[EAAPL-GOV001] AI Model Register
Category: Governance / Model Lifecycle Management Sub-category: Inventory & Classification Version: 2.1 Maturity: Mature Tags: model-inventory, risk-classification, model-lifecycle, APRA, EU-AI-Act, governance, traceability Regulatory Relevance: APRA CPS230 §24–§28, EU AI Act Article 51, ISO/IEC 42001 §6.1, NIST AI RMF GOVERN 1.1
1. Executive Summary
The AI Model Register is the foundational governance artefact for any enterprise operating AI systems at scale. It provides a single, authoritative inventory of every AI model—including third-party, open-source, and internally developed models—deployed or approved for deployment across the organisation.
Without a comprehensive model register, CIOs and CTOs face material regulatory exposure: APRA CPS230 requires identification of critical operations and their supporting technology; the EU AI Act mandates transparency obligations for high-risk systems; and ISO/IEC 42001 requires documented AI system inventory as a precondition for certification.
Beyond compliance, the register delivers operational value: it enables rapid impact assessment during security incidents, supports informed model retirement decisions, provides lineage for audit purposes, and ensures ownership accountability is unambiguous. Organisations that have suffered high-profile AI failures typically share a common root cause—no one could answer "what models are running in production and who owns them?" This pattern eliminates that risk.
Implementation typically takes 6–10 weeks for initial baseline and delivers immediate regulatory defensibility. The register becomes the anchor for all downstream governance patterns in the EAAPL library.
2. Problem Statement
Business Problem
Enterprises deploy AI models across dozens of business units, often without centralised visibility. Risk teams cannot assess aggregate AI exposure. Compliance teams cannot demonstrate regulatory adherence. When incidents occur, ownership is disputed and remediation is slow.
Technical Problem
AI models are deployed through heterogeneous pipelines (MLOps platforms, vendor SaaS, custom APIs, embedded in applications). No single system captures the full population. Metadata standards are inconsistent. Version drift occurs silently.
Symptoms
- Inability to answer "how many AI models do we have in production?" within 24 hours
- Duplicate model deployments solving the same problem in different business units
- Retired models still receiving inference traffic due to untracked dependencies
- Security patches missed because no ownership record exists
- Regulatory audit findings citing inability to demonstrate AI system inventory
- Post-incident reviews revealing undocumented models contributed to failures
- Third-party AI vendor contracts renewing without performance review
Cost of Inaction
- Regulatory: APRA CPS230 enforcement action; EU AI Act fines up to €30M or 6% global turnover for high-risk system non-compliance
- Operational: Mean time to identify impacted systems during incidents measured in days, not minutes
- Financial: Duplicate model investments; ungoverned cloud AI spend growing 40–70% annually
- Reputational: Public disclosure of ungoverned AI systems materially damages institutional trust
3. Context
When to Apply
- Organisation has ≥5 AI models in production or ≥3 teams independently deploying AI
- Regulatory obligations require AI system transparency (APRA-regulated entities, EU market participants)
- Board or executive committee has requested AI risk visibility
- Prior to implementation of any downstream governance pattern (GOV002–GOV010)
- Following an AI-related incident or near-miss requiring post-incident review
- Before onboarding a new AI vendor or deploying a generative AI capability
When NOT to Apply
- Proof-of-concept or sandboxed environments with no production traffic (register entry still recommended at approval-to-test stage, but lightweight form acceptable)
- Organisations with fewer than 3 AI models and no regulatory obligation (simpler spreadsheet-based inventory may suffice until scale warrants this pattern)
Prerequisites
- Defined AI system taxonomy (what constitutes an "AI model" vs. a rules-based system)
- Nominated data steward responsible for register integrity
- Identity and access management capable of supporting RBAC on register entries
- Integration pathway to at least one deployment platform (MLOps, cloud provider)
Industry Applicability
| Industry | Applicability | Primary Driver | Specific Obligation |
|---|---|---|---|
| Banking & Insurance (AU) | Critical | APRA CPS230/234 | Critical operation AI inventory |
| Financial Services (EU) | Critical | EU AI Act + DORA | High-risk AI transparency |
| Healthcare | High | TGA AI frameworks, Privacy Act | Clinical AI accountability |
| Government | High | APS AI Ethics Framework | Public sector AI transparency |
| Retail / E-commerce | Medium | Consumer protection, Privacy Act | Automated decision accountability |
| Energy & Utilities | Medium | Critical infrastructure obligations | OT/AI convergence risk |
| Technology / SaaS | Medium | Customer contractual obligations | Third-party AI disclosure |
4. Architecture Overview
The AI Model Register is architected as a federated registry with a centralised authority plane. This design reflects a fundamental tension in enterprise AI governance: business units need autonomy to move quickly, while the enterprise needs authoritative, consistent metadata. A purely centralised model creates bottlenecks; a purely federated model loses consistency. The pattern resolves this by separating the authority plane (schema, validation, access control, regulatory reporting) from the contribution plane (business unit self-registration via APIs and automated discovery).
