AI Vendor Due-Diligence
Checklist
A comprehensive checklist for evaluating AI vendors across data handling, security posture, model transparency, compliance, contracts, and incident response.
Educational notice: This checklist is a starting point for vendor evaluation, not a legal document. Adapt it to your jurisdiction, industry, and risk tolerance. Have your legal team review all contractual provisions before signing. Some items may not apply to your use case — document why if you skip them.
Synopsis
Selecting an AI vendor is not just a procurement decision — it is a security, compliance, and liability decision. This checklist covers six domains: data handling and privacy, security posture, model transparency, regulatory compliance, contractual protections, and operational incident response. Use it before signing any AI vendor contract, and revisit it annually or when the vendor architecture changes.
Not Every Check Applies to Every Business
The full 60-item checklist is the maximum bar for enterprises handling sensitive data at scale. Smaller organizations or lower-risk use cases should scope down — but document what they skipped and why.
Tier 1: Full checklist (60 items)
Tier 2: Core checklist (~35 items)
Tier 3: Essential checklist (~15 items)
Important: Tier 3 does NOT apply if you handle PHI, financial records, biometric data, hiring decisions, or operate in the EU. A small business handling PHI still needs the full Tier 1 checklist — the data sensitivity determines the tier, not just the company size.
When the Vendor Is New or Unproven
Startups and early-stage AI vendors may not have SOC 2, penetration tests, or a compliance track record. If the business value justifies the risk, use these alternative verification and protection mechanisms.
Cyber liability insurance with AI coverage
Source code or data escrow
Milestone-based contracting
Performance bond or letter of credit
Third-party security attestation
Data residency and processing guarantees
Indemnification for AI-specific harm
Reference customers and pilot testing
When to walk away from a new vendor: If they refuse to sign a DPA, will not provide any security documentation, cannot name a single reference customer, have no plan for SOC 2 or equivalent, and resist milestone-based contracting — the risk is not manageable. No AI tool is worth an unmanageable security and compliance exposure.
Red Flags That Should Stop Procurement
If a vendor exhibits any of these, pause and escalate to security leadership before proceeding.
Cannot or will not sign a Data Processing Agreement (DPA) — walk away
Uses your data to train their models and cannot opt out — this is a data leakage and IP risk
No SOC 2 Type II or equivalent certification, and no plans to obtain one
Cannot provide model cards, capability documentation, or limitation disclosures
No documented incident response process — if they cannot handle their own incidents, they cannot protect your data
Refuses right-to-audit or limits it to self-assessment only
Liability caps that do not cover AI-specific harm (hallucination, bias, data leakage)
No breach notification timeline commitment, or timeline exceeds your regulatory requirements
Sub-processors are not disclosed or cannot be reviewed before contract signing
No API key rotation or scoped permissions — this indicates an immature security program
Continuous Vendor Monitoring — After the Contract Is Signed
Due diligence does not end at contract signing. AI vendors change models, add sub-processors, and evolve their architecture continuously. Set up these monitoring practices to catch issues before they become incidents.
Annual re-evaluation
Sub-processor change monitoring
Vendor incident notification
Model change impact assessment
SLA compliance tracking
Bias audit and compliance renewal
Scoring Guidance
Assign each item a score to compare vendors objectively.
Meets (2 points)
Partially meets (1 point)
Does not meet (0 points)
Interpreting the total: 100–110 = low risk, proceed with standard contracting. 80–99 = moderate risk, require remediation plan before signing. 60–79 = high risk, require senior leadership approval and contractual commitments with deadlines. Below 60 = unacceptable risk — do not proceed without compensating controls or a different vendor.
Data Handling & Privacy
- What data does the vendor collect from your organization (prompts, documents, metadata, logs)?
- Where is data stored (region, data center, sub-processor locations)?
- How long is data retained after processing?
- Is data used to train or fine-tune the vendor models? If so, can you opt out?
- Does the vendor support data residency requirements (e.g., EU, US, specific regions)?
- What encryption is applied in transit and at rest?
- Does the vendor have a DPA (Data Processing Agreement) template?
- What is the vendor data deletion process upon contract termination?
- Does the vendor support customer-managed encryption keys (CMEK)?
- What is the breach notification timeline and process?
Security Posture
- Does the vendor have SOC 2 Type II, ISO 27001, or equivalent certification?
- Has the vendor undergone a third-party penetration test in the last 12 months?
- Does the vendor support SSO/SAML integration with your identity provider?
- Does the vendor enforce role-based access control (RBAC)?
- Does the vendor support API key rotation and scoped permissions?
- What is the vendor vulnerability disclosure policy?
- Does the vendor provide audit logs for all API calls and administrative actions?
- Does the vendor isolate customer data at the tenant level (not just logical separation)?
- What network security controls are in place (WAF, DDoS protection, egress filtering)?
- Does the vendor have a documented security incident response plan?
