What is the difference between SOC 2 Type I and Type II for AI vendors?

SOC 2 Type I is a point-in-time assessment of whether the vendor's controls are designed appropriately. SOC 2 Type II tests whether those controls operated effectively over a period (typically 6 to 12 months). Type II is significantly more useful for AI vendor due diligence because it gives evidence that controls were actually applied, not just designed. For any AI vendor handling personal data or production workloads, request SOC 2 Type II reports rather than Type I.

Can I force an AI vendor to guarantee no training on my data?

On enterprise tiers, the major vendors (OpenAI, Anthropic, Microsoft, Google) all offer no-training contractual guarantees as standard. On consumer or free tiers, training on inputs is usually the default and cannot be turned off. The practical answer for any UK business is to procure on an enterprise tier with the no-training clause written into the contract, and to confirm in writing that the guarantee applies to the specific SKU and region being procured. Do not rely on marketing pages or default settings.

What is the minimum due diligence for a UK SME buying ChatGPT Enterprise?

For a well-known enterprise tier from a major vendor, a minimum useful diligence is: confirm the no-training clause in the contract; obtain the standard DPA covering UK GDPR; review the most recent SOC 2 Type II report; choose the appropriate region for data residency; and document the lawful basis for any personal data processed through the tool. This typically takes a UK SME two to three weeks and produces the procurement record needed for an internal audit or a future client question.

Do I need a DPIA for every AI vendor I use?

No. The Information Commissioner's Office requires a Data Protection Impact Assessment for high-risk processing, which includes large-scale or systematic processing of personal data, special category data, or processing that involves automated decisions with legal effects. Many AI vendor uses (administrative AI, internal productivity tools that do not process personal data systematically) do not require a DPIA. Any AI processing customer data, employee data, or special category data almost certainly does. If in doubt, run a screening assessment first and let that drive the DPIA decision.

How long should AI vendor due diligence take?

For a well-known enterprise vendor on a standard tier, two to three weeks. For a sector-specific or less-established vendor, four to eight weeks including legal review. For any vendor that will process special category data under UK GDPR or be part of a regulated workflow under FCA or MHRA oversight, allow at least eight weeks and include sector legal review. Compressing these timelines is the most common procurement mistake and the source of most post-contract issues.

AI Vendor Selection Checklist for UK Businesses

What is AI vendor due diligence?

AI vendor due diligence is the structured assessment of an AI supplier's data handling, security posture, model training policies, and contractual commitments before procurement. For a UK business, the assessment has to satisfy three audiences at once: the data protection officer who has to sign off the lawful basis, the IT lead who has to integrate the tool, and the commercial owner who has to live with the contract. A generic SaaS vendor checklist will miss the AI-specific risks. This guide gives a five-area assessment, a contract red-flag list, a 10-question RFP template, and a scoring matrix that can be used by any UK SME or mid-market firm in 2026.

The reason a structured process matters: industry research from OneAdvanced in 2026 found that 58% of UK organisations face a platform integration crisis, much of it driven by misaligned procurement of AI tools. The NCSC's April 2026 open letter on AI cybersecurity explicitly recommends embedding Cyber Essentials requirements across AI supply chains. UK businesses signing AI contracts without a structured process are routinely accepting terms that fail UK GDPR, allow customer inputs to be used for model training, or create unmanaged residency risk.

Why vendor due diligence matters more for AI than for other SaaS

A standard IT or SaaS due diligence checklist does not address three risks that are specific to AI procurement.

Customer inputs being used to train the vendor's future models. Free-tier and consumer-grade AI tools almost always use inputs to improve the underlying model. Enterprise tiers almost always do not, but the default opt-out behaviour, the scope of "no training", and whether the guarantee is contractual or marketing copy vary widely between vendors.
Data residency complexity at inference time. Even where a vendor stores data in a UK or EU region at rest, inference (the actual model call) may route through a different jurisdiction. For FCA-regulated firms, public sector clients, and any business with sensitive data, the inference path is often the harder question to answer.
Vendor liability for AI-generated errors. AI vendors typically disclaim liability for hallucinations, bias, and downstream consequences of model outputs. The standard liability cap in a SaaS contract often does not contemplate AI-specific failure modes. Legal review should be sized accordingly.

