Features
Reports
Residential
RICS Level 1 RICS Level 2 — HomeBuyer RICS Level 2 + Valuation RICS Level 3 — Building Scottish Home Report Snagging Report
Commercial & Lease
Schedule of Condition Dilapidations Reinstatement Cost
Party Wall
Party Wall Notice Party Wall Award
Specialist & Litigation
EWS1 Form Housing Disrepair Scott Schedule Damp & Timber HHSRS Assessment View all 15 reports →
Pricing AI & Compliance FAQ Login Sign up at 50% off
Surveyor's guide

AI register and risk register for RICS compliance

If your firm uses AI in its surveying work, the RICS AI Standard expects you to keep two short documents on file: an AI register of the tools you use and an AI risk register of what could go wrong and how you control it. Here's what goes in each — with an example risk register you can copy.

The short answer

The RICS Professional Standard Responsible use of artificial intelligence in surveying practice (1st edition, September 2025, in force from 9 March 2026) puts the responsibility for AI use on the regulated member or firm, not on the software vendor. Where AI has a material impact on your service, the standard expects your firm to be able to show a small set of records. Two of them are the ones people actually go looking for:

  • An AI register — a simple inventory of the AI systems your firm uses, what each is for, and when you last reviewed it.
  • An AI risk register — the risks that come with using AI in professional work, your firm's rating of each, and the mitigations you have in place.

Neither has to be long. A one-page table for each is enough for most small firms — the point is that the records exist, are honest, and are reviewed. The rest of this guide shows exactly what to put in them.

AI register vs AI risk register — the difference

They are two different documents and it's worth being clear which is which, because the names get used interchangeably:

  • The AI register answers “what are we using?” — an inventory. One row per AI system: the tool, its provider, the purpose, when you started using it, when it's next due for review.
  • The risk register answers “what could go wrong, and what are we doing about it?” — one row per risk: the risk, a rating (commonly red / amber / green), and the controls that bring it down to an acceptable level.

You keep both because they do different jobs: the register proves you know what's in use; the risk register proves you've thought about the consequences and put controls in place.

What goes in an AI register

A working AI register for a surveying firm is just a short table. For a firm using SurveyorSuite it might read like this:

AI systemProviderPurposeFirst usedNext review
Claude (large model)AnthropicAI drafting of narrative report content from site notes[date]Quarterly
Claude (fast model)AnthropicAI drafting on lighter templates[date]Quarterly
Speech-to-textBrowser / device vendorVoice dictation of the surveyor's own words[date]Quarterly

A few practical points: name the provider, not just the tool, so an auditor can trace the data path; record a first-used date so you can show when each capability entered the firm; and add a row whenever you adopt anything new. Note that voice-to-text is a transcription, not generative AI — it's worth listing for completeness, but it carries a different (lower) risk profile because it writes down your own words rather than reasoning about them.

What goes in an AI risk register

This is the part most people are actually searching for, and the part nobody hands you a template for. A risk register for AI-assisted surveying work should cover the realistic ways AI use can go wrong in professional work — not generic IT risks. Here is a worked example you can adapt — setting your own rating against the controls your firm actually has.

What the R/A/G rating means. R/A/G is a simple red–amber–green traffic-light score for how serious each risk still is after your controls are taken into account — its “residual” risk. You pick one colour per row:

  • Green — low / acceptable. Your controls bring the risk down to a level you're comfortable with. Routine monitoring is enough — no action needed.
  • Amber — medium / watch. Controls are in place but there's a gap, or the risk needs active management. Record a planned action and a date against it.
  • Red — high / act now. Current controls aren't enough on their own. Give it an owner and an immediate action before the risk is acceptable.

In the table below, the “R / A / G” in the rating column just marks where your own colour goes — you decide each one honestly. Anything you rate amber or red should carry a dated action, not just a description.

RiskRatingExample mitigations
AI invents a factual detail the surveyor misses on reviewR / A / GNamed-surveyor sign-off on every report; formal review of each AI-drafted section; periodic dip-sampling of accepted output for QA
Confidential client information is pasted into the AIR / A / GStaff training on what not to paste; opt-out offered in Terms of Engagement; data-protection warnings in the tool
AI output is biased or could read as discriminatoryR / A / GSurveyor review catches it; controlled phrase library; a feedback route for problem output
AI provider outage or rate limit during working hoursR / A / GManual drafting always available; staff know the fallback; usage caps documented
AI output reproduces text from training data (plagiarism / attribution)R / A / GProvider's commercial-terms indemnity; surveyor edits materially before export
A model is updated and silently changes behaviourR / A / GTrack model versions from the supplier's register; spot-check on new versions; suspend AI if quality regresses
A client challenges the use of AI after deliveryR / A / GFull audit trail retained for the PI period; an explainability procedure; complaints route to RICS DRS if unresolved
Staff become over-reliant and stop applying professional scepticismR / A / GAnnual training; peer review of a sample; senior sign-off on flagged reports

Add any firm-specific risks below those — for example a report type where you've decided not to use AI, or a data category your firm prohibits from going near it. The register earns its keep at review time: a risk you've rated amber or red should have a dated action against it, not just a description.

