All resources
FRAMEWORK14 pages · 50+ questions
AI Vendor Due Diligence Framework
Structured questionnaire for assessing third-party AI vendors before procurement. Covers technical documentation, bias testing, data processing, and contractual protections.
About this resource
Most enterprise AI risk does not come from AI you build but from AI embedded in software you buy. Under the EU AI Act, deployer obligations cannot be contracted away. This framework gives procurement, legal, and risk teams a structured assessment to apply before signing any AI vendor contract.
What you get
- Vendor governance maturity assessment (50+ questions)
- Technical documentation requirements (what to demand)
- Bias and fairness testing review framework
- Data processing assessment (training data use, residency, retention)
- Incident response capability assessment
- Required contract terms: audit rights, notification, change management
- Concentration risk evaluation worksheet
- Red flag indicators that should trigger deeper review
Who it's for
- Procurement teams buying AI-powered software
- Legal counsel reviewing AI vendor contracts
- Risk officers managing third-party AI exposure
- CISO and CTO teams assessing AI supply chain
Free download
Get this resource
Enter your details and we'll email it straight to you. No payment, no card.