Each of these risks needs an explicit answer from the vendor in writing, not an implicit comfort drawn from brand recognition.

The five-area checklist

Five assessment areas cover the AI-specific risks for a UK procurement. For each area, ask the vendor the listed questions and require written answers as part of the procurement record.

Area 1: Data residency

Where is customer data stored at rest, and where is it processed at inference time? Is a UK or EU-only routing option available, and what does it cost? For UK GDPR, the destination of personal data matters at every step. For FCA-regulated firms, public sector clients, and healthcare providers, UK or EU residency is often non-negotiable. Get the answer in writing and ask the vendor to specify which sub-processors handle the inference path.

Area 2: Model training policy

Does the vendor use customer inputs to train future foundational models on the tier you are buying? Is the opt-out default on or off? Is "no training on customer data" a contractual guarantee, a default setting that can be changed unilaterally, or marketing copy with no commitment behind it? The answer differs by tier within the same vendor, so confirm against the SKU you intend to procure, not the vendor's marketing site.

Area 3: Security certifications and assurance

Three certifications carry weight in UK AI procurement: ISO 27001 for an information security management system, SOC 2 Type II for operational controls over a sustained period, and Cyber Essentials (or Cyber Essentials Plus) where UK supply chain alignment matters. Request the most recent reports before contract signing, not after. For customer-facing AI systems, ask specifically what the vendor does about prompt injection, jailbreak, and data poisoning at the platform level.

Area 4: Data Processing Agreement and lawful basis

Is a UK GDPR-compliant Data Processing Agreement available as a standard appendix, or does it require six months of legal negotiation? Does the DPA cover both UK GDPR and EU GDPR for businesses with cross-border exposure? Is there a published sub-processor list, and what notice does the vendor give before adding new sub-processors? What is the breach notification timeline, and is it consistent with the controller's obligations under UK GDPR?

Area 5: Integration and maintenance

Open API availability, documentation quality, SLAs for API uptime, and deprecation notice periods all matter for any tool that becomes part of a workflow. An AI vendor that can change its API or deprecate a model with 30 days' notice is a maintenance liability, especially for tools that are embedded in customer-facing journeys. Ask for the change-management policy in writing and confirm whether older model versions are maintained for any defined period.

Contract red flags

Specific clauses in an AI vendor contract should trigger pushback or, where the vendor refuses to negotiate, walking away. The list below covers the most common patterns we see in UK procurement.

Unilateral right for the vendor to change material terms on short notice.
No "no training" guarantee on the tier being procured, or training opt-out that the vendor can disable.
UK GDPR-compliant DPA not available, or only available after months of legal negotiation.
Security certifications that cannot be produced within 10 business days of request.
Refusal to name sub-processors or to commit to advance notice of new sub-processors.
Liability caps so low (for example, three months of fees) that they are effectively zero.
No right to audit, even for regulated firms with statutory audit requirements.
Indemnity carve-outs for AI-generated outputs (the customer assumes all risk for hallucinations).
No defined exit assistance, data export format, or deletion certification at termination.

None of these is automatically a deal-breaker for every business, but each should be a conscious decision rather than a default acceptance.

RFP template: 10 questions every AI vendor must answer in writing

Use the questions below as the AI-specific section of any RFP, alongside the standard commercial and technical sections. Require written answers and append them to the procurement record.

