TL;DR
  • Most professional services firms onboard AI vendors with the same due diligence they would apply to a SaaS project management tool. That is not adequate when client data is involved.
  • GDPR Article 28 requires a signed Data Processing Agreement before any third-party processor handles personal data. Many AI vendor contracts do not include one by default.
  • The EU AI Act creates additional documentation obligations for AI systems used in high-risk contexts, including legal, financial, and compliance work.
  • Eight questions — each with concrete red flags — that every regulated team should require answers to before any AI vendor contract is signed.

The speed at which regulated professional services firms are onboarding AI vendors has outpaced the maturity of procurement processes designed to evaluate them. A law firm that would spend six weeks conducting security reviews on a new client matter management system will sign an AI document drafting tool in a week because a senior partner saw a demo and liked it. An accounting practice that requires board approval for any software with access to financial records will grant an AI assistant broad access to client data under a standard SaaS subscription agreement because the monthly cost falls below the approval threshold.

The risk profile of these decisions is not proportionate to the process being applied to them. AI tools that handle client data are data processors under GDPR. They carry data sovereignty implications. They create audit trail obligations. They may interact with high-risk decision-making processes that are covered by the EU AI Act. The fact that they are sold on a credit card does not change what they do with data.

The following eight questions are the minimum due diligence standard for any AI vendor that will touch client data in a regulated professional services context. Each question is followed by the answer you need to see — and the red flags that should give you pause or stop the deal entirely.

Question 1: Where is data processed, and in which jurisdictions can it be stored?

Data residency is not a technical preference — it is a legal requirement for many regulated firms. Under GDPR, transfers of personal data to third countries outside the EEA require appropriate safeguards. Under sector-specific regulation, some client data may be subject to localisation requirements. Under professional privilege rules, the geographic scope of data access can affect privilege protection.

Ask the vendor to specify, in writing: the data centres or cloud regions where processing occurs, the jurisdictions where data can be stored at rest, whether subprocessors in other jurisdictions may access data, and whether you can contractually restrict processing to a specific region.

Red flags
  • The vendor cannot name the specific regions where data is processed or stored — only general language like “global infrastructure.”
  • Data is processed in the US without an adequacy decision, Standard Contractual Clauses, or a documented Transfer Impact Assessment.
  • The vendor uses subprocessors in multiple jurisdictions but does not maintain a current, accessible subprocessor list.
  • Regional restriction is available only on enterprise plans, with no clarity on what the standard plan does.

Question 2: Is my data used to train or fine-tune AI models?

This is the question that most firms fail to ask, and the one with the most serious implications if the answer is yes. When a user submits client data to an AI tool and that data is used to improve the underlying model, the data enters a training pipeline that may be used by the vendor’s other customers, either directly or through improved model outputs.

For a law firm, this means that privileged communications used as training data could conceptually influence outputs generated for other firms. For an accounting practice, client financial information used in training could affect how the model handles similar data for other clients. These are not theoretical concerns — they are the logical consequence of model training on user-submitted data.

The acceptable answer is an unambiguous contractual commitment: your data is never used for model training, fine-tuning, or evaluation. This must be in the Data Processing Agreement, not just a marketing page.

Red flags
  • The vendor says data is “not used for training by default” but offers no contractual commitment — defaults can change.
  • Training opt-out requires a specific setting that must be enabled per account or per user, with no guarantee it applies retroactively.
  • The Terms of Service include language granting the vendor a licence to use submitted content to “improve services” without defining what that means.
  • The vendor cannot confirm whether anonymised or aggregated versions of your data may be used in training pipelines.

Question 3: What is the data retention policy, and can data be deleted on request?

GDPR’s storage limitation principle (Article 5(1)(e)) requires that personal data is kept no longer than necessary for the purpose for which it was collected. When an AI vendor retains conversation history, uploaded documents, or prompt logs for purposes that extend beyond the immediate transaction, your firm is responsible for ensuring that retention is lawful and documented.

Ask the vendor to specify: default retention periods for prompts, responses, and uploaded documents; whether retention can be configured or reduced; and whether your firm can request deletion of specific data or all data on account closure, with a contractual SLA for deletion confirmation.

