A curated companion to the official course materials — questionnaires, frameworks, regulatory references and templates we worked with during the training. This page is updated continuously, so bookmark it and check back.
Under the EU AI Act, your obligations depend on whether your organisation acts as a Provider, a Deployer, or a User of an AI system. Use this questionnaire to determine your role for a specific AI system.
Seven internal elements that must be aligned and mutually reinforcing for an organisation to perform — a useful lens when introducing AI governance and assessing organisational readiness for change.
"The McKinsey 7S Framework is a management model developed by business consultants Robert H. Waterman, Jr. and Tom Peters in the 1980s. […] The model is most often used as an organizational analysis tool to assess and monitor changes in the internal situation of an organization. The model is based on the theory that, for an organization to perform well, these seven elements need to be aligned and mutually reinforcing. So, the model can be used to help identify what needs to be realigned to improve performance, or to maintain alignment (and performance) during other types of change. Whatever the type of change – restructuring, new processes, organizational merger, new systems, change of leadership, and so on – the model can be used to understand how the organizational elements are interrelated, and so ensure that the wider impact of changes made in one area is taken into consideration." Source: Wikipedia — McKinsey 7S Framework
An example stakeholder map for an AI rollout: stakeholders ranked by relevance, with their quadrant, attitude towards AI and associated risk — the basis for targeted engagement and communication.
Two example views of a skill demand analysis: the individual heatmap shows each person's proficiency per skill area, while the total view aggregates current capability against AI development requirements across roles.
In force since 2 February 2025. Providers and deployers must ensure a sufficient level of AI literacy among their staff — the legal anchor for AI training programmes like this one.
"Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used." Article 4 · Full text · Entry into force: 2 Feb 2025
Applies from 2 August 2026. Providers of high-risk AI systems must operate a documented quality management system covering at least thirteen aspects — from regulatory compliance strategy to an accountability framework.
"Providers of high-risk AI systems shall put a quality management system in place that ensures compliance with this Regulation. That system shall be documented in a systematic and orderly manner in the form of written policies, procedures and instructions […]" Article 17(1) · Opening sentence · Applies from 2 Aug 2026
(a) a strategy for regulatory compliance, including conformity assessment procedures and management of modifications;
(b) techniques, procedures and systematic actions for design, design control and design verification;
(c) techniques, procedures and systematic actions for development, quality control and quality assurance;
(d) examination, test and validation procedures before, during and after development, and their frequency;
(e) technical specifications, including standards, to be applied;
(f) systems and procedures for data management (acquisition, collection, analysis, labelling, storage, filtration, mining, aggregation, retention);
(g) the risk management system referred to in Article 9;
(h) a post-market monitoring system in accordance with Article 72;
(i) procedures for reporting serious incidents in accordance with Article 73;
(j) handling of communication with competent authorities, notified bodies, operators, customers and other interested parties;
(k) systems and procedures for record-keeping of all relevant documentation and information;
(l) resource management, including security-of-supply related measures;
(m) an accountability framework setting out the responsibilities of management and other staff.
Implementation shall be proportionate to the size of the provider's organisation — Art. 17(2).
A ready-to-adapt communication plan for introducing AI management in your organisation — who needs to hear what, when, through which channel.
The AI Officer role is not a one-off project. After foundation & setup, governance and maturity feed a continuous cycle of strategy, innovation, partnership and improvement.
The real value of this training emerges when you translate the concepts into your specific context.
I'd like to offer you a personal conversation to explore:
You'll also receive tailored templates and resources that support this transition. To schedule, send an email with 2-3 suggested time slots and I will send you an invitation.
Roman Werner · +49 176 91317416 · rw@avinata.com
Want to take the next step after AI Officer? The TÜV SÜD Academy offers a follow-up qualification as Chief AI Officer, covering AI strategy and governance at executive level.
A continuously updated, searchable collection of real-world AI incidents and harms — an excellent source for risk identification workshops, awareness sessions and lessons learned.
The key international standards behind trustworthy AI management — terminology, management systems, impact assessment, risk, data quality, and the upcoming European QMS standard for the EU AI Act.
The common vocabulary for artificial intelligence — the foundation all other AI standards build on.
ISO/IEC 42001:2023Requirements for establishing, implementing, maintaining and improving an AI management system (AIMS).
ISO/IEC 42005:2025Guidance for assessing the impact of AI systems on individuals, groups and society.
IEC 31010:2019A systematic toolbox of techniques for identifying, analysing and evaluating risk.
ISO/IEC 5259-1:2024Data quality concepts and measures for analytics and machine learning across the data life cycle.
DIN EN 18286:2025-12 (Draft)The European standard translating EU AI Act quality management requirements (Art. 17) into practice.