Skip to main content

LeanIX usage for EU AI Act

  • April 29, 2025
  • 4 replies
  • 213 views
Carsten
Forum|alt.badge.img+1

Hello,
I’d like to raise an conversation about the topic how to utilize SAP LeanIX for the EU AI Act.

We started with applications by enhancing the metamodel following the proposal of SAP LeanIX:

The mandatory fields are conditional and except AI Usage they are conditional based on what is selected in the AI Usage single selection.
To simplify the factsheets owners data entry I created a survey with all this information inside.
We also added the AI Potential to Business Capability Factsheet.
Next step is to apply this approach to the component factsheet.
We are still discussing how calculate an AI risk score and -level. Did you do already something like this? What’s your approach/formular?
Best regards,
Carsten

Carsten Schubert

4 replies

J
Forum|alt.badge.img
  • Jacques
  • Royalty For Loyalty
  • 9 replies
  • April 29, 2025

We implemented the following:

Governance Factsheet to track compliance / assessments | Community

Let me know if you need more info.

Carsten
Forum|alt.badge.img+1
  • Carsten
  • Author
  • Everlasting Love
  • 135 replies
  • April 29, 2025

@Jacques : Thank you for sharing, a good approach. We started using such kind of factsheet for Governance & Architecture, too.

But for AI we want to stay in line with the proposed implementation and you need to document which Application / Software etc. uses AI.

Carsten Schubert
simonsztabholz
Forum|alt.badge.img
  • simonsztabholz
  • Royalty For Loyalty
  • 9 replies
  • May 27, 2025

Hello Cartsen,

 

For us the AI Risk assessment sits in OneTrust. We identify in LeanIX which assets are using AI but the assessment is made in OneTrust through the assessment functionality.

However, a way that i see to do it LeanIX would be to have adequate attributes to assess the AI risk (Autonomy Level, Human Interaction with the AI...) and use the new calculation feature of LeanIX. This calculation feature could take the score of this attribute and assign a risk based on a logic that you should determine.

Kind regards,

 

Simon

S

Hi Simon,

 

We dont have ‘OneTrust’ for assessment and we were wondering to extend Lean IX with assessments either through attributes or through integration to some Microsoft forms which in turn returns some value to ‘AI Risk’ Field.

While we were looking through assessment questions from legal, it looked like 60-70 questions. We haven't reached to the details which can sort out what are the core fields which can derive risk score.

Have you done that exercise already? If so, can you provide that information (like you mentioned Autonomy level etc)

 

Thanks,

Surbhi


Terms & ConditionsCookie settingsAccessibility statement