Blog

Third-Party AI Risk: The Five Clauses Your Contracts Can’t Skip in 2025

TL;DR: Most organizations already rely on AI vendors—model providers, API services, plugins, copilots—but few contracts actually control the risks. A missed clause today can mean data misuse, vendor lock-in, or regulatory exposure tomorrow. This playbook explains the five clauses every 2025 AI contract needs, how to operationalize them, and what evidence auditors expect.

1) Why Third-Party AI Risk Is Different

Traditional SaaS risk assumes predictable data handling. Generative AI changes that:

• Data reuse: Prompts, embeddings, and fine-tunes may train future models unless contractually barred.
• Opaque versions: Vendors silently update models, altering behavior without notice.
• Cross-tenant exposure: Shared infrastructure can leak embeddings, context, or logs.
• Expanding footprint: One vendor often chains several sub-processors (API ↔ cloud ↔ model host).
• Regulatory heat: GDPR, HIPAA, and the EU AI Act demand transparency and traceability.

Principle: Third-party AI control ≠ one DPA paragraph. It’s a stack of enforceable clauses that cover data, model, and lifecycle risk.

2) The Five Clauses You Can’t Skip

1️⃣ Data Use & Retention

Goal: Stop your data from training others’ models.

Ask for:

• “Processor shall not use Customer Data for model training or tuning outside this engagement.”
• Explicit retention period (≤ 30 days) and certified deletion upon termination.
• Option to verify via audit or attestation.

Why: Without this, every prompt or log might become training data.

2️⃣ Inference Isolation & Security

Goal: Prevent cross-tenant leaks and ensure secure computation.

Ask for:

• Logical isolation (VPC or dedicated tenant) and encryption in transit/at rest.
• No shared caching or embedding stores across tenants.
• Breach notification window ≤ 72 h.
• Annual independent assurance (SOC 2 Type II, ISO 27001, or equivalent).

Why: LLMs and vector databases are memory-heavy; isolation failures expose embeddings and context.

3️⃣ Model Transparency & Change Control

Goal: Know what you’re actually running.

Ask for:

• Model identifiers, version numbers, and date of last update.
• Notification ≥ 14 days before material changes.
• Access to a model card (intended use, limits, benchmarks, known risks).
• Right to request regression test results for updates.

Why: “Same endpoint, new behavior” is an operational risk; you can’t validate what you can’t see.

4️⃣ Exit & Portability

Goal: Avoid vendor lock-in and data loss.

Ask for:

• Export of prompts, logs, embeddings, fine-tunes in open formats (JSON/CSV/Parquet).
• Assistance in migrating to another provider at reasonable cost.
• Obligation to delete all copies post-handoff.

Why: Model pipelines evolve fast; switching should be reversible and provable.

5️⃣ Sub-Processor Disclosure & Flow-Down Obligations

Goal: Know who actually handles your data.

Ask for:

• Full list of sub-processors (cloud, model host, logging, analytics).
• Advance notice before adding new ones.
• Flow-down of all data-use, retention, and security terms.
• Right to object or terminate for cause.

Why: Many “AI startups” are just front-ends to larger APIs; you need visibility beyond the logo.

3) Additional Clauses for Higher-Risk Use Cases

If the AI system touches regulated data or performs autonomous actions, add:

• Human-in-the-Loop (HITL) obligations – irreversible actions require confirmation workflows.
• Audit & Access rights – on-site or remote inspections, annual evidence review.
• Incident reporting SLAs – time-bound remediation and customer notification.
• Liability caps linked to data type – higher cap for regulated content.
• Insurance proof – cyber or errors-and-omissions coverage specific to AI services.

4) How to Operationalize These Clauses

1. Build an AI Vendor Register
   
   • Columns: Vendor | Service | Model | Data Types | Risk Tier | Renewal Date | DPA Status | Audit Evidence.
   • Owners: Procurement + Security + Legal.
3. Tier Vendors by Risk
   
   • Low: Public-info summarizers, marketing tools → yearly attestations.
   • Medium: Internal copilots → quarterly reviews.
   • High: Regulated data or automated decisions → full contract + technical audit.
5. Use a Pre-Contract Checklist
   
   • Verify the five clauses + optional add-ons are in place.
   • Route through Legal, Privacy, and Security before signature.
7. Post-Contract Monitoring
   
   • Track model versions, incidents, and change notices.
   • Re-run validation/golden tests after vendor updates.
   • Schedule annual evidence collection (SOC reports, pen-test summaries).

5) Evidence Auditors Will Ask For

Control Area	Evidence Example	Owner
Data Use & Retention	Signed DPA; deletion certificate	Privacy
Isolation & Security	SOC 2 Type II or ISO 27001 report	Security
Model Transparency	Version log; regression results	Product/IT
Portability	Export test file; deletion confirmation	IT
Sub-Processors	Current list; change notices	Procurement

Keep all evidence linked to the vendor record in your GRC or risk tool.

6) KPIs and KRIs to Track

• % of vendors with complete 5-clause coverage (target > 95 %).
• Days to contract remediation after gap found.
• Model-version drift incidents reported vs. prior quarter.
• Breach or policy-violation count linked to third parties.
• Mean time to vendor notification after incident (≤ 72 h target).

7) 30/60/90-Day Implementation Plan

Days 0–30 — Discover & Assess

• Build AI Vendor Register; classify by data and use case.
• Identify missing DPAs and absent clauses.
• Pause renewals for high-risk vendors until review.

Days 31–60 — Remediate & Standardize

• Update contract templates with the five clauses.
• Roll out Pre-Contract Checklist to Procurement.
• Obtain latest SOC/ISO evidence; close retention and transparency gaps.

Days 61–90 — Monitor & Report

• Launch quarterly vendor-change review meeting.
• Add clause coverage and evidence KPIs to risk dashboard.
• Publish summary metrics to Risk or Audit Committee.

8) Common Pitfalls

• “Covered by our DPA” assumption → DPAs rarely mention models or embeddings.
  Fix: Add explicit AI-specific language.
• Vendor silence on model updates → no regression testing.
  Fix: Contract for advance notice and version visibility.
• No export path → vendor lock-in.
  Fix: Test exports annually.
• Undefined sub-processors → surprise cloud locations.
  Fix: Demand lists and notification rights.
• One-time due diligence → aging evidence.
  Fix: Continuous monitoring and annual attestations.

Bottom Line

Third-party AI risk is contract risk in disguise. The **five clauses—Data Use, Isolation, Transparency, Portability, and Sub-Processors—**are your minimal viable control set. Encode them in every agreement, verify evidence, and track compliance like uptime. That’s how you make “AI vendor trust” something you can measure, audit, and prove.

October 10, 2025