AI Tool Registry Template: How to Document Every AI Tool Your Business Uses
If your business uses ChatGPT, Copilot, Gemini, or any AI tool—and you haven't documented it—your insurance carrier may have already added an exclusion to your policy. Here is exactly how to build an AI tool registry, with a free template.
Skip the manual work
Our AI Governance Kit auto-generates a complete AI Tool Registry plus 4 more governance documents for $29. Customized to your industry, tools, and team size.
Start Free AI Gap Check →What Is an AI Tool Registry?
An AI tool registry is a formal inventory of every artificial intelligence tool your business uses. It documents what each tool does, who uses it, what data flows through it, and what risk it poses.
Think of it like a software asset inventory—but specifically for AI. With insurance carriers now attaching AI exclusion endorsements (Verisk CG 40 47, CG 40 48, CG 35 08) to general liability and E&O policies, having a documented AI tool registry is becoming a prerequisite for maintaining coverage.
Why You Need One (Even If You “Only Use ChatGPT”)
Here is what we hear from business owners every week: “We only use ChatGPT for drafting emails. That doesn't count, right?”
It absolutely counts. Insurance carriers don't distinguish between “casual” and “serious” AI use. If a client sues you because an employee used AI to draft a contract, email, or recommendation—and your policy has an AI exclusion—you are uninsured for that claim. Period.
An AI tool registry proves:
- You know what AI tools are in use
- You have assessed the risk of each one
- You have policies governing their use
- You are actively managing AI risk—not ignoring it
This is exactly what insurance carriers want to see when deciding whether to apply or remove AI exclusions at renewal.
What to Include in Your AI Tool Registry
For each AI tool your business uses, document the following:
| Field | What to Document | Example |
|---|---|---|
| Tool Name | Official name and vendor | ChatGPT (OpenAI) |
| Category | Type of AI (generative, assistive, analytical) | Generative AI |
| Business Use | What your team uses it for | Drafting client emails, research summaries |
| Users | Who has access and how many | Marketing team (4 people) |
| Data Exposure | What data goes into the tool | General business content (no PII) |
| Risk Level | High / Medium / Low | HIGH (generative, creates novel content) |
| DPA Status | Is there a Data Processing Agreement? | Yes (OpenAI Enterprise DPA signed) |
| Review Date | When last reviewed | March 2026 |
Common AI Tools Small Businesses Need to Document
If your team uses any of these, they belong in your registry:
Generative — creates novel content from prompts
Generative — same category as ChatGPT
Generative — integrated into Google Workspace
Embedded — operates within M365 environment
Code generation — may expose proprietary logic
Assistive — limited to corrections
Generative — IP and licensing concerns
Generative marketing content
Step-by-Step: How to Build Your Registry
Step 1: Survey Your Team
Send a simple survey to every employee: “What AI tools do you use for work? Include free tools, browser extensions, and anything that uses AI.” You will be surprised what comes back. Teams often use 3-5x more AI tools than management realizes.
Step 2: Classify Each Tool
For each tool, determine: Is it generative AI (creates new content), assistive AI (helps with existing tasks), or analytical AI (processes data for insights)? Generative AI tools carry the highest insurance risk.
Step 3: Map Data Flows
For each tool, document what data goes in and what comes out. Does client data ever enter the tool? Is PII or PHI involved? This is the single most important factor for insurance risk.
Step 4: Assign Risk Levels
Use a simple High/Medium/Low scale. HIGH: generative AI that processes client data. MEDIUM: embedded AI within controlled platforms. LOW: assistive tools with no data exposure.
Step 5: Check Vendor Agreements
For each HIGH and MEDIUM risk tool, verify: Does the vendor have a Data Processing Agreement (DPA)? What are their data retention policies? Can they use your data to train their models? Document this.
Step 6: Review Quarterly
AI tools change fast. New ones appear, old ones add AI features (looking at you, Google Workspace). Set a quarterly review to update your registry. Your insurance carrier will want to see that you're actively maintaining it.
How This Connects to Your Insurance
When your insurance renewal comes up, your broker will increasingly ask about AI usage. With Verisk endorsements CG 40 47 now available to carriers, they can exclude AI-related claims from your general liability policy.
An AI tool registry is your first line of defense. It shows your carrier that you:
- Know exactly what AI tools are in your organization
- Have assessed and documented the risk of each one
- Are actively governing AI use (not just hoping nothing goes wrong)
Some carriers are already offering better renewal terms to businesses that can demonstrate AI governance. Your registry is the foundational document that makes everything else possible.
The Fast Way: Auto-Generate Your Registry
Building an AI tool registry manually takes time. Our free AI Gap Check asks 5 questions about your business and instantly shows your risk level. If you want the complete governance documentation package, our AI Governance Kit ($29) auto-generates:
- AI Tool Registry (pre-filled with your tools and risk levels)
- AI Acceptable Use Policy (customized for your industry)
- Employee Acknowledgment Forms (ready to sign)
- Incident Response Plan (step-by-step procedures)
- Insurance Renewal-Ready Summary (hand this to your broker)
15 minutes instead of 15 weeks. $29 instead of $15,000 from a compliance consultant.
Your next insurance renewal is coming
Start with a free 2-minute AI Gap Check to see your risk level. No email required.
Frequently Asked Questions
Do I need an AI tool registry if I only use one AI tool?
Yes. Even one AI tool should be documented. The point is to demonstrate awareness and governance to your insurance carrier. One documented tool shows more diligence than five undocumented ones.
What if employees are using AI tools I don't know about?
This is called “shadow AI” and it is the biggest risk factor for small businesses. Survey your team, check browser extensions, and review software subscriptions. Your AI acceptable use policy should require employees to disclose all AI tool usage.
How often should I update the registry?
Quarterly at minimum, plus whenever a new AI tool is adopted. Set a calendar reminder. AI tools evolve rapidly—Google Workspace added Gemini across all apps, Microsoft embedded Copilot everywhere. Your registry should reflect current reality.
Will this actually help with my insurance?
The AI insurance landscape is evolving rapidly. HSB (Hartford Steam Boiler) launched the first standalone AI liability policy in March 2026, and they explicitly look at AI governance documentation when underwriting. Having a registry puts you ahead of 95% of small businesses.