AI Vendor Due Diligence Framework
Structured questionnaire for assessing third-party AI vendors before procurement. Covers technical documentation, bias testing, data processing, and contractual protections.
About this resource
Most enterprise AI risk does not come from AI you build but from AI embedded in software you buy. Under the EU AI Act, deployer obligations cannot be contracted away. This framework gives procurement, legal, and risk teams a structured assessment to apply before signing any AI vendor contract.
What this resource covers
- Vendor governance maturity assessment (50+ questions)
- Technical documentation requirements (what to demand)
- Bias and fairness testing review framework
- Data processing assessment (training data use, residency, retention)
- Incident response capability assessment
- Required contract terms: audit rights, notification, change management
- Concentration risk evaluation worksheet
- Red flag indicators that should trigger deeper review
Who it's for
- Procurement teams buying AI-powered software
- Legal counsel reviewing AI vendor contracts
- Risk officers managing third-party AI exposure
- CISO and CTO teams assessing AI supply chain
Read the detail on-site
The full analysis behind this resource is published in our insights, each linked to primary regulatory sources.
Put it to work
See where you stand
Take the free 7-question AI governance maturity assessment, it runs entirely in your browser and gives you a tailored view of your gaps in about three minutes.
Free assessment, 3 minutes Browse all insightsEverything here is free and on this site, no sign-up, no download required.