AI Tool Approval Log

# AI Tool Approval Log

**Organisation:** ___________________________
**Log owner:** ___________________________
**Last updated:** ___________________________
**Version:** ___________________________

---

## Instructions for Use

1. Add a new entry each time an AI tool is proposed for use within the organisation.
2. Complete all applicable columns. If information is unknown, note "Pending" and a follow-up date.
3. The Log Owner is responsible for keeping this document current.
4. This log does not replace a Data Protection Impact Assessment (DPIA) where one is required — use the AI Risk Assessment Starter Sheet to determine if a DPIA is needed.
5. Approved tools should also appear in the organisation's Acceptable Use Policy.

---

## Current Approved Tools

| Tool ID | Tool Name | Version / Tier | Approved Date | Approved By | Approved Uses | Data Restrictions | Review Date | Status |
|---------|-----------|---------------|--------------|-------------|--------------|-------------------|-------------|--------|
| AT-001 | | | | | | | | Active |
| AT-002 | | | | | | | | Active |
| AT-003 | | | | | | | | Active |

---

## Full Tool Log (all submissions)

### Entry Format

Complete one block per tool submission. Copy and paste the block for each new tool.

---

**Tool ID:** ___________
**Tool name:** ___________________________
**Vendor / provider:** ___________________________
**Version or subscription tier:** ___________________________
**URL / platform:** ___________________________
**Date submitted for approval:** ___________________________
**Submitted by (name and role):** ___________________________

**Proposed use case(s):**
___________________________

**Departments or staff who will use it:**
___________________________

**Estimated number of users:** ___________

**Types of data that may be entered:**
- [ ] No personal data — general text, ideas, code
- [ ] Anonymised or aggregate data
- [ ] Employee data
- [ ] Client / service user data
- [ ] Commercially sensitive information
- [ ] Special category data (health, ethnicity, religion, etc.)
- [ ] Other: ___________________________

**Does the tool store user inputs?** Yes / No / Unknown
**Does the tool train on user inputs?** Yes / No / Unknown
**Is the tool GDPR-compliant?** Yes / No / Vendor claims compliance (verify)
**Data processing location(s):** ___________________________
**Is a Data Processing Agreement (DPA) available?** Yes / No / Pending

**Links to vendor privacy policy / terms:** ___________________________
**Links to vendor security documentation:** ___________________________

**Is a DPIA required?** Yes / No / Screened — not required (see Risk Assessment ref: _________)

**Reviewer name:** ___________________________
**Review date:** ___________________________
**Recommendation:** Approve / Approve with conditions / Decline / Refer to DPO

**Conditions of approval (if applicable):**
___________________________

**Decision maker:** ___________________________
**Decision date:** ___________________________
**Decision:** APPROVED / DECLINED / DEFERRED

**If declined, reason:**
___________________________

**If approved, restrictions to include in AUP:**
___________________________

**Next review date:** ___________________________
**Current status:** Active / Withdrawn by user / Vendor discontinued / Under review / Declined

---

*(Copy the block above for each additional tool)*

---

## Declined and Withdrawn Tools

| Tool ID | Tool Name | Decision | Date | Reason | Can reapply? |
|---------|-----------|----------|------|--------|-------------|
| | | Declined | | | |
| | | Withdrawn | | | |

---

## Log History

| Date | Change made | Changed by |
|------|------------|-----------|
| | Log created | |
| | | |
| | | |