Where is customer data stored at rest and processed at inference time, and which sub-processors are involved at each step?
Do you use customer inputs to train models on the specific tier we are buying, and is that a contractual guarantee or a default setting?
What security certifications do you currently hold (ISO 27001, SOC 2 Type II, Cyber Essentials), and can you share the most recent reports?
Is a UK GDPR-compliant Data Processing Agreement available as a standard appendix to the contract, and does it cover EU GDPR for cross-border data?
What is your incident response process and breach notification timeline, and how does it map onto our obligations as data controller?
What is your API uptime SLA, your deprecation notice period for models and endpoints, and your policy on maintaining older versions?
Who are your current sub-processors, and what notice do you give before adding new ones?
What happens to our data if we terminate the contract: export format, retention period, deletion certification?
What AI-specific risks (prompt injection, data poisoning, jailbreak, model drift) do you mitigate at the platform level, and how do you communicate residual risk to customers?
What is the total cost over 36 months, including implementation, training, expected add-ons, and the realistic upgrade path as our usage grows?

Scoring vendors: a simple matrix

For each of the five assessment areas, score the vendor 0 to 2 against your written requirements. Zero means a fail (the vendor cannot meet a non-negotiable requirement). One means partial (the vendor meets the requirement but with caveats or at additional cost). Two means full (the vendor meets the requirement on the tier and price being procured). Total the score out of 10.

Area	0 (fail)	1 (partial)	2 (full)
Data residency	No UK or EU option	UK or EU at rest, inference elsewhere	UK or EU at rest and at inference
Training policy	Trains on customer data	Opt-out default, contractually changeable	Contractual no-training guarantee on this tier
Security certifications	None held	One of ISO 27001 / SOC 2 / Cyber Essentials	Two or more, with current reports available
DPA and lawful basis	No standard DPA	Standard DPA but heavy negotiation needed	Standard DPA covering UK and EU GDPR, signed at procurement
Integration and maintenance	Closed API or short deprecation cycles	Open API, 60 to 90 day notice	Open API, documented change policy, 6+ month notice on material changes

A practical procurement threshold: no zeros across any area, and a minimum total of 7 out of 10. Anything below 7, or any zero in any area, should be escalated to senior leadership before contract signing rather than waved through by procurement.

How long should the due diligence take?

For a low-risk procurement of a well-known enterprise AI tool (ChatGPT Enterprise, Claude Team, Microsoft 365 Copilot for an SME), the assessment can usually be completed in two to three weeks: the vendors are familiar, the certifications are public, and the standard DPA is available off the shelf. For a sector-specific or less-established vendor, allow four to eight weeks including legal review of the DPA and security questionnaire responses. For any AI tool that processes special category data under UK GDPR, or that becomes part of a regulated workflow under FCA or MHRA oversight, allow at least eight weeks and budget for sector legal review.

Compressing the timeline is the most common procurement mistake. The cost of an extra two weeks is low; the cost of a contract that allows training on customer data, or that does not include a UK-compliant DPA, is much higher.

Related guidance

Vendor due diligence is one part of a broader AI strategy and compliance posture. For a structured view of the regulatory frameworks that apply to UK AI deployment, see the 2026 UK AI compliance checklist for businesses. For the cybersecurity risks that the procurement process should anticipate, see our AI security risks guide for UK businesses. For the wider strategy context (build vs buy, business case, governance), see the AI strategy section of the Knowledge Hub. To run a structured procurement assessment for a specific use case, see our AI strategy service.

Where to start

If your business is about to procure an AI tool, run the five-area checklist against the candidate vendor before signing. If the contract is already in place, run the same checklist as a post-procurement audit and flag any zero scores for renegotiation at renewal. The minimum useful artefact is a one-page record per vendor that captures: the five area scores, the answers to the 10 RFP questions, the version of the DPA on file, and the date of the most recent security reports reviewed. A UK SME with three to five AI vendors in flight can maintain this register in a single spreadsheet, and it pays for itself the first time a client, auditor, or regulator asks how the business governs its AI supply chain.

AI vendor selection and due diligence: a checklist for UK businesses