Core Architectural Principle: Write Many, Read One. Every deployment pipeline writes metadata to the register at promotion time. Every governance, risk, and compliance (GRC) query reads from one authoritative source. This eliminates the "which spreadsheet is current?" problem that plagues manually maintained inventories.
Schema Design Philosophy. The register schema is deliberately stratified into three tiers: (1) Mandatory fields required at initial registration—model ID, owner, version, purpose, data classification, risk tier; (2) Deployment fields populated at production approval—approval reference, deployment environment, endpoint, dependencies; (3) Operational fields updated continuously—last inference timestamp, performance metrics, incident history, review dates. This stratification allows early-stage registration without blocking the pipeline while ensuring operational records are complete before production traffic flows.
Risk Classification as a First-Class Attribute. Every model entry carries a risk tier (Critical / High / Medium / Low) derived from the AI Risk Assessment pattern (GOV002). The register stores both the tier assignment and the assessment artefact reference, creating a traceable chain from classification decision to governance action. Risk tier drives downstream controls: review frequency, human oversight requirements, approval authority level, and monitoring intensity.
Third-Party Model Governance. Commercial AI APIs (OpenAI, Anthropic, Google, AWS Bedrock) and open-source models (Hugging Face, Ollama) must be registered with equal rigour to internally developed models. The register schema includes vendor contract reference, data processing agreement (DPA) status, geographic data residency, and vendor security assessment date. APRA CPS230 §28 explicitly requires third-party arrangement governance—this field set satisfies that obligation.
Immutability and Versioning. Register entries are append-only with explicit version increments. Retiring a model does not delete its record; it transitions to RETIRED status with a retirement date, successor model reference, and decommission evidence link. This immutability is architecturally enforced at the storage layer and is required to satisfy audit demands for historical state reconstruction.
Automated Discovery Integration. A passive discovery agent continuously scans deployment infrastructure (Kubernetes namespaces, API gateways, cloud AI services) for AI model signatures not present in the register. Unregistered models trigger a governance alert: either the model is legitimately deployed and needs retroactive registration, or it is a shadow AI deployment requiring immediate escalation. This closes the "unknown unknowns" gap that manual self-registration leaves open.
Access Control Architecture. The register implements role-based access with four tiers: (1) Public—model name, purpose, owner contact, risk tier visible to all staff; (2) Operational—full technical metadata visible to AI/ML and security teams; (3) Compliance—full record including assessment history visible to risk and compliance; (4) Admin—schema and configuration visible only to register administrators. This tiering satisfies the principle of least privilege while enabling broad organisational transparency about AI system existence.
