IT Asset Management: The Foundation for AI Control Tower

Get on top of your AI inventory before the EU, or your risk team, comes knocking.

Let us appreciate how far IT Asset Management has come. Once upon a time, "the estate" meant a room full of beige servers and a spreadsheet only Dave understood. Then came the laptops, the mobiles, and the tablets nobody admitted to buying. You built discovery, nailed down ownership, tracked everything from procurement to the skip, and wrangled software licences until you could recite entitlement terms in your sleep. Then along came Docker and Kubernetes, with containers that appear and vanish before the weekly scan has finished its cup of tea.

You survived all of it. So naturally the universe has handed you a fresh challenge: AI. Models, datasets, prompts, agents, and the systems they quietly live inside. Unlike a laptop, these things learn, drift and make decisions on their own, usually without telling anyone. Worse, they rarely arrive through procurement. They turn up via an API key, a free trial, or someone in marketing who got a bit excited.

We have heard this song before. A shiny new initiative kicks off, the risk team comes knocking, and the question is always the same: "Right, where is your inventory of assets?" Cue an awkward silence and a frantic dash through spreadsheets. The EU AI Act is about to ask exactly that, at scale. You now have to prove, on request, which AI systems you run, what they do, what data they consume, and that they are behaving themselves. 

This is where ServiceNow's AI Control Tower comes in, and here is the bit every asset manager should clock: it is only as good as the asset data underneath it. AI Control Tower governs AI system, model and dataset, with EU AI Act and NIST content baked in. But it runs on the same CMDB and Common Services Data Model you already feed. The AI inventory borrows its business context, service mappings and ownership from the foundation ITAM has spent years building. Garbage in, garbage out: if your asset data is a mess today, your shiny AI governance dashboard is a confident, well-designed mess tomorrow.

So the unglamorous work of keeping your inventory clean has just become the thing that makes enterprise AI governance possible at all.

And the clock is ticking. EU lawmakers have agreed to push the high-risk rules back, so the new application dates are 2 December 2027 for standalone high risk AI systems and 2 August 2028 for high-risk AI embedded in products such as medical devices, toys and lifts. Before you crack open the bubbly, the transparency obligations for artificially generated content have actually been pulled forward, with that deadline now 2 December 2026, so the labelling rules bite first. Prohibited practices and AI literacy duties have applied since February 2025, and the rules for general purpose AI models since August 2025, so plenty is already live. None of this is a single deadline you can cram for the night before. It is a rolling set of obligations, and every one of them starts with the same question: which AI assets do you actually have?

That is why the teams who can answer "where is my inventory?" on the spot, for AI as confidently as they do for laptops and licences, turn the EU AI Act from mad scramble to a controlled response. Get on top of it before the EU, or your risk team, comes knocking.