Key facts

  • Format: one PDF combining a buyer-ready evidence checklist and an RFP question bank.
  • Covers risk classification, model and data documentation, security certs and incident processes.
  • Includes red flags that should pause or stop a procurement decision.
  • Useful for both buyers running due diligence and vendors preparing to be buyer-ready.
  • Free to download — pairs with the AI procurement readiness guide.

What is the AI procurement evidence pack?

It is a practical pack for anyone buying or selling AI. The evidence checklist lists what a buyer should request from an AI vendor before signing — risk classification, model and data documentation, security certifications, impact assessments and incident processes. The RFP question bank turns that into ready-to-use questions for a formal tender.

📥 Download the AI Procurement Evidence Pack + RFP Question Bank (PDF)

Who is it for?

Procurement, legal and security teams evaluating AI vendors, and AI vendors who want to pre-empt due diligence by being buyer-ready. See evidence to request from vendors for the underlying detail.

What the pack covers

Evidence checklist. Risk classification, model and training-data documentation, security certifications, DPIA/FRIA status and incident-response process.

RFP question bank. Ready-to-use questions on risk class, training-data provenance, evaluation and bias testing, human oversight, security and sub-processors.

Red flags. No documentation, vague data sourcing, no human-oversight design, refusal to share evaluations, and no incident process.

Contract pointers. Where to add warranties, audit rights, transparency and AI Act role allocation. See AI procurement readiness.

How to use it

Send the RFP questions with every AI-related tender, scored rather than open-ended. Use the evidence checklist as a gate before signature, not an afterthought, and re-run it at least annually for existing suppliers. If a vendor can't answer the core questions, treat that as the answer.

Frequently asked questions

What evidence should procurement request from AI vendors?

Risk classification, model and data documentation, security certifications, DPIA/FRIA, transparency information, incident processes and, ideally, ISO 42001.

What questions should be in an AI RFP?

Risk class, training-data provenance, evaluation and bias testing, human oversight, security, sub-processors and EU AI Act roles.

What are red flags when buying AI?

No documentation, vague data sourcing, no human-oversight design, refusal to share evaluations, and no incident process.

What is a buyer-ready evidence pack?

A pre-assembled set of compliance artefacts — classification, documentation, certifications and policies — that answers due diligence fast.

What should an AI procurement checklist cover?

Inventory entry, risk class, evidence request, contract terms, security review and ongoing monitoring.

What are the EU model contractual clauses for AI?

EU template clauses, notably for public procurement, allocating AI Act responsibilities between buyer and supplier.

Can I rely on a vendor's compliance claims?

Verify, don't assume — request evidence and document it; you retain deployer obligations regardless of vendor claims.

Related pages

Sources

Last updated 19 June 2026.