5. Architecture Diagram
6. Components
| Component | Type | Responsibility | Technology Options | Criticality |
|---|---|---|---|---|
| Register API | Application Service | Accepts registrations, validates schema, enforces mandatory fields, returns model ID | FastAPI, Spring Boot, AWS API GW + Lambda | Critical |
| Schema Validator | Business Logic | Validates field completeness by registration stage, enforces taxonomy values, computes risk tier from GOV002 inputs | JSON Schema + custom rules engine, OPA | Critical |
| Register Store | Data Persistence | Append-only authoritative storage, versioned records, ACID-compliant | PostgreSQL with row-level security, Azure SQL, Aurora | Critical |
| Immutable Audit Log | Compliance Storage | WORM-compliant log of all register mutations with actor, timestamp, delta | AWS S3 Object Lock, Azure Immutable Blob, Splunk | Critical |
| Search Index | Query Acceleration | Full-text and faceted search across register entries for operational queries | Elasticsearch, OpenSearch, Azure Cognitive Search | High |
| Discovery Agent | Background Service | Scans infrastructure for unregistered AI model deployments | Custom agent + Kubernetes API + cloud provider APIs | High |
| GRC Integration | Integration Adapter | Syncs register data to enterprise GRC platform for risk aggregation | ServiceNow Connector, Archer API, REST webhook | High |
| Governance Portal UI | User Interface | Self-service registration, search, lifecycle management for model owners | React/Vue SPA, internal developer portal | Medium |
| Notification Service | Messaging | Dispatches review-due, shadow AI, material-change alerts | AWS SES/SNS, SendGrid, PagerDuty | Medium |
| Expiry Monitor | Scheduled Job | Identifies models approaching mandatory review date; triggers workflow | Cron job / AWS EventBridge Scheduler | Medium |
7. Data Flow
Primary Registration Flow
| Step | Actor | Action | Output |
|---|---|---|---|
| 1 | MLOps Pipeline / Human Registrant | Submits model registration payload (JSON) to Register API | HTTP 202 Accepted, registration ticket ID |
| 2 | Register API | Authenticates caller, validates OAuth token, extracts model metadata | Authenticated request context |
| 3 | Schema Validator | Validates mandatory fields for current lifecycle stage, checks taxonomy values | Validation pass/fail with field-level errors |
| 4 | Risk Tier Calculation | Computes preliminary risk tier from purpose, data classification, deployment scope | Risk tier (Critical/High/Medium/Low) + rationale |
| 5 | Register Store | Writes new version record with immutable UUID, timestamp, actor identity | Model register ID (MRID) assigned |
| 6 | Audit Log | Appends create event with full payload snapshot | Audit event ID |
| 7 | Search Index | Indexes new record for immediate discoverability | Index confirmation |
| 8 | Downstream Triggers | Emits registration event to GOV002 (risk assessment), GOV003 (approval workflow) | Event published to message bus |
| 9 | Registrant | Receives MRID, confirmation, and next-action links | Registration complete notification |
Error Flow
| Condition | Detection Point | Response | Recovery |
|---|---|---|---|
| Missing mandatory field | Schema Validator | HTTP 400, field-level error map | Registrant corrects and resubmits |
| Duplicate model detected (same name+version) | Register Store | HTTP 409, link to existing record | Registrant reviews existing entry |
| Unauthorised submitter | Register API (OAuth) | HTTP 401, incident logged | Registrant escalates to register admin |
| Discovery agent finds unregistered model | Discovery Agent | Shadow AI alert raised, model marked PENDING_REGISTRATION | Owner identified and notified for registration |
| Risk tier escalation on update | Schema Validator | Additional approval workflow triggered per GOV003 | Approval obtained before status update confirmed |
8. Security Considerations
Authentication & Authorisation
- All Register API calls require OAuth 2.0 / OIDC bearer token from enterprise IdP (Azure AD, Okta)
- RBAC enforced at API layer and database row level (model owner can edit own entries; risk tier changes require Compliance role)
- Service accounts for automated pipeline registration use short-lived tokens (≤1 hour TTL) with least-privilege scope
- MFA required for all human administrative actions
Secrets Management
- API keys and database credentials stored in enterprise secrets manager (HashiCorp Vault, AWS Secrets Manager)
