AI Vendor Questionnaire Template: EU AI Act Due Diligence for Deployers
Ask the right questions before onboarding an AI vendor. 35+ questions mapped to Articles 6, 13, 14, 43, 47, 53, 72, 73 — deadline 2 December 2027.
Before you sign a contract with an AI system vendor, the EU AI Act creates clear expectations for you as a deployer. Under Article 26, you must use the system only within its intended purpose and verify that the provider has met their obligations. For high-risk AI systems under Annex III, the provider's Annex IV technical documentation is your primary compliance evidence. A standard IT security questionnaire will not get you any of that.
This template organises the questions a deployer should ask across eight themes that map to the Act's obligations on providers. For high-risk AI systems, send the full template and request documentary evidence — not attestations. For minimal- or limited-risk tools, Sections 1, 2, and 4 are usually sufficient.
One framing note: this is deployer due diligence, not a list of statutory "vendor obligations." The Act imposes obligations on providers (Article 16), deployers (Article 26), importers (Article 23), and distributors (Article 24) — "vendor" is not a legal category. When you send these questions, you are exercising your right, and your responsibility, to verify that the provider has done what the law requires.
The compliance deadline for stand-alone high-risk Annex III systems is 2 December 2027, extended from the original August 2026 date under the Digital Omnibus political agreement of May 2026. High-risk AI embedded in regulated Annex I products applies from 2 August 2028. Non-compliance with provider and deployer obligations carries a maximum fine of €15,000,000 or 3% of total worldwide annual turnover, whichever is higher (Article 99(4)).
1. Classification and Role — Is the System High-Risk?
Under Article 6, a system is high-risk if it falls within one of the eight Annex III use-case areas and the Article 6(3) exemption does not apply. That exemption removes high-risk status only where the system performs a narrow procedural task, improves a previously completed human activity, detects patterns without influencing human assessment, or does preparatory work — and it never applies to a system that profiles natural persons.
| # | Question |
|---|---|
| 1.1 | What is the system's full name, version, and the legal name of the organisation placing it on the EU market? |
| 1.2 | Has your organisation conducted a formal classification under Article 6 and Annex III? What is the outcome — prohibited, high-risk, limited-risk, or minimal-risk — and what is the written justification? |
| 1.3 | If high-risk: which Annex III heading applies, and which specific sub-point (e.g. point 4(a) for automated CV screening; point 5(b) for credit scoring)? |
| 1.4 | Does the system incorporate any practice prohibited under Article 5 — including real-time remote biometric identification in public spaces, social scoring, subliminal manipulation, or emotion recognition in workplace or educational settings? Confirm yes / no / not applicable with a brief explanation. |
| 1.5 | Is your organisation the provider of this system (Article 16), or are you a deployer of a third-party system? If the latter, who is the provider, and how are their Article 16 obligations addressed? |
| 1.6 | Has the system's intended purpose been modified since initial market placement? Who determined whether that modification was "substantial" under Article 3(23), and what was the outcome? |
The Article 25 trap. If your organisation puts its own name on a high-risk AI system, substantially modifies it, or changes its intended purpose, Article 25 reclassifies you from deployer to provider — and the full Article 16 obligations become yours: conformity assessment, Annex IV documentation, CE marking, EU database registration. Contracts should require the vendor to notify you before any change that could trigger this shift.
2. Conformity Evidence — Has the Provider Proved Compliance?
For most Annex III systems, conformity assessment follows the internal self-assessment route under Annex VI. For Annex III point 1 systems (biometrics), the Annex VII notified-body route generally applies where harmonised standards have not been used. Once assessed, the provider issues an EU Declaration of Conformity (Article 47), affixes CE marking (Article 48), and registers the system in the EU database under Article 49 (the database established under Article 71).
| # | Question |
|---|---|
| 2.1 | Has conformity assessment been completed under Article 43? Was it internal self-assessment (Annex VI) or conducted by an EU Notified Body (Annex VII)? |
| 2.2 | Is an EU Declaration of Conformity (Article 47) in place? Can a copy be shared? |
| 2.3 | Does the system carry CE marking under Article 48? |
| 2.4 | Has the system been registered in the EU AI Act Database under Article 49? If yes, provide the registration identifier. |
| 2.5 | When was the most recent conformity assessment completed? Has a significant change occurred since then? If yes, was conformity re-assessed under Article 43(4)? |
3. Technical Documentation and Transparency
Article 11 requires providers of high-risk AI to maintain an Annex IV technical documentation file covering nine areas: general system description; design logic; training, validation, and test data information; performance metrics and limitations; monitoring arrangements; the Article 9 risk management system; lifecycle changes; standards applied; and the Declaration of Conformity. Article 13 entitles deployers to information sufficient for meaningful use. Without access to at least a summary of that file, a deployer cannot verify compliance.
