"That line might have been enough to get through informal supplier due diligence in 2023 but it will not survive the next serious round of tenders. Enterprise buyers, particularly in government, defence and critical national infrastructure (CNI), are now using AI heavily themselves. They understand the risk language. They are making connections between AI, data protection, operational resilience and supply chain exposure."
"Instead of the soft "Do you use AI in your services?", you can expect wording more like: "Please describe your controls for generative AI, including data sovereignty, human oversight, model accountability and compliance with relevant data protection, security and intellectual property obligations." Underneath that line sit a number of very specific concerns. Where is client or citizen data going when you use tools such as ChatGPT, Claude or other hosted models?"
Enterprise procurement teams in government, defence and critical national infrastructure increasingly require demonstrable AI governance. Questions in RFPs now demand descriptions of generative AI controls, including data sovereignty, human oversight, model accountability, and compliance with data protection, security and intellectual property obligations. Specific procurement concerns include data transit and residency, human review of AI-assisted outputs before critical or safety-related decisions, and ownership and reuse of prompts and outputs. Generic boilerplate responses fail to address these concerns and indicate lack of structured governance. Many professional services organisations use AI operationally while lacking formal governance frameworks.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]