- No credentials in register entry payloads; vendor API key references stored as Vault path references, not values
- Secrets rotation schedule: 90 days maximum for service accounts
Data Classification
- Register entries classified at the highest sensitivity of the model they describe
- Fields containing model architecture details or training data references classified as CONFIDENTIAL
- Public-facing fields (name, purpose, owner contact) classified as INTERNAL
Encryption
- Data at rest: AES-256 encryption on PostgreSQL tablespace and S3 audit bucket
- Data in transit: TLS 1.3 minimum for all API calls; mTLS for internal service-to-service communication
- Audit log WORM bucket: S3 Object Lock with Compliance mode, 7-year retention (aligned to APRA record-keeping obligations)
Auditability
- Every read of sensitive register fields logged (who accessed which model record, when)
- All mutations logged with actor identity, timestamp, IP, changed fields, before/after values
- Quarterly access review of register admin roles
OWASP LLM Top 10 Mapping
| OWASP LLM Risk | Register-Specific Threat | Control Implemented |
|---|---|---|
| LLM01 Prompt Injection | Model descriptions containing malicious instructions | Input sanitisation on text fields; no LLM processes raw register content |
| LLM02 Insecure Output Handling | Register UI rendering unescaped model output samples | Content Security Policy; output encoding in UI layer |
| LLM06 Sensitive Information Disclosure | Training data descriptions revealing PII | Field-level classification controls; PII scanning on description fields |
| LLM08 Excessive Agency | Automated discovery agent with write privileges | Discovery agent write-scope limited to SHADOW_PENDING status only |
| LLM09 Overreliance | Risk tier auto-calculation replacing human judgement | Risk tier is advisory; human compliance officer must confirm tier ≥ High |
9. Governance Considerations
Responsible AI Alignment
The register operationalises accountability by making AI system ownership unambiguous and publicly discoverable within the enterprise. Every model has a named human owner (not a team or system).
Model Risk
The register is itself a control in the model risk framework. Its completeness rate (% models with all mandatory fields) is a Key Risk Indicator (KRI) reported to the AI Risk Committee quarterly.
Human Approval Requirements
- Risk tier elevation (e.g., Low → High) requires Compliance Officer sign-off
- CRITICAL tier models require Chief Risk Officer acknowledgement in register
- Retirement of a model supporting a critical business operation requires change advisory board (CAB) approval
Policy Integration
The AI Use Policy, Data Classification Policy, and Third-Party Risk Policy are all referenced by register field validations. Policy updates automatically trigger re-validation notifications to affected model owners.
Traceability
Every downstream governance action (risk assessment, approval, incident, audit finding) references the MRID. This creates a complete, traversable lineage from model registration through retirement.
Governance Artefacts
| Artefact | Owner | Frequency | Regulatory Linkage |
|---|---|---|---|
| AI Model Register Report | Chief AI Officer | Quarterly | APRA CPS230 §24 |
| Shadow AI Discovery Report | CISO | Monthly | CPS234 §15 |
| Register Completeness KRI | AI Governance Team | Monthly | ISO 42001 §9.1 |
| Third-Party AI Inventory | Procurement + Risk | Annually | CPS230 §28 |
| Model Retirement Evidence Pack | Model Owner | Per event | EU AI Act Article 51 |
10. Operational Considerations
Monitoring
| Metric | Target | Alert Threshold | Owner |
|---|---|---|---|
| Register API availability | 99.9% uptime | <99.5% in 1h window | Platform Ops |
| Registration pipeline latency | p99 < 2s | p99 > 5s | Platform Ops |
| Shadow AI detections | 0 unresolved > 48h | Any unresolved at 48h | AI Governance |
| Register completeness rate | >95% mandatory fields | <90% | AI Governance |
| Models past review date | 0 | Any Critical/High model overdue | Compliance |
SLOs
| SLO | Target | Measurement Window |
|---|---|---|
| API write availability | 99.9% | 30-day rolling |
| Search query latency p95 | <500ms | 7-day rolling |
| Shadow AI alert MTTD | <15 minutes | Per detection event |
| Review-due notification lead time | 30 days before due | Per model |
Logging
- Structured JSON logs for all API calls (requestId, modelId, actor, action, duration, outcome)
- Log retention: 90 days hot (Elasticsearch), 7 years cold (S3 Glacier) aligned to APRA record-keeping