| # | Question |
|---|---|
| 3.1 | Is Annex IV-compliant technical documentation maintained? Is a copy or summary available for deployer review under Article 13? |
| 3.2 | Describe the system's general logic and key design assumptions. |
| 3.3 | What training, validation, and test datasets were used? Describe sources, date ranges, geographic coverage, and demographic composition where applicable. |
| 3.4 | What bias testing was conducted? Provide disaggregated performance metrics (accuracy, precision, recall) by relevant demographic subgroups where applicable. |
| 3.5 | What are the system's known limitations and conditions under which performance degrades? |
| 3.6 | What accuracy, robustness, and cybersecurity specifications are declared under Article 15, and what testing underpins them? |
4. Data Governance (Article 10) and GDPR
Article 10 requires that training, validation, and testing datasets are governed by appropriate data governance practices: relevance, representativeness, and freedom from error where feasible. The GDPR runs in parallel: a DPIA under GDPR Article 35 is triggered where processing is likely to result in a high risk to natural persons, and GDPR Article 22 governs automated individual decisions with significant effects.
| # | Question |
|---|---|
| 4.1 | What personal data does the system process during inference? Does it include special-category data under GDPR Article 9? |
| 4.2 | What is the GDPR Article 6 legal basis for inference processing? Where special-category data is involved, which GDPR Article 9 condition applies? |
| 4.3 | Where is data processed and stored? If international transfers occur, what mechanism applies — standard contractual clauses, adequacy decision, or other? |
| 4.4 | How are the Article 10 data governance practices implemented? How is representativeness assessed and discriminatory patterns corrected? |
| 4.5 | Has a DPIA under GDPR Article 35 been conducted? Can the DPIA or its conclusions be shared? Is a Data Processing Agreement in place covering AI inference? |
5. Human Oversight Design (Article 14)
Article 14 is a provider obligation — oversight measures must be built into the system before it reaches the deployer. If the system's architecture does not support meaningful intervention, the deployer's Article 26 duty to implement those measures becomes impossible to discharge.
| # | Question |
|---|---|
| 5.1 | Describe the human oversight mechanisms built into this system under Article 14. How can deployer staff monitor operation in real time, interpret outputs, and override or stop decisions? |
| 5.2 | What information does the system surface to support human review — confidence scores, uncertainty indicators, reasoning explanations, or audit flags? |
| 5.3 | Does the system's design prevent fully automated decisions with significant effects on natural persons without the opportunity for human intervention? How is that implemented? |
| 5.4 | What logs does the system generate under Article 12, and for how long? Are those logs accessible to the deployer? |
6. Logging (Articles 12 and 19), Incident Handling (Article 73), and Post-Market Monitoring (Article 72)
Article 12 requires high-risk AI systems to generate logs automatically. Article 19 requires providers to retain the logs they control for at least six months. Article 73 requires serious incidents to be reported to the national market surveillance authority — within 15 days of awareness under Article 73(2), 2 days for critical-infrastructure disruption or widespread infringement (73(3)), or 10 days where a death has occurred (73(4)). Article 72 governs the provider's ongoing post-market monitoring. These are provider obligations, but deployers need to understand them: contractual and regulatory exposure can run both ways when a provider fails to report.
| # | Question |
|---|---|
| 6.1 | What logging does the system generate under Article 12? What does each log record, how long are logs retained under Article 19, and what logs are accessible to the deployer? |
| 6.2 | Describe the post-market monitoring system maintained under Article 72. What metrics are tracked, and what thresholds trigger escalation? |
| 6.3 | Has this system experienced any serious incidents under Article 3(49) since deployment? Were they reported under Article 73, and what was the outcome? |
| 6.4 | What is the vendor's contractual commitment on deployer notification timelines for serious incidents or significant system changes? |
7. GPAI — Downstream Documentation (Articles 53 and 55, Annex XII)
GPAI model obligations under Article 53 have applied since 2 August 2025. Article 53 requires all GPAI providers to produce technical documentation and supply downstream deployers — via an Annex XII technical summary — with information sufficient to understand the model's capabilities, limitations, and terms of use. For systemic-risk GPAI models (Article 51's rebuttable presumption applies at 10²⁵ FLOP training compute), additional safeguards under Article 55 apply.
| # | Question |
|---|---|
| 7.1 | Does this system constitute or incorporate a GPAI model under Article 3(63)? If yes, which model, and who is the GPAI model provider? |
| 7.2 | Has the GPAI model been designated systemic-risk under Article 51? If yes, what Article 55 safeguards — adversarial testing, incident reporting, cybersecurity measures — has the GPAI provider implemented? |
| 7.3 | What downstream documentation does the GPAI provider supply under Article 53(1)(b)? Is an Annex XII technical summary available to you as the deployer? |
| 7.4 | What are the GPAI provider's use-case restrictions, and do they affect the deployer's intended application? |
8. Post-Market Monitoring, Updates, and Ongoing Commitment
Compliance at launch does not mean compliance at renewal. AI systems change; datasets drift. The deployer needs contractual certainty that the provider will maintain compliance and will give notice when something material changes.
| # | Question |
|---|---|
| 8.1 | What is the vendor's process for maintaining EU AI Act compliance through the system's lifecycle, including after the 2 December 2027 high-risk deadline? |
| 8.2 | Does the vendor commit contractually to notifying the deployer before any significant change that may trigger re-conformity assessment under Article 43(4) or a change in intended purpose? |
| 8.3 | What audit rights does the deployer have over Annex IV technical documentation after a significant system change? |
| 8.4 | What professional liability or errors-and-omissions insurance does the vendor carry that covers AI Act non-compliance claims? |
Scoring and Evaluation
Weight responses by risk tier. For high-risk AI systems, a questionnaire answer is the opening step in due diligence — documentary evidence must be reviewed.
