Open working template
AI Assurance Evidence Pack
One evidence package for deciding whether an AI system can enter production and remain under control. Complete it for a specific system version — not for a generic “AI policy”.
How to use it: fields with a line can be edited in the browser before printing. Attach links or identifiers for real artefacts: test repositories, reports, logs, dashboards and decisions. Every result should identify the model, prompt, data and code versions.
System inventory and owner card
System name / use case
Business owner
Technical owner
Stage and environment
Version covered by this decision
Suppliers and integrations
Purpose, users and decisions supported
Input data, sensitive data and permissions
AI Act risk classification
Record the preliminary qualification and its basis. Route uncertainty to compliance or legal counsel.
| Question | Yes / no / n.a. | Rationale and evidence | Owner |
|---|---|---|---|
| Does the system perform a prohibited practice? | |||
| Is it a high-risk use case under Annex I or III? | |||
| Do Article 50 transparency obligations apply? | |||
| Organisation role: provider, deployer, importer or distributor? | |||
| Other regimes: GDPR, sector rules, cybersecurity, IP? |
Golden set and acceptance criteria
Golden-set scope
Version and location
Normal, edge and refusal cases
| Metric / scenario | Acceptance threshold set before testing | Consequence if missed | Decision owner |
|---|---|---|---|
| Correctness / task success | |||
| Grounding / citations | |||
| Security / data | |||
| Cost and latency |
Evaluation plan and results
| Test | Method / set | Result | Threshold | Status | Artefact |
|---|---|---|---|---|---|
| Answer quality | |||||
| Hallucination and grounding | |||||
| Prompt injection / red team | |||||
| Permissions and data leakage | |||||
| Fallback and integration failure | |||||
| Change regression |
Material test limitations
Logs, versioning and monitoring
- Input, output and operation time
- Model identifier and prompt version
- Retrieval sources and passages
- Tool calls and action outcomes
- Decisions, refusals, fallbacks and escalations
- Unit cost and limits
- Access control and log retention
- Alerts and incident owner
| Signal | Threshold / SLO | Source / dashboard | Response and owner |
|---|---|---|---|
| Quality | |||
| Security | |||
| Cost / volume | |||
| Availability / fallback |
Human handoff
Handoff triggers
Who takes over and when
What the human sees
How feedback returns to the system
Kill switch and rollback
| Stop scenario | Who can disable | Mechanism | Safe mode / fallback | Last tested |
|---|---|---|---|---|
| Security incident | ||||
| Quality degradation | ||||
| Invalid agent action |
Model, prompt, data and code rollback plan
Go/no-go decision
☐ GO
thresholds met
thresholds met
☐ CONDITIONAL GO
limitations and remediation date
limitations and remediation date
☐ NO-GO
production blockers
production blockers
Decision rationale
Approved use scope
Limitations and reassessment date
Remediation plan and sign-off
| Gap / risk | Priority | Action | Owner | Due date | Closure evidence |
|---|---|---|---|---|---|
Business owner — decision / date
Technical owner — decision / date
Security / privacy — opinion / date
Compliance / legal — opinion / date
Important: this template organises technical evidence and operational decisions. It does not replace legal advice or a formal conformity assessment, does not guarantee AI Act compliance, and proves no quality without attached results, logs and approved criteria.