- Log shipping to enterprise SIEM within 60 seconds of event
Incident Response
- Register unavailability: fallback read from last-known-good snapshot; no writes permitted during degraded mode
- Data integrity breach: invoke immutable audit log to reconstruct state; notify CISO within 1 hour
- Shadow AI discovery spike: treat as potential security incident; invoke GOV008
Disaster Recovery
| Scenario | RTO | RPO | Recovery Method |
|---|---|---|---|
| Register API unavailable | 15 minutes | 0 (no write loss) | Auto-failover to standby region |
| Database corruption | 4 hours | 5 minutes | Point-in-time recovery from continuous backup |
| Audit log compromise | N/A (WORM) | 0 | Immutable; no recovery action required |
| Full region outage | 1 hour | 15 minutes | Active-passive multi-region with DNS failover |
Capacity Planning
- Register expected growth: 50–200 new model entries per quarter for a large enterprise
- Storage at 5-year horizon (100KB average record × 2,000 models × 50 versions): ~10GB structured data; negligible
- Search index: scale Elasticsearch to 3-node minimum; add shard at 500K+ documents
- Discovery agent: deploy one agent per 1,000 Kubernetes pods; 10-minute scan cycle
11. Cost Considerations
Cost Drivers
| Driver | Cost Type | Scaling Behaviour |
|---|---|---|
| Register database (RDS PostgreSQL) | Fixed infrastructure | Grows slowly with record volume; minor cost |
| Audit log storage (S3 WORM) | Variable storage | Linear with number of mutations; ~$23/TB/month |
| Discovery agent compute | Fixed per cluster | One agent per K8s cluster; low cost |
| Search index (Elasticsearch/OpenSearch) | Fixed infrastructure | 3-node minimum; scale at 500K+ documents |
| GRC integration licences | Fixed SaaS | ServiceNow connector licence negotiated separately |
| Human governance effort | Dominant cost | AI Governance team 0.25–0.5 FTE to operate register |
Scaling Risks
- Discovery agent may generate high event volumes in large Kubernetes estates (>10K pods); event queue sizing critical
- Elasticsearch index rebuild time increases with record volume; schedule during low-traffic windows
Optimisations
- Use PostgreSQL with pgvector for semantic search to eliminate separate Elasticsearch cluster at small scale
- S3 Intelligent Tiering for audit log to reduce cold storage costs after 90 days
- Automate mandatory field completion via MLOps pipeline integration to reduce human governance effort
Indicative Cost Range
| Deployment Scale | Annual Infrastructure Cost | Annual Human Cost | Total Annual |
|---|---|---|---|
| Small (<100 models) | AUD $8,000–$15,000 | AUD $80,000 (0.5 FTE) | ~AUD $95K |
| Medium (100–500 models) | AUD $20,000–$40,000 | AUD $160,000 (1 FTE) | ~AUD $200K |
| Large (500+ models) | AUD $50,000–$120,000 | AUD $320,000 (2 FTE) | ~AUD $440K |
Infrastructure costs assume AWS ap-southeast-2; human costs at AUD $160K all-in per governance FTE.
12. Trade-Off Analysis
Option Comparison
| Option | Description | Pros | Cons | Recommended For |
|---|---|---|---|---|
| A: Centralised Register (this pattern) | Single authoritative API + database | Consistent data; strong regulatory defensibility; single query surface | Initial setup effort; adoption requires pipeline integration | Regulated industries; >50 models |
| B: Federated Registers with Aggregator | Each BU maintains own register; central aggregator queries all | BU autonomy; no central bottleneck | Schema drift; inconsistent data quality; query complexity | Very large enterprises with strong BU autonomy |
| C: GRC Platform Native | Use existing ServiceNow or Archer as the register | Leverages existing investment; integrated risk workflows | GRC platforms not optimised for model metadata; slow updates; API limitations | Organisations with <20 models and mature GRC |
| D: Spreadsheet / SharePoint | Manual inventory | Zero infrastructure cost; immediate start | No automation; version control poor; no discovery integration; fails audit scrutiny | Proof of concept only; <5 models |
Architectural Tensions
| Tension | Option A Stance | Mitigation |
|---|---|---|
| Completeness vs. Speed | Mandatory fields block pipeline if incomplete | Staged mandatory fields (minimal at draft; full at production promotion) |
| Centralisation vs. BU Autonomy | Central schema constrains BU flexibility | Extensible schema with BU-specific metadata namespace |
