Hael
Sign inRequest a demo
Vendor Due Diligence

Govern the AI you buy as closely as the AI you build.

One verified vendor profile, evaluated against your obligations and reviewed when their stance changes — not a PDF that ages on a SharePoint.

Vendor · model platform · profile
Verified · 9 enterprises
Vendor side
One profile, kept current.
Model lineage
Sub-processors
Certifications
Data handling
Your side
Evaluated against your obligations.
EU AI Act · Annex III(5)Met
ISO/IEC 42001 · 8.4Met
GDPR · Art. 28 DPAOpen
Updated by vendor · flagged to buyers on changeLive
The problem

The questionnaire is everyone's worst week.

Every buyer sends the same 240-question spreadsheet. Every vendor answers in a slightly different way. Neither side is sure when the answer was last true.

And the most important question — has anything material changed — is rarely asked.

Today · 240-row spreadsheet
Stale on receipt
Same questions, slightly different in every enterprise
Answers as of when the vendor last touched it
No re-issue when the vendor's posture changes
Buyers reconcile vendor names across three documents
How it works

Two sides, one profile.

01
Vendor profile, authored once
The vendor maintains a verified profile — model lineage, data handling, certifications, sub-processors — and updates it when it changes. Once, not per buyer.
Vendor maintains
One profile · many buyers
02
Buyer view, scoped to obligations
You see the vendor evaluated against your frameworks and jurisdictions — what is in scope, what is held open, what is non-compliant.
In scopeok
Metok
Held openopen
03
Continuous review
A material change on the vendor profile flags every buyer who depends on it. The record knows which enterprises are exposed.
Change flagged
9 buyers notified
Sub-processor added · today
Registry · AGT-014
vendor →
Vendor profile
verified · current
A vendor change opens an event on every registry record that links to it.
Through-line

The vendor becomes part of your record.

Each engagement links to the vendor profile from the system record. A vendor change is a registry change, with the same audit chain as anything you build in-house.

One source of truth, both sides.

Proof

A vendor profile, against your obligations.

Same vendor; verdict shaped by the obligations you carry. Sourced and honest about gaps.

Vendor · model platform · against your obligations
Sourced
EU AI Act · Annex III(5)(b)Vendor attested · 2 Jun · Annex IV readyMet
ISO/IEC 42001 · 8.4Certified · cert 42001-2451 · expires MarMet
GDPR · Art. 28 · DPAHeld open · DPA pending sub-processor amendmentHeld open
NIST AI RMF · ManageVendor self-asserted · awaiting attestationHeld open
See it on a real record

See a vendor evaluated against your record.