The AI Registry for Every AI System You Run
What an AI registry does
A structured record of every AI system you develop, deploy, or import. It is the entry point of AI governance: nothing else has scope without it.
- Captures purpose, components (models, datasets, interfaces, use cases, actions), risk class, owner, vendors, lifecycle status
- Anchors every framework, control, and audit to a real entry in the AI registry
- Acts as the single AI registry every governance object refers back to
Your full AI portfolio in one AI registry view
A flat list does not survive contact with a real AI estate. The AI Sigil AI registry delivers a live, filterable portfolio view your teams work in daily:
- Filter by risk classification, framework, owner, lifecycle stage, or any custom metadata field
- Sort by risk score, completion rate, or last assessment date
- Drill into any system for components, risks, vendors, evidence, and compliance status
How the AI registry breaks every system into its parts
Each AI system in the AI registry decomposes into its constituent parts. Components are first-class entities, not buried fields.
Models, datasets, interfaces, use cases, actions. A system can carry several of each. Every component is its own record with an owner, vendor link, risk profile, and assessment history, so you can reason at the granularity the regulation expects.
The AI registry surfaces shared components once. One model can power three systems; one dataset can feed five use cases. AI Sigil keeps each component as a single entity linked to every system that uses it: update once, propagate everywhere (metadata, risks, vendor links), with no duplicate records drifting apart over time.
Track the vendors behind every entry in your AI registry
Your AI supply chain spans foundation-model providers, data suppliers, infrastructure platforms, and annotation/evaluation tools. The AI registry registers each vendor as a structured entity linked to the systems and components they supply, so regulator questions are already documented:
- Who provides the foundation model? Vendor entity linked to the Model component.
- Where does the training data come from? Vendor entity linked to the Dataset component.
- Which of your systems depend on this provider? Reverse links shown on the vendor profile.
- Did you assess the provider against your supplier requirements? Assessment form attached to the vendor entity.
AI registry vs spreadsheet vs ML model registry
These terms get conflated. They serve different jobs.
ApproACH
WHAT IT TRACKS
BUILT FOR
Multi-framework documentation
Spreadsheet
Free-form list of system names and owners
Initial discovery
NO. No links, no versioning, no audit trail
ML Model Registry
Trained model artifacts, versions, deployment targets
MLOps and reproducibility
PARTIAL. Covers models, not systems, risks, or vendors
AI Sigil
The AI registry covers systems, components, vendors, risks, evidence, regulatory status
AI governance and compliance
YES. Covers EU AI Act & main AI Regulations needs
How AI Sigil's AI registry compares to alternatives
Most tools were not built around AI systems as first-class objects:
- Generic GRC suites. Force you to model AI systems as generic assets and bolt AI-specific obligations on top.
- Dedicated AI governance tools. Take different angles depending on their origin: risk assessment and bias scoring, privacy and policy distribution, documentation and tracking, or the EU AI Act conformity workflow.
- AI Sigil. Makes the AI registry the spine of the platform: every framework, control, risk, and piece of evidence hangs off the same registered system.
The result: a single environment where the AI registry is not an export, it is the working surface.
Use your AI registry to discover shadow AI
Shadow AI is what your registered systems don’t capture: chatbots spun up by a marketing team, copilots embedded in SaaS tools, models procured outside IT. Left unregistered, it sits outside every framework you have activated.
The AI Sigil AI registry treats shadow AI as a first-class problem. Discovery sources (vendor disclosures, integration scans, user-declared usage) feed candidate systems into the registry as draft entries for an owner to confirm.
Once promoted, each shadow AI entry behaves like any other entry in the AI registry: components mapped, risks scored, frameworks activated, vendor links traced.
FAQs
What is an AI registry?
An AI registry is a structured record of every AI system an organization develops, deploys, or imports. It captures each system’s purpose, components (models, datasets, interfaces, use cases, actions), risk classification, owner, vendor links, and regulatory status. Regulations increasingly require organizations to maintain such an AI registry, and an internal one goes further by connecting each system to its full governance structure.
Why do I need to register AI sub-components separately?
AI systems are not monolithic. A single system may use multiple models, consume several datasets, and expose different interfaces. Registering components separately lets you track shared dependencies (one model powering three systems), assess risk at the right granularity (a bias risk on a specific dataset, not “the AI system”), and maintain accurate documentation when components change independently.
How many AI systems can I register?
The Core plan supports a selected number of AI systems. The Enterprise plan has no limit. Each AI system can have unlimited sub-components, risks, mitigations, vendor links, and framework activations.
Can components be shared across multiple AI systems?
Yes. Sub-components (models, datasets, interfaces, use cases, actions) are independent entities linked to AI systems. One model can be linked to multiple AI systems. When you update the model’s metadata or assess a risk on it, the change is reflected everywhere it’s used.
Who should own an AI system in the registry?
AI Sigil assigns an owner to each entity. Typically, the AI system owner is the product manager or technical lead responsible for the system. Sub-components and vendors can have different owners. Ownership determines who is accountable for compliance tasks on that entity.
How does the registry connect to compliance frameworks?
The registry is the starting point. Once an AI system is registered, you activate compliance frameworks on it. The framework activation creates the full governance structure (obligations, controls, assessments) scoped to that system’s classification. Without the registry, there’s nothing to activate frameworks on.
Why track vendors in the AI registry?
Regulations like the EU AI Act impose obligations on providers, deployers, importers, and distributors. If your AI system uses a third-party model or dataset, you need to document who supplies it and whether they meet your compliance requirements. Vendor tracking in AI Sigil connects this supply chain information directly to the systems and components it affects.
Can I link one vendor to multiple AI systems?
Yes. A vendor entity can be linked to any number of AI systems and sub-components. If a single model provider supplies models for five of your AI systems, that relationship is visible portfolio-wide from the vendor’s profile and from each system’s detail page.
Can I import existing AI system data?
AI Sigil provides onboarding seed data so the platform is not empty on first login. For bulk import of existing inventories, the API supports programmatic entity creation. Contact us for migration assistance from spreadsheets or other tools.
How does the portfolio view differ from a spreadsheet?
A spreadsheet is a flat list you maintain manually. The AI Sigil AI registry delivers a live, filterable dashboard that reads from structured data: entities, relationships, computed metafields, and compliance status. Filter by risk level, framework, owner, or any metadata field. Drill into any system to see its components, risks, vendors, and governance status. It stays current because your teams work in it daily.
How is an AI registry different from an ML model registry?
An ML model registry (MLflow, Vertex AI, SageMaker) tracks trained model artifacts, versions, and deployment targets. It is an engineering tool. An AI registry tracks the system as a regulated object: purpose, risk, owner, components, vendors, evidence. The model registry feeds the model component of the inventory but does not replace it.
Which regulatory documentation requirements does the inventory cover?
Most AI frameworks ask for similar core fields: system purpose, architecture, training data, risk management, human oversight, accuracy. AI Sigil maps inventory data to the EU AI Act (Article 11 technical documentation, Article 49 public-database registration), ISO/IEC 42001 (clause 7.5, Annex A.6), the NIST AI RMF (Govern 1.6, Map 4.1), and other emerging AI laws. Activating a framework makes its documentation a structured view on the inventory.