Question 1

What is Vendor Due Diligence?

Accepted Answer

The process of evaluating an AI vendor before adopting their product and on an ongoing basis, to assess security, privacy, legal compliance, and reliability. AI vendor due diligence covers: data handling and retention policies, security certifications, subprocessor lists, incident response procedures, model training policies (is your data used?), contractual protections, and financial stability. The EU AI Act requires deployers of high-risk AI systems to verify that the AI they purchase complies with the Act's requirements. Even outside regulated contexts, vendor due diligence protects against supply chain risk.

Question 2

Why does Vendor Due Diligence matter for small teams?

Accepted Answer

Your AI vendor is your biggest AI governance risk factor. Before signing, get answers to: Does my data train the model? What security certifications do you hold? Who are your subprocessors? What happens to my data if I cancel? Reputable vendors will answer all of these.

Vendor Due Diligence

Defined in law

Related terms

Further reading

Vendor Due Diligence

Defined in law

Related terms

Further reading