← All questionnaires
NIST AI RMF + EU AI ACT · 26 QUESTIONS · FREE TEMPLATE

AI / LLM Vendor Risk Questionnaire — 30 questions every 2026 procurement team is asking

Every enterprise that buys AI in 2026 sends a version of this. Built on NIST AI RMF (GOVERN/MAP/MEASURE/MANAGE), EU AI Act Articles 9–15, and ISO/IEC 42001. The questions buyers care about most are training data, retention, and indemnification.

Total questions
26
Categories
8
Typical timeline
7–14 business days
Effort
15–30 hours
Who requests it
  • Enterprise AI governance councils and CIO offices
  • EU-based buyers preparing for AI Act enforcement (high-risk systems)
  • Regulated industry buyers (finance, health, education, employment)
Who fills it out
  • Head of AI / ML, with Legal and Security
  • Often the CTO and DPO co-sign

The questionnaire — every question, inline

1. Model Provenance & Training Data

4 questions
Where the intelligence comes from.
  1. 1.1
    List every foundation model in the data path with provider and version (e.g. Anthropic Claude Sonnet 4.5, OpenAI GPT-5, Llama 4 405B). Update cadence?
    Critical
  2. 1.2
    Will customer data be used to train, fine-tune, or improve ANY model — yours or a third party's? Default position and any opt-out.
    Critical
  3. 1.3
    If you fine-tune, describe the training data sources, licensing, and consent provenance.
    High
  4. 1.4
    Are model weights hosted by you, the foundation provider, or in customer infrastructure? Specify per model.
    High

2. Data Flow, Residency, Retention

4 questions
Where customer data goes and for how long.
  1. 2.1
    Step-by-step data flow from customer input → your service → foundation model provider → response. Disclose each hop.
    Critical
  2. 2.2
    Is zero-retention enabled with the underlying foundation provider (e.g. Anthropic ZDR, OpenAI ZDR)? Provide the contractual evidence.
    Critical
  3. 2.3
    Data residency — can processing be pinned to specific regions (EU-only, US-only)? Which models support it?
    High
  4. 2.4
    Embedding / vector store retention — how long, where stored, customer-managed deletion?
    High

3. Risk Classification & Governance (EU AI Act / NIST RMF)

4 questions
Articles 6–15 of the EU AI Act and NIST RMF GOVERN.
  1. 3.1
    EU AI Act risk classification of the offering (prohibited / high-risk / limited / minimal). Justify the classification.
    Critical
  2. 3.2
    If high-risk: confirm conformance with Articles 9 (risk mgmt), 10 (data governance), 13 (transparency), 14 (human oversight), 15 (accuracy & robustness).
    Critical
  3. 3.3
    NIST AI RMF profile — have you formally adopted GOVERN/MAP/MEASURE/MANAGE? Provide a summary or ISO/IEC 42001 certification.
    High
  4. 3.4
    Model card or system card published per release? Provide the URL.
    High

4. Output Quality & Hallucination

3 questions
Reliability of generated content.
  1. 4.1
    Published hallucination / factual-accuracy metrics for your offering, on what benchmark, last evaluation date.
    High
  2. 4.2
    How are outputs grounded — RAG over customer data, web grounding, citations? Describe the architecture.
    High
  3. 4.3
    Human-in-the-loop checkpoints for high-impact outputs (legal, medical, financial)? Configurable per customer?
    High

5. Safety, Bias & Red-Teaming

3 questions
Pre-deployment and ongoing testing.
  1. 5.1
    Red-teaming process before model upgrades — internal team, external lab, cadence, scope. Provide the most recent summary.
    High
  2. 5.2
    Bias evaluations across protected attributes (race, gender, age) — methodology, results, remediation.
    Critical
  3. 5.3
    Content safety filters — what categories are blocked (CSAM, weapons, self-harm, PII leakage)? Customer-configurable?
    Critical

6. Security, Prompt Injection & Abuse

3 questions
AI-specific attack surface.
  1. 6.1
    Prompt-injection defense — describe input sanitisation, instruction hierarchy, and output validation controls.
    Critical
  2. 6.2
    Data-exfiltration controls — how do you prevent the model from echoing other customers' data or system prompts?
    Critical
  3. 6.3
    Rate limits and abuse detection per API key / customer.
    High

7. Intellectual Property & Indemnification

3 questions
Who owns the output, who pays if it infringes.
  1. 7.1
    Confirm customer owns its inputs and the generated outputs. Carve-outs?
    Critical
  2. 7.2
    Output IP indemnification — do you indemnify customers for third-party IP claims arising from model output (similar to Microsoft Copilot Copyright Commitment, AWS Bedrock indemnity)? Cap?
    Critical
  3. 7.3
    Open-source licensing — are model weights, fine-tuning data, or generated code subject to copyleft (AGPL, GPL, etc.)?
    High

8. Transparency & End-User Disclosure

2 questions
AI Act Articles 50 + 52 disclosure obligations.
  1. 8.1
    Do you support marking AI-generated content (e.g. C2PA, watermarks) when required by Article 50?
    High
  2. 8.2
    If users interact with an AI system (chatbot, agent), is that disclosed in the UX you ship? Configurable copy?
    High
Email me a clean copy of this questionnaire
Polished HTML — paste into Word, Sheets, or a Notion page. We'll send one delivery email plus one invitation to build an auto-answered version from your audit. No drip spam.
We'll send the questionnaire + one audit-invitation follow-up. Unsubscribe anytime.

Common pitfalls

Want this pre-filled with YOUR controls?

Run a free NIST AI RMF / EU AI Act / ISO 42001 audit. ComplianceIQ uses your audit responses and generated policies to populate an answer pack you can paste into any SIG, CAIQ, or custom enterprise questionnaire — in minutes, not days.

Run free ISO27001 audit See answer-pack plans

FAQ

How is this different from a regular vendor security questionnaire?
Regular VRQs were not written for non-deterministic systems. They miss training-data provenance, hallucination metrics, bias testing, prompt injection, IP indemnification, and EU AI Act risk classification — all of which buyers now require for AI procurement.
Is the EU AI Act actually in force?
Yes — phased. Prohibited practices: 2 Feb 2025. General-purpose AI obligations: 2 Aug 2025. High-risk system obligations: 2 Aug 2026. Most fines reach €35M or 7% of global turnover for prohibited practices.
What's the minimum I need to say about training data?
(1) Whether customer data is used for training — default position. (2) Opt-out mechanism. (3) ZDR status with each upstream foundation provider. (4) Retention windows for inputs, outputs, and embeddings.
Should we adopt ISO/IEC 42001?
If you sell AI to EU enterprises, almost certainly yes. It's the AI management-system standard mapped to the EU AI Act and a strong sales accelerator for 2026.

Related free policy templates

ISO 27001 Information Security PolicyVendor / Third-Party Risk Management Policy

What happens when these answers are wrong

Meta Platforms
€1.2B
Largest GDPR fine ever — EU→US data transfers under invalidated Privacy Shield framework

More questionnaires

SaaS VendorCloud ProviderHIPAA BA AssessmentSOC 2 SubserviceGDPR Art. 28