Red flags
  • The vendor retains conversation history indefinitely “to improve your experience” with no maximum retention period.
  • Data deletion on account closure is promised but the SLA for completion is not specified or is longer than 30 days.
  • The vendor cannot confirm whether backup copies are included in deletion requests or retained separately.
  • Uploaded documents are retained for longer than prompts, but the vendor cannot explain the business justification for the difference.

Question 4: Who within the vendor organisation has access to my data?

AI vendors frequently grant engineering, support, and product teams access to user data for debugging, product improvement, and quality assurance. In a regulated context, every human who can access client data is a potential breach vector and a potential GDPR accountability question. Your firm needs to know who can access what, under what circumstances, and with what controls.

Require the vendor to specify: which roles have access to submitted data and conversation history; whether human review of prompts or outputs occurs and for what purposes; what access controls, audit logging, and background check standards apply to those personnel; and whether access is possible for personnel outside the vendor’s primary jurisdiction.

Red flags
  • The vendor says “only authorised personnel” have access but cannot define what authorised means or provide a role list.
  • Human review of conversations occurs for quality assurance without explicit disclosure in the contract or DPA.
  • Support staff in jurisdictions outside the EEA can access data without this being reflected in the transfer documentation.
  • There is no internal audit log of which vendor employees have accessed which customer data.

Question 5: Is there a complete audit trail of all AI interactions?

Regulated firms operate under audit trail obligations that extend to AI-assisted decisions. An AML analyst who uses an AI tool to help draft a Suspicious Activity Report must be able to demonstrate, in a regulatory examination, what information was provided to the AI and what came back. A lawyer who uses AI to assist with a research memo must be able to reconstruct the process if it is ever challenged. Without vendor-provided audit logging, these obligations cannot be met.

Ask whether the platform provides: timestamped logs of all prompts and responses, attributed to individual users; logs of all documents uploaded and processed; the ability to export those logs in a standard format; and retention of logs for a period consistent with your regulatory obligations (typically five to seven years for financial services and legal).

Red flags
  • Audit logs are available only in the UI, not exportable, making them inaccessible if you terminate the contract.
  • Logs are retained for 90 days or less, which is inadequate for most regulatory frameworks.
  • Individual user attribution is not available — only organisation-level activity is logged.
  • The vendor treats audit logging as an enterprise add-on rather than a baseline feature.

Question 6: What happens to my data on contract termination?

Contract termination clauses for AI vendors frequently receive less scrutiny than they deserve. What happens to data that was processed during the contract term — conversation history, uploaded documents, derived outputs — once the relationship ends is a GDPR Article 28 question with practical significance. Data that remains in a vendor’s systems after termination is data you can no longer manage, audit, or delete on behalf of your clients.

The contract should specify: a maximum period after termination within which all data is deleted (30 days is a reasonable standard); a written confirmation of deletion that you receive automatically; whether any data is retained in backup systems and for how long; and what happens to derived or synthesised data that the vendor may have generated from your inputs.

Red flags
  • The contract is silent on post-termination data handling, leaving it governed only by the vendor’s privacy policy, which can change unilaterally.
  • The vendor retains data “for legal purposes” after termination without specifying what those purposes are or how long they apply.
  • No written deletion confirmation is provided — you are expected to trust that deletion occurred.
  • Data export before termination is not available or is chargeable, creating a lock-in dynamic that disadvantages you during contract renewal.

Question 7: Is there a Data Processing Agreement, and does it satisfy GDPR Article 28?

GDPR Article 28 requires that where a controller engages a processor, the processing must be governed by a contract that sets out the subject matter, duration, nature, and purpose of the processing, the type of personal data and categories of data subjects, and the obligations and rights of the controller. This is not optional and it is not satisfied by a standard Terms of Service agreement.

A compliant DPA must include: the specific categories of personal data that will be processed; a commitment to process data only on documented instructions from your firm; subprocessor obligations and a mechanism for notifying you of changes; security measures (typically referenced to Article 32 standards); obligations to assist with data subject rights requests; and deletion or return of data on termination.

For AI vendors deploying systems in high-risk contexts under the EU AI Act — which includes AI systems used to assist legal interpretation, financial advice, or compliance determinations — the DPA should also address AI Act obligations, including transparency, human oversight provisions, and record-keeping for high-risk AI systems.