Model Transparency & AI Specifics
- What model(s) power the service? Are they proprietary, open-source, or third-party?
- Can the vendor disclose the model version and update cadence?
- Does the vendor provide model cards or documentation of capabilities and limitations?
- What guardrails and safety filters are applied to model inputs and outputs?
- Does the vendor support custom system instructions or configuration?
- Can you bring your own model or fine-tune on your data?
- What is the model performance monitoring and drift detection process?
- Does the vendor provide bias audit results or fairness evaluations?
- How does the vendor handle model deprecation and migration?
- Does the vendor expose tool/function calling, MCP, or agent capabilities? If so, what are the security controls?
- Does the vendor conduct adversarial testing or red-teaming on their own models? What is the cadence and scope?
- Can the vendor disclose training data provenance — what data was used to train the model, and whether any copyrighted or licensed data is included?
- Does the vendor use open-source models (e.g., HuggingFace, Ollama)? If so, what are the license terms and attribution requirements?
Compliance & Regulatory
- Does the vendor comply with relevant regulations (GDPR, CCPA, HIPAA, EU AI Act, TRAIGA)?
- Can the vendor provide a compliance matrix mapping to your regulatory requirements?
- Does the vendor support data processing impact assessments (DPIAs)?
- Does the vendor have an AI governance framework (e.g., NIST AI RMF alignment)?
- What is the vendor approach to AI system disclosure and transparency obligations?
- Does the vendor maintain an AI system registry or inventory?
- Can the vendor provide evidence for audit, regulatory inquiry, or litigation hold?
- Does the vendor have insurance coverage for AI-related liabilities?
- What jurisdictions does the vendor operate in and are there cross-border data transfer implications?
- Does the vendor have a process for handling government or law enforcement data requests?
- Does the vendor maintain a model versioning policy with backward compatibility guarantees? What happens when the model is updated or deprecated?
Contractual Protections
- Are data ownership and IP rights clearly defined (you own your data, outputs, and derivatives)?
- Are liability caps and indemnification clauses adequate for AI-related harm?
- Is there a right to audit clause?
- Are service levels (uptime, latency, support response) defined and enforceable?
- Is there a termination and data return/deletion clause with defined timelines?
- Are sub-processors listed and is there a notification requirement for changes?
- Is there a confidentiality and non-use clause that prevents the vendor from using your data for marketing?
- Are there restrictions on the vendor using your data to train models?
- Is there a change-of-control clause that triggers re-evaluation on acquisition?
- Are there clauses addressing AI-specific risks (model deprecation, bias, hallucination liability)?
- Does the vendor disclose whether their own sub-processors use AI on your data? If so, what are the controls and notification requirements?
Operational & Incident Response
- What is the vendor uptime history over the past 12 months?
- Does the vendor provide status pages and incident notifications?
- What is the support model (hours, channels, response times, escalation)?
- Does the vendor have a documented AI incident response process?
- How quickly can the vendor disable a compromised integration or API key?
- Does the vendor provide post-incident reports after security events?
- What is the vendor disaster recovery and business continuity plan?
- Does the vendor conduct regular tabletop exercises for AI security incidents?
- What is the process for reporting vulnerabilities or security concerns?
- Does the vendor provide a dedicated security contact or CISO liaison?
Download the AI Vendor Due-Diligence Checklist
FAQ
When should I re-evaluate an existing AI vendor?⌄
Re-evaluate annually at minimum. Additionally, re-evaluate when: the vendor is acquired or changes ownership, the vendor announces a new model or architecture change, your data scope expands (e.g., you start sending PHI when you previously only sent public data), a security incident occurs at the vendor, your regulatory obligations change, or the vendor sub-processor list changes without notification.
What if the vendor is a startup without SOC 2 yet?⌄
Startups may not have SOC 2 Type II yet, but they should have a clear timeline and evidence of progress. Require: a signed security plan with target dates, a completed security questionnaire (e.g., CAIQ), penetration test results, and contractual commitments for certification within 12 months. Weigh the risk against the business value — a startup handling PHI without SOC 2 is a different risk profile than one handling public data.
Should I require the vendor to support on-premise deployment?⌄
For highly sensitive data (PHI, biometric, financial records, source code), on-premise or customer-managed cloud deployment significantly reduces data exposure. If the vendor cannot support this, require: DLP scanning on outbound prompts, a DPA with strict no-training-on-data clauses, customer-managed encryption keys (CMEK), and a documented data deletion process with verification.
How do I evaluate a vendor that uses third-party models (e.g., OpenAI, Anthropic)?⌄
The vendor should disclose which third-party models they use and provide the model provider security documentation. You need to evaluate both the vendor (your direct contractor) and the model provider (a sub-processor). Ensure the vendor DPA covers sub-processor obligations, and that data flow to the model provider is documented. If the vendor cannot disclose the model provider, that is a red flag.