VND-009 AI Supply Chain and Third-Party AI Risk
Description
Risks arising from third-party AI components, pre-trained models, training datasets, AI APIs and AI platform services are identified and managed. Responsibilities for AI risk across the supply chain are documented. Third-party AI providers are assessed for alignment with the organisation's responsible AI policies before integration.
Rationale
AI SaaS products routinely embed third-party model APIs, foundation models and AI infrastructure. These introduce risks (bias, hallucination, data leakage, IP infringement) that are not covered by conventional vendor risk programmes.
Framework Mappings (7)
| EU-AI-Art.25.2 | Value Chain Responsibilities — Supply Chain Agreements | full |
| A.10.2 | Allocating responsibilities | full |
| A.10.3 | Suppliers | full |
| SR-3 | Supply Chain Controls and Processes | partial |
| GOVERN 6.1 | Third-Party AI Risk Policies | full |
| GOVERN 6.2 | Third-Party Failure Contingency Processes | full |
| MANAGE 3.1 | Third-Party AI Risk Monitoring and Controls | full |
Evidence (2)
AI vendor risk assessment records documenting the evaluation of third-party AI components, pre-trained models, and AI APIs against responsible AI criteria before integration.
Example: AI Vendor Risk Assessment reports (internal questionnaire or structured due diligence) for each integrated AI provider (e.g. OpenAI, Anthropic, Google AI, Hugging Face) — covering: model transparency/explainability, bias assessment, training data provenance, data leakage controls, hallucination rates, IP and copyright risks, alignment with responsible AI policy, and integration approval decision
Test: Request AI vendor risk assessment reports for all integrated AI APIs and model providers. Verify: (1) an assessment was completed before each AI component was integrated, (2) assessments include AI-specific criteria (bias risk, training data provenance, data retention by the AI provider, output explainability), (3) the organisation's responsible AI policy criteria are referenced, (4) an approval decision is documented.
Executed agreements with AI providers covering data processing terms, model usage restrictions, training data opt-out provisions, and AI supply chain responsibilities.
Example: AI provider usage agreements or DPAs (e.g. OpenAI Enterprise Agreement, Anthropic API Terms, AWS Bedrock Service Terms) — confirming: prohibition on using customer prompts/data to train foundation models, data retention limits, confidentiality of inputs and outputs, and liability allocation for AI-generated outputs
Test: Request executed agreements with AI providers. Verify: (1) agreements explicitly address whether customer data or prompts are used to train the AI provider's models (opt-out confirmed), (2) data retention by the AI provider is defined (acceptable: ≤30 days or none), (3) confidentiality obligations on AI inputs and outputs are specified, (4) applicable jurisdiction and law is specified.
Questions (2)
Does your organisation conduct an AI-specific risk assessment for third-party AI components, pre-trained models, AI APIs and AI platform services before integration, evaluating criteria such as bias, training data provenance, data retention and responsible AI alignment?
Standard vendor risk assessments are insufficient for AI components. Assessments must include AI-specific criteria: training data provenance, model transparency, bias risk, data leakage controls, output explainability, and whether customer data is used to train the provider's models.
Which of the following are covered in your organisation's assessment of third-party AI providers?
Prohibition on model training using customer data and defined data retention limits are the minimum requirements for enterprise AI provider agreements. A thorough assessment also addresses bias, explainability and IP risk.