AIG-032 Third-Party AI Risk Management
Description
Before integrating a third-party AI system, model, or AI-enabled service, a documented risk assessment is performed covering: intended use and scope constraints imposed by the provider, known limitations and failure modes, data processing and retention practices, update and model-change notification policies, and exit/contingency options. For foundation model providers (e.g. LLM APIs), the assessment also covers training data practices, safety alignment methods, and incident history. Risk assessments are refreshed annually and when the provider makes material changes.
Rationale
Third-party AI systems introduce risks (model change without notice, training data leakage, provider-level failure) that differ from conventional software vendor risk.
Framework Mappings (7)
| EU-AI-Art.25.1 | Value Chain Responsibilities — Assumed Provider Status | partial |
| A.10.3 | Suppliers | full |
| GOVERN 6.1 | Third-Party AI Risk Policies | full |
| GOVERN 6.2 | Third-Party Failure Contingency Processes | full |
| MANAGE 3.1 | Third-Party AI Risk Monitoring and Controls | full |
| MANAGE 3.2 | Pre-Trained Model Monitoring | full |
| MAP 4.1 | AI Technology and Legal Risk Mapping | full |
Evidence (2)
Third-party AI risk assessment for each integrated third-party AI system or foundation model API, covering intended use scope, known limitations, data practices, model-change notification policy, and exit options.
Example: Third-Party AI Risk Assessment — OpenAI GPT-4o API (Confluence, 2025-09-01): scope constraints (no training on API inputs by default — confirmed via OpenAI enterprise agreement), model change notification: 30-day notice per contract, known limitations: hallucination rate documented, data retention: zero retention confirmed, exit option: 6-month API continuity clause, reassessment trigger: major model version change
Test: Request third-party AI risk assessments for each integrated AI provider. Verify: (1) all required dimensions are covered (scope, limitations, data practices, change notification, exit options), (2) for foundation model providers, training data practices and safety alignment are assessed, (3) assessment is dated within the last 12 months or was triggered by a material provider change, (4) a reassessment schedule or trigger criterion is documented.
Commercial agreement or terms of service with third-party AI providers documenting data processing terms, model change notification obligations, and permitted use constraints.
Example: Enterprise Agreement with Anthropic (executed 2025-06-01): data processing addendum confirming no training on API inputs, 30-day model deprecation notice, permitted use definition excluding prohibited EU AI Act categories, and audit right clause
Test: Request the executed agreements with third-party AI providers. Verify: (1) data processing obligations are explicit (no training on customer inputs, data retention period, deletion obligations), (2) model change notification period is specified, (3) permitted use scope is defined, (4) agreements are executed (signed) and current (not expired), (5) agreements are stored in a retrievable contract repository with the responsible owner identified.
Questions (2)
Does your organisation perform a documented risk assessment before integrating a third-party AI system, model, or AI-enabled service?
Third-party AI systems introduce risks distinct from conventional software vendor risk: model changes without notice, training data leakage, provider-level safety failures. Assessment should cover data practices, change notification policies, and exit options.
Which of the following dimensions does your third-party AI risk assessment cover?
All seven dimensions are expected for foundation model providers such as LLM APIs. Whether inputs are used for model training is often the most commercially sensitive dimension and should be confirmed in contract terms, not assumed from general documentation.