FREE RESOURCE
How to audit your AI vendors
Most companies use more AI vendors than they realize. The resume screener, the chatbot, the tool that scores candidates: each one shapes a real decision about a real person.
Under new laws in the US, EU, UK, and South Korea, you're responsible for what those tools do. This checklist walks you through your AI footprint, vendor by vendor, so you can catch the risks before a regulator or a candidate does.
What you’ll find in this guide:
- A map of every tool you're running. Write down what each vendor actually does and whether it touches a real decision like hiring, pay, or promotion. You can't manage a risk you haven't named.
- The questions that expose a weak vendor. Ask for their latest bias audit and find out whether your data trains their model. If they can't answer, that's your finding.
- The 80% rule, in plain English. Pull your own outcome data and flag any group scoring below 80% of your top-performing group. That's the federal benchmark for adverse impact, and the burden to check it sits with you.
- The contract traps to catch before you sign. Audit rights, auto-renewal windows, and indemnification decide who's on the hook when a tool causes harm. Know the answers before the renewal date does.
- What the new laws actually expect. AI obligations took effect across the EU, UK, and South Korea in 2025 and 2026. See what counts as compliance and where your team is exposed today.