| Automation vs. Human Judgement | Auto-computed risk tier may be wrong | Risk tier is advisory; high tiers require human confirmation |
| Transparency vs. Confidentiality | Full register visibility may expose competitive IP | Role-based access tiers limit sensitive field visibility |
13. Failure Modes
| Failure | Likelihood | Impact | Detection | Recovery |
|---|---|---|---|---|
| Register API unavailable during deployment | Low | High — deployments blocked | Health check monitoring; pipeline timeout alerts | Fallback to asynchronous registration queue; deployments proceed with audit log entry |
| Shadow AI model deployed without registration | Medium | High — ungoverned AI in production | Discovery agent scan; API gateway anomaly detection | Retroactive registration; governance review; source pipeline remediation |
| Mandatory field population bypassed | Medium | High — incomplete risk record | Completeness KRI monitoring; pre-production gate check | Automated re-notification to model owner; escalation to AI Governance |
| Risk tier incorrectly assigned (too low) | Medium | Critical — insufficient controls applied | Peer review process; periodic re-assessment trigger | Re-assessment via GOV002; apply missing controls retroactively |
| Audit log tampered | Very Low | Critical — regulatory breach | WORM enforcement; integrity hash verification | Invoke incident response; notify APRA/regulator; reconstruct from pipeline logs |
| Discovery agent false positives | High | Low — noise in alert queue | Alert de-duplication; known-safe whitelist | Maintain approved model whitelist; tune agent detection signatures |
Cascading Failure Scenarios
- Scenario 1: Register API outage during a major ML model release. Consequence: deployment proceeds without registration (allowed by exception); AI model operates without governance controls until registration completed post-deployment. Mitigation: exception process must mandate 24-hour post-deployment registration SLA.
- Scenario 2: Incorrect risk tier (Low assigned to High-risk credit model) cascades through GOV002/GOV003, resulting in insufficient human oversight controls. Detected only during regulatory audit. Mitigation: mandatory cross-functional risk tier peer review for any model touching credit, fraud, or customer eligibility decisions.
14. Regulatory Considerations
APRA CPS230 (Operational Resilience)
- §24–§25: Requires identification of critical operations and the resources supporting them. The register's "supports critical operation" flag and critical operation reference field directly satisfy this obligation.
- §28: Third-party arrangement governance requires inventory of material service providers. Register's vendor section with DPA status and security assessment date satisfies this for AI vendors.
- Evidence artefact: Quarterly AI Model Register Report provided to Board Risk Committee.
APRA CPS234 (Information Security)
- §15: Requires information asset classification. Register enforces data classification on all model records.
- §36: Penetration testing evidence for AI systems linked to register entries.
- Evidence artefact: Register feeds APRA CPS234 information asset register; security assessment dates tracked.
EU AI Act
- Article 51: Requires registration of high-risk AI systems in EU database before placing on market. Register export function generates EU-format registration payload. Risk tier = High or Critical automatically queues for EU database registration.
- Article 13: Transparency obligations for high-risk AI. Register's purpose, capability, and limitation fields map to Article 13 transparency documentation requirements.
- Annex VIII: Technical documentation requirements. Register links to technical documentation artefact.
Privacy Act 1988 (Australia)
- APP 1.3: Transparency about automated decision-making. Register's public-facing fields support organisational transparency obligations.
- APP 11: Security of personal information. Register tracks which models process personal information, enabling targeted security controls.
ISO/IEC 42001:2023
- §6.1.2: AI risk identification requires documented AI system inventory. The register is the primary evidence artefact.
- §9.1: Performance evaluation requires monitoring of AI objectives; register KRIs feed this requirement.
NIST AI RMF
- GOVERN 1.1: Organisational policies for AI risk management require a complete model inventory as foundation.
- MAP 1.1: AI risk identification mapped to AI system context. Register provides the system context for MAP function activities.
