Skip to main content

Hello,
I’d like to raise an conversation about the topic how to utilize SAP LeanIX for the EU AI Act.

We started with applications by enhancing the metamodel following the proposal of SAP LeanIX:

The mandatory fields are conditional and except AI Usage they are conditional based on what is selected in the AI Usage single selection.
To simplify the factsheets owners data entry I created a survey with all this information inside.
We also added the AI Potential to Business Capability Factsheet.
Next step is to apply this approach to the component factsheet.
We are still discussing how calculate an AI risk score and -level. Did you do already something like this? What’s your approach/formular?
Best regards,
Carsten

We implemented the following:

Governance Factsheet to track compliance / assessments | Community

Let me know if you need more info.


@Jacques : Thank you for sharing, a good approach. We started using such kind of factsheet for Governance & Architecture, too.

But for AI we want to stay in line with the proposed implementation and you need to document which Application / Software etc. uses AI.


Hello Cartsen,

 

For us the AI Risk assessment sits in OneTrust. We identify in LeanIX which assets are using AI but the assessment is made in OneTrust through the assessment functionality.

However, a way that i see to do it LeanIX would be to have adequate attributes to assess the AI risk (Autonomy Level, Human Interaction with the AI...) and use the new calculation feature of LeanIX. This calculation feature could take the score of this attribute and assign a risk based on a logic that you should determine.

Kind regards,

 

Simon


Reply