Disqualifiers for high-risk AI deployment:
- System classified as prohibited under Article 5
- No conformity assessment completed
- Provider cannot produce any Annex IV technical documentation
- No human oversight mechanism built into the system
- Serious incidents have occurred without regulatory notification under Article 73
Red flags requiring follow-up:
- Classification analysis absent or superficial — "we don't think it's high-risk" without Annex III analysis
- Technical documentation exists in principle but unavailable for deployer review
- Human oversight exists on paper but the system architecture does not support meaningful intervention
- No DPIA under GDPR Article 35 for a system processing personal data at scale
- Vendor cannot identify the GPAI model provider or confirm whether an Annex XII summary exists
Strong positive indicators:
- Technical documentation proactively shared without being pressed
- Notified Body conformity assessment (Annex VII) for biometric systems
- Disaggregated performance metrics available without being asked
- ISO/IEC 42001 certification in place or formally in progress
- Named AI compliance contact who speaks to specific Article references, not just general policy
How Confir Helps
Confir's rule-based engine records vendor responses against specific obligations — classification under Articles 5 and 6, conformity evidence under Articles 43, 47, 48, and 49, transparency under Article 13, human oversight under Article 14. The same intake always produces the same finding: deterministic, reproducible, explainable. Where responses point to a gap, Confir flags it against the relevant Article so your team knows what to escalate. Vendor assessments feed into your organisation-wide AI register under the AIGM governance module (Articles 9, 72, 73). Pricing starts at €600/year.
Frequently Asked Questions
Is sending this questionnaire sufficient for EU AI Act deployer compliance?
No. Article 26 requires deployers to verify that providers have conducted an appropriate conformity assessment — not merely to collect attestations. For high-risk AI systems, you should review the actual Annex IV technical documentation, not just a questionnaire answer that claims it exists. A vendor's "yes, we're compliant" carries no evidential weight without the documentation behind it. Treat questionnaire responses as the opening step in due diligence, not the conclusion.
How often should we re-send this questionnaire to existing AI vendors?
At minimum annually, and whenever a vendor announces a significant model update, a retraining cycle, a change to the system's intended purpose, or an incident. Article 26 requires deployers to use AI systems in accordance with the provider's instructions — and those instructions change when systems change. This is an ongoing obligation, not a one-time onboarding exercise.
What if a vendor refuses to answer questions about technical documentation?
For high-risk AI systems, refusal to provide or summarise Annex IV technical documentation is a compliance failure on the vendor's part. Article 13 requires providers to supply deployers with information sufficient to understand the system's capabilities, limitations, and oversight requirements. A vendor who cannot produce that material is in breach of their transparency obligations. For minimal- or limited-risk systems, incomplete responses may be proportionate depending on the use case.
Does the Article 25 role-shift risk affect how we should structure vendor contracts?
It should. If your organisation puts its own name on an AI system, substantially modifies it (as defined in Article 3(23)), or changes its intended purpose in a material way, Article 25 reclassifies you from deployer to provider — triggering the full Article 16 obligation stack: conformity assessment, Annex IV documentation, CE marking, EU database registration. Contracts should require the vendor to notify you before any change that could trigger this shift and confirm that the vendor carries Article 16 obligations for the system as supplied.
Should this questionnaire go to SaaS vendors whose products include AI features?
Yes, where the AI feature performs a function that qualifies as high-risk under Annex III — regardless of how peripheral it is to the broader product. A recruitment module with automated CV screening is Annex III point 4(a) whether it is a standalone product or embedded in an HRIS. The deployer's Article 26 obligation applies to the AI feature regardless of how it is packaged. If the vendor cannot tell you whether their AI feature has been classified, that is itself a significant finding.
What is the penalty exposure if a deployer relies on a non-compliant vendor?
The deployer's own exposure under Article 26 is separate from the provider's under Article 16. Using a high-risk AI system without verifying the provider's conformity assessment is a breach of Article 26 — carrying a maximum fine of €15,000,000 or 3% of total worldwide annual turnover, whichever is higher, under Article 99(4). The vendor's non-compliance does not insulate the deployer. For SMEs and start-ups, Article 99(6) caps the fine at the lower of the fixed amount or the percentage — but compliance remains mandatory.
Related guides
- EU AI Act deployer compliance checklist
- open source AI exemptions
- importer and distributor duties
- deployer obligations framework
- AI policy template
- Article 13 transparency requirements
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →