AI Vendor Procurement Checklist: 15 Questions Before You Sign

If you're an owner about to sign an AI vendor MSA next week, the single biggest predictor of regret in 12 months is which questions you didn't ask in the procurement call. I've watched founders pay 6-figure annual contracts to vendors who couldn't answer half the items on this list.

Why is AI procurement different from regular SaaS procurement?

Three reasons. First, your data may train someone else's model unless you explicitly opt out — a category of risk that didn't exist in 2018 SaaS. Second, AI vendors often chain three to seven sub-processors (model provider, hosting, vector DB, observability, payment, support) — each one is a data-flow surface. Third, AI products change weekly. The model you bought in January may be a different model in April with different behavior, costs, and failure modes.

Definition: AI sub-processor — any third party the vendor sends your data to in order to deliver the service: model provider (OpenAI, Anthropic), hosting (AWS, GCP), vector store, observability platforms, etc.

The 15 questions below are the ones we've seen actually surface real problems before signature.

The 15 questions

Below is the working list. Send it as a written addendum to the vendor's standard MSA, ask for written responses, and treat the response timeline itself as a signal.

Data & training (Q1-Q5)

1. Where is our data physically stored, by region and provider? Red-flag answer: "AWS, global." You want region-specific commitment (e.g., "eu-central-1 only").

2. Is our data used to train your models or any third-party model? Red-flag: "Only aggregated / anonymized." Aggregation is not anonymization for legal purposes. You want a clean "no" with a contractual hook.

3. Can we opt out of all training, including aggregate/telemetry? Red-flag: "Yes, contact support." You want the opt-out as a contractual default, not a support ticket.

4. What is your data-retention policy after contract termination? Red-flag: "Industry standard." You want a specific window (e.g., "60 days then certified deletion with attestation").

5. Do you have a documented incident response process for data breaches involving AI-specific risks (prompt logs, embedding stores)? Red-flag: "We follow SOC 2." SOC 2 doesn't address prompt-log leakage. You want AI-specific runbooks.

Definition: Training-data opt-out — a contractual provision that your inputs, outputs, and metadata cannot be used to retrain or fine-tune any model, including the vendor's own.

Security & compliance (Q6-Q9)

6. Do you have SOC 2 Type II, and can we see the latest report? Red-flag: "Type I" or "audit in progress for 18 months." Type II covers operating effectiveness over time, which is what matters.

7. What is your authentication model — SSO/SAML mandatory, MFA enforced on admin accounts? Red-flag: "We support SSO at enterprise tier." You want SSO at the tier you're buying, not an upsell.

8. How do you handle PII / PHI / financial data in prompts and outputs? Red-flag: "Customers shouldn't put that in prompts." That's not a control, it's a wish.

9. Provide your current sub-processor list with regions, function, and what data each receives. Red-flag: "Available on request." You want it now, with notification rights for changes.

SLAs & change management (Q10-Q12)

10. What is your uptime SLA, and what are the service credits if you miss it? Red-flag: "99.9% with credits at our discretion." You want defined credits and a definition of "downtime" that includes degraded model performance.

11. How do you notify customers when you change the underlying model (version, provider, fine-tune)? Red-flag: "We don't typically notify." This is the question that breaks most AI contracts. You want 30+ days written notice with rollback rights for material behavior changes.

12. What is your published support SLA for production issues — first response and resolution? Red-flag: "Best effort." You want hours, not "best effort."

Definition: Model-change notification — a contractual obligation that the vendor tells you in advance (in writing) when they swap the underlying model, fine-tune, or alter inference parameters that could change output behavior.

Exit & continuity (Q13-Q15)

13. What is the data export format and time-to-export at contract end? Red-flag: "CSV via support ticket." You want documented API-driven export with a defined SLA.

14. What is the exit clause if you are acquired or pivot away from this product? Red-flag: "Standard MSA termination." You want a specific change-of-control clause and product-discontinuation notice (90+ days).

15. Do you offer a sandbox / pilot environment with production-parity data for the first 30-60 days, no-fault exit? Red-flag: "Pilots are full annual contracts." You want a real out, not a discount.

Copy/paste procurement addendum

Drop the block below into your purchase order or procurement intake.

AI Vendor Procurement Addendum — please answer in writing before signature.

