We've all seen it: The Excel spreadsheet someone "quickly threw together" to track the company's AI tools. Usually started by someone in IT. One column for the name, one for the provider, maybe one for the department. Good intentions, quick setup.
And then the same thing happens that always happens with spreadsheets. Three months later, someone has deleted a row. The "risk class" column was never filled in. Marketing introduced three new tools without logging them. And the version the data protection officer has isn't the same one the IT manager is working from.
Sound exaggerated? Unfortunately not.
This is exactly the scenario we see in almost every company that starts tackling AI documentation. And all of this would be manageable if it weren't for the EU AI Act taking full effect on August 2, 2026. From that date, companies must be able to demonstrate on request which AI systems are in use, how they've been classified, and whether the documentation is complete.
A spreadsheet on some shared drive won't cut it.
What the EU AI Act actually demands
Before we talk about Excel's shortcomings, it's worth looking at what the EU AI Act actually requires. Because "writing a few things down" isn't going to be enough.
For every AI system, companies must be able to prove: its purpose, who is responsible for it, what data it processes, which risk class it falls into, and what compliance measures have been taken. For high-risk systems, add technical documentation, a risk management system, and proof of human oversight.
And this isn't a one-time exercise. The documentation must stay current. With every change, every new assessment, every review. Who changed what, and when? That question must be answerable at any moment.
This is exactly where Excel becomes a problem. Four situations show why.
Situation 1: The regulator asks for the change history
A supervisory authority wants to know: "When was the risk assessment for your recruiting tool last updated? Who made the change?"
❌ With Excel
You can't answer that question. Excel doesn't store change history at the cell level. Is the current classification from two weeks ago or two years ago? Was it Ms. Johnson or Mr. Smith? What was there before? All unclear.
✅ With a compliance platform
One click on the audit log: "January 14, 2026, 10:32 AM: Ms. Johnson changed the risk class from 'Limited Risk' to 'High Risk.' Reason: New use case in recruiting." Timestamp, user, context. Done.
The EU AI Act explicitly requires traceability. Without audit-proof documentation, you're missing the most critical building block.
Situation 2: A new AI tool needs to be assessed
Marketing wants to introduce a new AI tool for automated customer communication. Someone needs to determine the risk class.
❌ With Excel
Someone types "Limited Risk" into a cell. Done. Where did the classification come from, what criteria were applied, whether the person even understood the risk categories? Not traceable. Not repeatable. Not audit-ready.
✅ With a compliance platform
A guided questionnaire asks targeted questions: Does the system process personal data? Does it make automated decisions? The risk class is derived rule-based. Traceable, repeatable, versioned.
Risk assessment needs structure, not free-text fields. A spreadsheet can't deliver that.
Situation 3: The auditor arrives, three departments have three versions
A client asks about your AI compliance status. Or a regulator announces an inspection. Now everything needs to happen fast.
But who actually has the current version of the documentation? IT has version 3.2 on the server. The DPO has a copy from last month. Marketing never received anything. And the person who maintained it all is on vacation.
❌ With Excel
You open a file with 47 columns. One tab is called "Copy of Backup (3)." The last entry is four months old. You spend half the day wrestling it into a presentable format. The auditor is not impressed. Neither are you.
✅ With a solution like SimpleAct
Everyone works in the same system. IT registers, business units add context, the DPO reviews and approves. One click on "Export" generates the full compliance report: All AI systems, risk classes, assessments, checklists, change history. As PDF. With version number. Instantly.
AI documentation isn't a one-person job. It needs clear roles, a single source of truth, and an output you can actually show someone.
Situation 4: 15 AI systems, 15 different requirements
Not every AI system requires the same depth of documentation. A marketing chatbot has different obligations than a recruiting tool that influences hiring decisions. The EU AI Act scales requirements by risk class: from basic transparency to comprehensive technical documentation.
❌ With Excel
You manually maintain different checklists. Per system. Per risk class. With references to EU AI Act articles. At 15 AI systems, the spreadsheet turns into a monster: dozens of tabs, hundreds of rows, zero overview. Who completed what? Nowhere to be found.
✅ With a compliance platform
Every AI system automatically gets the right checklist for its risk class, with specific requirements and article references. The dashboard shows at a glance: What's done? Where is action needed? Who's responsible?
The direct comparison
When Excel still works, and when it doesn't
To be fair: Excel isn't a bad tool. For a first inventory of three or four AI systems, a spreadsheet is a solid starting point. Better a simple list than no overview at all.
But as soon as requirements grow (more systems, different risk classes, multiple owners, regular reviews, exportable evidence), Excel hits its limits. And those limits aren't technical. They're structural. Excel was built for calculations. Not for compliance management.
The real question: Not whether you'll move on, but whether you do it before or after your first audit.
From spreadsheet to system: how to make the switch
If you're still documenting with Excel today, you've taken the first step. But AI documentation isn't a project with an end date. It's an ongoing process: new tools get added, use cases change, people move on. All of it needs to be documented traceably.
For what's required starting August 2026, you need a solution that grows with you. One that doesn't depend on a single person. And one that delivers the proof that matters when it matters.
We built SimpleAct exactly for this transition. If you have an Excel list today, you can have a structured documentation tomorrow. Register systems, classify them rule-based, work through checklists, export the report. The switch takes an afternoon, not a month.
This article is for general information purposes only and does not constitute legal advice. Documentation requirements may vary depending on the use case and risk class. If in doubt, we recommend seeking legal counsel.
About SimpleAct: SimpleAct is a German compliance platform that helps companies structurally document their AI systems in accordance with the EU AI Act. From registration to risk assessment to exportable audit reports. All in one place.
Tags
Yannick | SimpleAct Team
Author · SimpleAct Team