15. Reference Implementations
AWS
| Component | AWS Service |
|---|---|
| Register API | API Gateway + Lambda (Python/FastAPI) or ECS Fargate |
| Register Store | Amazon RDS PostgreSQL (Multi-AZ, ap-southeast-2) |
| Audit Log | S3 + Object Lock (Compliance mode) + CloudTrail |
| Search | Amazon OpenSearch Service |
| Discovery Agent | ECS Fargate task + AWS Config Rules |
| Notifications | SNS + SES |
| Secrets | AWS Secrets Manager |
| Auth | Cognito + IAM Identity Center |
Azure
| Component | Azure Service |
|---|---|
| Register API | Azure API Management + Azure Functions or AKS |
| Register Store | Azure Database for PostgreSQL Flexible Server |
| Audit Log | Azure Blob Storage (Immutable Storage) + Azure Monitor |
| Search | Azure Cognitive Search |
| Discovery Agent | Azure Policy + Defender for Cloud |
| Notifications | Azure Communication Services |
| Secrets | Azure Key Vault |
| Auth | Azure AD / Entra ID |
GCP
| Component | GCP Service |
|---|---|
| Register API | Cloud Run + Apigee |
| Register Store | Cloud SQL (PostgreSQL) |
| Audit Log | Cloud Storage (Locked bucket) + Cloud Audit Logs |
| Search | Vertex AI Search / Elasticsearch on GKE |
| Discovery Agent | Cloud Asset Inventory + custom Cloud Run job |
| Notifications | Cloud Pub/Sub + SendGrid |
On-Premises
| Component | Technology |
|---|---|
| Register API | Kubernetes + Helm-deployed FastAPI |
| Register Store | PostgreSQL HA (Patroni) |
| Audit Log | Immuta / dedicated WORM NAS |
| Search | Elasticsearch cluster |
| Discovery Agent | Custom Python agent deployed as K8s DaemonSet |
| Notifications | Internal SMTP relay + webhook dispatcher |
16. Related Patterns
| Pattern | Relationship | Dependency Direction |
|---|---|---|
| EAAPL-GOV002 AI Risk Assessment Framework | Downstream consumer — register triggers risk assessment at registration | GOV001 → GOV002 |
| EAAPL-GOV003 AI Approval Workflow | Downstream consumer — register entry required before approval workflow initiates | GOV001 → GOV003 |
| EAAPL-GOV007 AI Audit Trail | Complementary — audit trail references model register IDs | Bidirectional |
| EAAPL-GOV008 AI Incident Management | Downstream consumer — incidents reference MRID for impact scoping | GOV001 → GOV008 |
| EAAPL-CMP001 APRA CPS230 Compliance | Satisfies — register is primary artefact for CPS230 AI inventory | GOV001 → CMP001 |
| EAAPL-CMP003 EU AI Act Compliance | Satisfies — register feeds EU AI Act Article 51 registration | GOV001 → CMP003 |
| EAAPL-CMP007 Data Residency for AI | Complementary — register tracks geographic deployment constraints | Bidirectional |
17. Maturity Assessment
Overall Maturity: Mature (Level 4)
| Dimension | Score (1–5) | Evidence |
|---|---|---|
| Schema completeness | 5 | All lifecycle stages covered; extensible namespace |
| Automation coverage | 4 | Pipeline integration and discovery agent; manual fallback still needed for legacy systems |
| Regulatory coverage | 5 | Maps to APRA CPS230/234, EU AI Act, Privacy Act, ISO 42001, NIST AI RMF |
| Operational resilience | 4 | Multi-region HA; WORM audit; gap is manual recovery procedures not yet tested in all enterprises |
| Integration breadth | 4 | GRC, SIEM, MLOps; gap is full CI/CD platform coverage |
| Industry adoption | 4 | Reference implementations exist at major Australian banks and EU-regulated entities |
Progression to Level 5: Implement real-time federated query across multi-cloud registers; integrate with supply chain ML bill-of-materials (ML-SBOM); automate EU AI Act registration submission.
18. Revision History
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | 2024-01-15 | EAAPL Working Group | Initial pattern publication |
| 1.1 | 2024-06-01 | EAAPL Working Group | Added EU AI Act Article 51 mapping; updated APRA CPS230 references |
| 2.0 | 2025-01-20 | EAAPL Working Group | Full rewrite: added discovery agent component; federated register option; GCP reference |
| 2.1 | 2025-09-01 | EAAPL Working Group | ISO/IEC 42001:2023 alignment; added ML-SBOM maturity progression note |