AI Vendor Due Diligence Questionnaire
Comprehensive questionnaire to assess AI vendor compliance with EU AI Act requirements. Send to vendors before procurement or at renewal.
Questionnaire Sections
Vendor Profile
- Company legal name and jurisdiction
- AI system name and version
- Contact for AI governance queries
- Contract renewal date
AI System Details
- System purpose and functionality
- Risk classification (vendor's assessment)
- Instructions for use availability
- Model provider (if using third-party models)
Compliance Documentation
- EU AI Act compliance statement
- Technical documentation availability
- Conformity assessment status
- CE marking status (if high-risk)
Transparency & Support
- Transparency disclosures supported
- Logging capabilities and export
- Incident notification process
- Support for deployer obligations
Frequently Asked Questions
Why do I need to do due diligence on AI vendors?
As a deployer, you have obligations under Article 26 even when using vendor AI systems. Due diligence helps ensure your vendor can support your compliance requirements and provides necessary documentation.
What should I ask AI vendors about EU AI Act compliance?
Key areas include: their risk classification, availability of instructions for use, logging/export capabilities, incident notification processes, and what transparency disclosures they support.
When should I conduct vendor due diligence?
Conduct due diligence before procurement, at contract renewal, and when there are significant changes to the AI system or regulations. Annual reviews are recommended.
What if my vendor can't answer these questions?
This is a red flag. Vendors should be able to provide basic compliance information. Consider this in your risk assessment and procurement decisions.
Centralize Your Vendor Management
Klarvo tracks all your AI vendors, their documentation, and renewal dates in one place.