Does your company need to install AI functionality into its systems?
Are you receiving AI models from vendors without knowing about it?
Companies are confronted with both procurement of a new technology and a changing governance expectation for AI models. This outline and checklist can help your company effectively implement vendor-produced AI into your processes.
Is Your Own House in Order?
- Determine your own AI governance priorities
- Impose those priorities on your vendors
- Create specific procurement documents and procedures for AI models
- Decide what you want from an AI model/product/service
- If you have specific needs from the AI model, highly specific SLAs may be necessary
- If you are testing to see how it can help you, then negotiate broad license
When Should You Buy or Build the AI Model?
- Purchase use of an AI model from a vendor
- Huge company/generalized AI versions
- The more expensive option may meet your needs
- Customized versions offered by companies aiming for your vertical market
- Design accurate specs for best results
- Huge company/generalized AI versions
- Develop a custom model to suit your purposes
- Custom development could be entirely in-house production or involved a third-party AI developer.
- If you engage a third-party AI developer . . .
- Negotiate for full rights and ownership of model and outputs or
- Allow vendor to use AI model base on the market
- Consider excluding your industry
- Consider negotiating for royalties on revenue from AI model
Traditional Tech Acquisition Matters: Questions to Ask
- How does your company want to use the technology?
- What are you paying for?
- Can you find a result-oriented description of the AI product/service built into the contract?
- Does the contract have realistic service levels for the role of the AI product in your business?
- Do you have exit ramps if the product is not working for your business? What are they?
- Will vendor stand behind it?
- Does the vendor provide any representations and warranties? Are they full of exceptions? Do they cover your company’s AI priorities?
- Does the vendor offer an IP infringement indemnity? What’s the scope? Is it capped?
- Will vendor advance development?
- Look for language around continuous performance improvement and/or build in conformity assessments
- Does the vendor offer to provide access to next generation models?
AI-Specific Concerns: Key Topics To Cover in AI Vendor Agreements and Addenda
- Use of the model
- Can you do everything you want with the AI model?
- What rights does the vendor retain?
- Customer-led risk allocation
- Risks from training, IP, and other development should be on vendor
- Limit customer responsibility for risks of use
- How accurate do you need it to be?
- Responsibility for generative AI hallucinations
- How do you know if the AI model is working as required
- Specifications, ongoing vendor/customer reviews, and audits
- Human oversight requirements
- Do you really need visibility into process or additional human process management?
- Will you be asked to justify how results were reached?
- How do humans fit in the loop?
- Ownership of IP and Data, and Restrictions on Vendor’s Use
- Step beyond copyright considerations by specifying data use rights between the parties
- Between the parties, who owns inputs/outputs?
- RAG GenAI content and outputs
- Privacy, Security and Privilege -Where does your data go?
- Will your inputs/outputs be fed back into the model? Is that model accessible to other vendor customers or just to your company?
- What security steps are built into the product?
- Bias and Discrimination
- Look for vendor representations
- Ask for specific tests and results
- If your company needs to prove bias testing, then push for documentation of vendor’s bias testing process and results
- Inner workings need not be a mystery
- Disclosure of technical documentation
- Regulator Guidance of AI acquisition and use – do you comply?
- What does your company’s regulator say?
- EU AI Act
- Algorithmic decision-making
- California and Colorado
Vendor Concerns in the Age of AI
- Is there AI in other products/services acquired from vendors?
- Look for embedded AI within software or consulting services
- Ask the question and be prepared to probe deeper
- Changing audit environment
- Lifecyle audits for AI models
- Audit of AI model training and testing processes
/Passle/678034865f458907b06ca7a9/SearchServiceImages/2025-12-01-14-44-24-571-692da9c801280cd27d753c8c.jpg)
/Passle/678034865f458907b06ca7a9/SearchServiceImages/2025-10-30-16-33-40-770-69039364762cdb8a62162579.jpg)
/Passle/678034865f458907b06ca7a9/MediaLibrary/Images/2025-10-22-19-59-10-318-68f9378e4b7a23dcc7243637.jpg)