reflect common patterns — your industry, data environment, or specific AI use case will surface risks not on this list. The most dangerous risks are the ones that surprise you, which means the most valuable thing you can do with this register is to add the risks that didn't occur to you until the first review.