Free buyer tool

Supplier Evidence Request Builder

Sourcing from an EU supplier whose product or service uses AI? Pick your profile and get a tailored list of the evidence you should request, aligned with ISO/IEC 42001, ISO 27001 and the EU AI Act. No data stored.

What are you sourcing?

Risk & scope

The AI is used in a high-risk context (EU AI Act Annex III, e.g. HR, credit, safety).The AI processes personal data.I expect / require ISO/IEC 42001 (AI management).I expect / require ISO/IEC 27001 (information security).

Your evidence request

8 items based on your profile

Governance & certificates

Named point of contact for AI governance / compliance (name, role).
List of AI systems embedded in the supplied product/service, including purpose.

AI-specific (ISO 42001 / EU AI Act)

ISO/IEC 42001 certificate (scope) or readiness status with timeline.
Statement of Applicability (SoA), which of the 38 Annex A controls are applied.
AI System Impact Assessment (AIIA, ISO/IEC 42005) for the relevant AI systems.
EU AI Act risk classification of the AI function (prohibited / high-risk / transparency / minimal) with rationale.

Technical documentation

Model card / datasheet: training data provenance, known limitations, evaluation metrics.
Post-market monitoring & incident reporting process (how are drift/failures detected and reported?).

Orientation, not legal advice. Adapt to your contract and sector.

Want this verified, not just collected?

A second-party audit checks whether the evidence holds up in practice, on your behalf, at your supplier.

Discuss a supplier audit