Red flags
  • The vendor offers a DPA only on enterprise contracts, implying that smaller customers are expected to accept data processing without one.
  • The DPA is a generic template that does not reference the specific types of data or use cases involved in your engagement.
  • The DPA does not include a complete subprocessor list or a mechanism for you to object to new subprocessors.
  • The vendor’s legal team is unable to confirm whether the platform constitutes a high-risk AI system under the EU AI Act or has not conducted that assessment.

Question 8: What is the incident response SLA, and how will you notify us of a breach?

GDPR Article 33 requires that controllers notify their supervisory authority of a personal data breach within 72 hours of becoming aware of it. Article 28(3)(f) requires that data processors notify controllers “without undue delay” after becoming aware of a breach. In practice, “without undue delay” needs to be defined in contract as a specific timeframe — because a processor who notifies you at hour 71 of a breach they discovered at hour 1 has given you no meaningful time to meet your own obligations.

The contract should specify: a maximum period for initial breach notification (24 hours is the appropriate standard for regulated sectors); what information must be included in the initial notification; the process for ongoing updates as the incident is investigated; and whether the vendor’s cyber insurance covers third-party claims arising from a breach of your client data.

Red flags
  • The vendor’s breach notification commitment is “as soon as reasonably practicable” with no defined timeframe.
  • The notification process requires you to discover the breach yourself and submit a support ticket — there is no proactive outreach obligation on the vendor.
  • The vendor has no documented incident response plan or cannot confirm when it was last tested.
  • Liability for breaches caused by the vendor is capped at the contract value, which may be a small fraction of the regulatory fines or client claims that could arise.
Before you sign: the minimum bar

No AI vendor handling client data in a regulated context should be onboarded without all of the following in place:

  • A signed, Article 28-compliant DPA specific to your use case
  • A written commitment that data is not used for model training
  • Documented data processing locations and a complete subprocessor list
  • Contractual breach notification within 24 hours of vendor awareness
  • Audit log access with export capability and retention matching your regulatory obligations
  • A defined post-termination deletion SLA with written confirmation

If a vendor cannot provide all of these, the risk is not mitigated by the quality of the product.

The regulatory context: why this matters more now than it did two years ago

Two developments have significantly raised the stakes on AI vendor due diligence in 2026. The first is the EU AI Act. The Act’s provisions on high-risk AI systems apply to systems used in the administration of justice and democratic processes, in employment decisions, in access to essential private services, and in credit, insurance, and financial services assessments. Many of the AI tools being adopted by law firms and financial services providers fall within these categories. The Act requires deployers of high-risk AI systems to implement risk management measures, ensure human oversight, maintain logs, and conduct fundamental rights impact assessments. If you are using a vendor’s AI system in these contexts, you need to know whether the vendor has classified it as high-risk and what their obligations are under the Act.

The second development is enforcement maturity. Supervisory authorities across the EU have moved from the “guidance and awareness” phase of GDPR enforcement into systematic examination of data processor relationships. The CNIL in France, the DPC in Ireland, and the Dutch Autoriteit Persoonsgegevens have all conducted investigations that included scrutiny of controller-processor agreements and the adequacy of processor oversight. The probability that your AI vendor relationships will be examined — whether directly or as part of a broader investigation — is meaningfully higher in 2026 than it was in 2022.

The firms that will weather this scrutiny are those that treated AI procurement with the same rigour they applied to any other significant data processing relationship. That rigour starts with asking the right questions before the contract is signed — because the leverage you have as a prospective customer is significantly greater than the leverage you have as a locked-in client.

A practical step: Create a one-page AI vendor due diligence checklist based on the eight questions above and require its completion for any AI tool that will interact with client data, regardless of contract value. Route completion through your DPO or compliance lead. The checklist is your documentation that due diligence was conducted — which matters as much as the answers themselves if you are ever required to demonstrate your processor oversight obligations under GDPR Art. 28(1).

AI that arrives with due diligence already done

HubSecure is purpose-built for regulated professional services teams. EU data sovereignty, zero training on your data, full audit logs, GDPR Art. 28-compliant DPA, and 24-hour breach notification — all standard, not enterprise add-ons.

See a demo