Every SaaS tool ships an AI feature. Each one is a data-processing decision, an EU AI Act role, and a third-party dependency — and most land through procurement with no consistent way to say yes or no.
Security, legal, and the business each assess differently — and inconsistently — so the answer depends on who asked.
When a regulator or auditor asks why a vendor was approved, the rationale lives in an inbox — if it exists at all.
A vendor approved last year changed its model and sub-processors — and no one re-checked against policy.
Not a generic vendor rating — the model checks each vendor against the rules you actually enforce, so the verdict fits your risk appetite.
A clear recommendation with the specific gaps that drove it — so procurement and security see the same answer for the same reasons.
Every verdict is recorded with its inputs and reasoning, so you can show an auditor why a vendor was approved — without reconstructing it later.
Approved vendors join your governed estate, so third-party AI sits alongside your own systems in one inventory — not a separate list.
Add a vendor with its contract, DPA, and model metadata.
The model checks it against your policy and flags every gap.
Buy, hold, or reject — with the rationale recorded.
Re-check when a vendor changes model or sub-processors.
AI Vendor Assurance is in early access. The scoring model and evidence trail are built on the same platform as our live Solutions; connectors for automatic metadata capture are rolling out with design partners. We'll always tell you what's live versus on the roadmap before you commit.