5 critical questions to ask AI vendors

In a rapidly evolving AI landscape, business leaders must exercise due diligence when partnering with vendors offering AI-enabled solutions. To safeguard data privacy, regulatory compliance, and organizational integrity, it’s essential to ask the right questions. Below are five critical questions — each addressing a fundamental area of concern — adapted for clarity and impact in today’s business environment. 

1. Do you use AI, and where is it applied in your software? 

Understanding how and where AI is embedded in a platform is foundational. Whether it’s non-generative AI predicting employee turnover or generative AI summarizing performance reviews, ask vendors to specify the AI functions in use, the type of assistance it provides, and whose models it relies on — be it OpenAI, Anthropic, or another provider. This visibility is crucial to assess how your data might be processed or exposed. 

2. Can AI features be toggled on or off by role, geography, or individual? 

With AI-related legislation varying across regions — even city by city — organizations must retain control over where and how AI is used. Ask vendors whether you can disable AI features for specific users or jurisdictions, particularly as many platforms now auto-enable new AI capabilities without consent. Flexibility is key to staying compliant and maintaining user trust. 

3. Is the AI model private to our company or a shared, general model? 

When vendors leverage AI to make predictions or summarize your data, it’s important to understand where that data goes. Does it feed into a general-purpose model like ChatGPT, or is a private model used exclusively for your organization? This has implications for data ownership, confidentiality, and whether your proprietary information is being reused to train third-party models. 

4. Are users informed when AI is involved in their activities? 

Transparency is more than ethical — it’s a regulatory requirement in many jurisdictions. Users should be notified when AI is active, similar to consent prompts in platforms like Microsoft Teams. Ask whether your vendor provides visible notifications or opt-ins, especially when AI could be recording, summarizing, or interpreting user behavior. Legal obligations may vary by country or state. 

5. Where are the models hosted and where is the data processed? 

Ask vendors to clearly disclose where your data is hosted, processed, and stored. This affects both trust and compliance, especially in regulated sectors or when operating across borders. Data residency laws can impose steep penalties for violations, so demand contractual clarity from your vendor. Also inquire if third parties process or store your data as part of AI model interactions. 

Enjoy your journey with AI, but keep in mind it is your valuable corporate data, not the vendor’s. In the case of employee data, it also represents the private data of an individual working for your organization. Don’t assume that everyone treats it with the level of respect that you do. 

Interested in learning more about the right questions to ask AI vendors? Read our latest guide, The 5 non-negotiables of adopting AI for HCM.