Data:
1. Data residency (region + provider): ____
2. Training-data usage of customer inputs/outputs: [yes/no/limited]
3. Opt-out mechanism for training, telemetry, aggregate: ____
4. Post-termination retention window + deletion attestation: ____
5. AI-specific incident response runbook (attach): ____

Security:
6. SOC 2 Type II report attached: [yes/no]
7. SSO/SAML at our purchasing tier: [yes/no]
8. PII/PHI/financial handling controls: ____
9. Sub-processor list with regions + functions (attach): ____

SLAs:
10. Uptime SLA + service credit table: ____
11. Model-change notification policy (days, written, rollback): ____
12. Support SLA (first response, resolution hours): ____

Exit:
13. Data export format + SLA: ____
14. Change-of-control + product-discontinuation notice: ____
15. No-fault pilot window (days): ____

Owner-side counter-signature required for items 2, 3, 9, 11, 14.

The five items requiring counter-signature are the ones most likely to be quietly changed at vendor renewal time.

Tool tip (Course for Business): Most SMBs we work with don't have a dedicated procurement function for AI — the CEO or COO is signing these contracts directly. Our 6-week program includes a procurement-literacy module so the AI Champions (1:15-20) inside your team can review vendor responses before legal even sees them. Augment, don't replace applies to vendor evaluation too: the champion drafts the comparison, the owner signs. See the full curriculum at https://course.aiadvisoryboard.me/business.

Team scan (what AI champions report after week 1)

• Most SMBs discover their current AI vendor list is 2-3× longer than the executive team knew about (shadow procurement)
• The single most-skipped question is #11 (model-change notification)
• 40-60% of vendors decline to provide a full sub-processor list on first ask
• Champions catch 3-5 vendor red flags per quarter that legal would have missed
• First high-leverage win: rejecting one over-broad data clause in a vendor MSA, week 1
• First friction: existing vendors push back on retroactive addenda — handle at renewal
• Common Pattern: enterprise tiers required for SSO; budget surprise
• First governance question: "Who owns the sub-processor change-notification email?" — answer: COO + designated champion
• Adoption indicator: procurement checklist filed for every new vendor by month 2
• Saved-time indicator: legal review time per AI vendor drops from 4 hours to 45 minutes once the addendum becomes standard

Micro-case (what changes after 7-14 days)

A 90-person professional services firm ran this checklist against their three highest-spend AI vendors in week 1. They discovered one vendor was using customer prompts to train a shared model (Q2 / Q3 red flag), one vendor had no model-change notification policy (Q11), and one vendor's sub-processor list included a payments processor that had no business handling document content (Q9). All three got renegotiated at renewal — total saved annual spend was around €18K and three privacy-exposure surfaces were closed. The owner started using the same checklist on every new pilot from day 14 onward. No new tool was needed — just the written questions.

Note on this case: This example is illustrative — based on typical patterns we observe with companies of 30-500 employees, not a single named client. Specific numbers are rounded approximations of common ranges, not guarantees.

Tool tip (Course for Business): The Shoulder-to-Shoulder hot seat in our 6-week program is also how procurement gets done in practice: a champion sits with the buyer (usually the COO or CEO), walks through the vendor's responses live, and flags the gaps in real time. Augment, don't replace works here too — the champion does the technical filter, the owner makes the contractual call. Book a 30-min mapping call at https://course.aiadvisoryboard.me/business to see how the procurement module slots in.

FAQ

What about EU AI Act compliance — is that vendor's problem or mine? Both. The vendor must disclose intended use, training data sources, and known risks. You, as the deployer, are still on the hook for the deployment context — high-risk uses (HR screening, credit scoring, education) carry deployer obligations independent of vendor compliance. Don't accept "we're compliant" as transitive immunity.

Do these 15 questions apply to ChatGPT Teams or Claude for Work? The big platform vendors answer most of these in their public DPA and trust documentation — you don't need a custom addendum, but you should still read the DPA. The questions become critical for second-tier vendors and AI-feature SaaS (e.g., support tools that have added an AI summarizer).

What's the realistic timeline for procurement now that AI is involved? Roughly 50% longer than equivalent non-AI SaaS — for a $50-200K annual contract, expect 3-6 weeks for full evaluation if the vendor is responsive. Vendors who push for a 2-week sign are typically the ones who failed audits elsewhere.

Should we use a third-party procurement tool for this? Not for SMB volume. The list above plus a shared sheet is enough until you're signing more than 15-20 AI vendors a year. Once you cross that, procurement-specific tooling starts paying back.

Conclusion

The 15 questions don't slow procurement down — they replace the rework that happens 90 days post-signature, when the vendor's model changed under you and nobody saw it. Treat the written-response timeline as a vendor signal: serious vendors respond fully in a week. Vague vendors take three weeks and answer nine of fifteen.

Pick your next AI vendor contract. Send the addendum. Track which items they push back on. That's where your real risk lives.

If you want every employee to ship their first AI automation in five days — book a 30-min call and we'll map your team's first week at https://course.aiadvisoryboard.me/business.