Download the free Excel template

A ready-to-use workbook with the AI register, this risk register (with a red / amber / green dropdown built in), and a checklist for the rest of the RICS file. Fill in your firm's details and save it to your compliance folder — no sign-up needed.

Download the AI compliance register (.xlsx)

The rest of the RICS AI compliance file

The two registers sit inside a slightly larger set of records the standard expects when AI use is material. They're quick to write once and review periodically:

  • Materiality determination — a short note recording whether each AI use has a material impact on your service. AI drafting usually is material; voice-to-text usually isn't. This is the gate that decides how much of the rest applies to you.
  • Procurement / due-diligence record — what you checked about your AI supplier and the documents you hold on file (their terms, data-processing agreement, sub-processor list, supplier reference card). Review it whenever the supplier notifies a material change, and at least annually.
  • Client disclosure in Terms of Engagement — telling clients AI may be used, the scope, your PI position, and their right to opt out, contest, and seek redress. Clients should agree the terms before AI is used on their instruction.
  • Reliability-decision process — the named surveyor reviews every AI-drafted section against their own site notes and professional knowledge, corrects what falls short, and signs off. The exported report carries an AI-disclosure attestation recording that decision.
  • Annual staff training record — who was trained, when, and on what, for everyone who uses the AI features.

Read the standard itself. The RICS Professional Standard Responsible use of artificial intelligence in surveying practice (1st edition, in force 9 March 2026, ISBN 978 1 78321 555 3) is free to download from RICS (search “responsible use of artificial intelligence”). It's short and worth reading once — it's the authority your registers answer to, and its current wording and section numbering govern over any summary, including this page.

How often to review

Set a cadence and stick to it. A practical default for a small firm: review the AI register and risk register quarterly, and refresh the whole compliance file at least annually — plus an immediate review on any material change, such as adopting a new AI tool, a provider changing its terms, or a model update that changes how the output behaves. Date and initial every review so the file shows a live history rather than a one-off box-tick.

How SurveyorSuite fits this

SurveyorSuite is built around the RICS AI Standard, so a lot of what your registers need to point at is handled for you. Every AI generation is logged to an audit trail tied to your account and kept for PI-retention periods; every AI-assisted report carries an AI disclosure block with the surveyor's reliability attestation; and the model versions in use are published so your register can cite them. We also maintain a supplier due-diligence pack and an AI supplier reference card for your procurement file. For the full picture of what the AI does and doesn't do — and the primary sources behind every claim — see our RICS AI compliance page. A firm-level AI register and risk-register tool for admins is also on the way into the app.

Read our full RICS AI compliance position →

Frequently asked questions

Does the RICS AI Standard actually require an AI register and risk register?
The standard expects firms to maintain records of their AI use where that use has a material impact on the service — and an AI register and a risk register are the standard way to evidence that. The materiality test is the gate: AI that drafts the substance of your reports will normally be material; voice-to-text dictation of your own words usually isn't. If your AI use is material, keeping the two registers is the practical way to show you're meeting the requirement.
What is the difference between an AI register and an AI risk register?
The AI register is an inventory — what AI tools you use, who provides them, and what for. The risk register is a risk assessment — what could go wrong with that AI use, how serious it is, and the controls you've put in place. One says what you're using; the other says how you're keeping it safe. You keep both.
How often should the AI risk register be reviewed?
A common, defensible cadence is quarterly for the registers and an annual refresh of the whole compliance file, with an immediate review on any material change — a new AI tool, a supplier changing its terms, or a model update that alters behaviour. Date each review so the document shows a live history. Intervals are good practice, not a fixed legal rule — follow the current standard and your firm's own policy.
Does voice-to-text dictation need to go in the AI register?
It's worth listing for completeness, but it carries a lower risk profile. Speech-to-text transcribes the surveyor's own words without reasoning about them or making professional decisions, so it generally isn't “material” in the way AI drafting is. Record it in the register with a note that it's transcription rather than generative AI, and keep your risk-register attention on the generative features.
Is there an AI risk register template I can download?
Yes — there's a free Excel template on this page. It includes the AI register, the risk register with a red / amber / green rating dropdown built in, and a checklist covering the rest of the RICS compliance file (materiality, procurement, disclosure, reliability and training). No sign-up needed: fill in your firm's details and keep it in your compliance folder.

Important — general information, not compliance advice

This page is a general, plain-English summary written for surveyors, based on the RICS Professional Standard Responsible use of artificial intelligence in surveying practice as published. It is not legal, regulatory, or compliance advice and must not be relied on as a definitive statement of your obligations. The standard's exact requirements, section numbering, and any later editions govern — always read the current RICS standard, apply your own professional judgement, and take your own advice where the position matters. SurveyorSuite Ltd is a software provider, is not a regulator, and is not affiliated with or endorsed by the RICS.

Last reviewed: · Checked against the RICS Professional Standard on the responsible use of AI current at the date of review. We update this page when the standard or our products change.