AI Third-Party Risk Management Under Global AI Regulations

DORA, the EU AI Act, and US enforcement are reshaping AI third-party risk management. Learn how vendor AI assessments apply across jurisdictions.

What AI Regulations Mean for Your TPRM Program: EU AI Act, DORA, and the US Patchwork

AI vendors occupy a new regulatory position in third-party risk management. They are no longer simply software suppliers assessed under standard cybersecurity and data privacy criteria.

Depending on which services they provide and in which jurisdictions their customers operate, AI vendors may now be simultaneously subject to the EU’s Digital Operational Resilience Act as ICT third-party service providers, the EU AI Act as providers or deployers of high-risk AI systems, US state-level algorithmic accountability laws, and sector-specific guidance from financial regulators. For TPRM teams, this creates overlapping obligations that require a more structured approach to vendor AI assessment than most programs currently apply.

The regulatory frameworks that now directly shape AI third-party risk management programs are DORA, the EU AI Act, the evolving US federal-state landscape, and ISO 42001, which is becoming the practical governance benchmark for AI vendor evaluation. Once a functioning third-party risk management program is in place, the question becomes how to extend that program to ensure coverage of AI vendor relationships.

  1. Why AI Vendors Now Sit at the Intersection of Two Regulatory Regimes
  2. What DORA Requires of Financial Entities Managing AI Vendors
  3. What the EU AI Act Requires When Your Vendors Deploy High-Risk AI Systems
  4. The US Regulatory Landscape: Fragmentation, Enforcement, and a Federal Preemption Attempt
  5. ISO 42001: The Vendor Assessment Benchmark Your Program Needs
  6. Why Most TPRM Programs Are Not Ready for AI Vendor Compliance
  7. Building a Vendor AI Assessment Framework That Works Across Jurisdictions
  8. What TPRM Programs Should Do Now
  9. AI Third-Party Risk Management: Common Questions

Why AI Vendors Now Sit at the Intersection of Two Regulatory Regimes

The Digital Operational Resilience Act (Regulation (EU) 2022/2554, “DORA”) became applicable across all EU member states on January 17, 2025. It applies to approximately 22,000 EU financial entities and their ICT third-party service providers, regardless of where those providers are headquartered. Under DORA Article 28, financial entities bear full responsibility for managing the risks arising from their ICT third-party relationships and must conduct documented, evidence-grade due diligence before contract, at renewal, and on an ongoing basis.

AI vendors, including generative AI platforms, inference services, and AI-enabled SaaS tools, fit squarely within DORA’s definition of ICT third-party service providers. As DeepInspect has noted, providers including OpenAI, Anthropic, Microsoft, AWS, Google, and Mistral all meet the definition.
The regulation treats AI inference as an ICT service, and financial entities that purchase it carry the Article 28–30 obligations.

The EU Artificial Intelligence Act (Regulation (EU) 2024/1689, “EU AI Act”), which entered into force on August 1, 2024, adds a second layer. The AI Act applies a risk-based classification system to AI systems.

Systems classified as high-risk, those used in employment, credit scoring, insurance, education, law enforcement, border control, and critical infrastructure, among other categories listed in Annex III, carry specific compliance obligations for both providers and deployers. An organization that licenses a third-party AI tool and deploys it for consequential decisions in these categories is a deployer under the AI Act, with its own set of obligations around human oversight, transparency, and record-keeping, even if it did not build the underlying model.

The practical implication is that a single AI vendor relationship may trigger obligations under both frameworks simultaneously. A financial services firm using a third-party AI platform for credit risk decisioning must assess that vendor as an ICT third-party provider under DORA Articles 28–30 and as a high-risk AI system deployer under the EU AI Act. DORA governs operational resilience, concentration risk, and contractual adequacy; the EU AI Act governs algorithmic transparency, fairness, human oversight, and conformity assessment. A vendor can satisfy one and fail the other.

What DORA Requires of Financial Entities Managing AI Vendors

DORA Chapter V (Articles 28–44) governs ICT third-party risk management for in-scope financial entities. Article 28 establishes the core obligations. Financial entities must maintain a comprehensive understanding of how DORA relates to other TPRM frameworks (RoI), documenting all contractual arrangements with ICT third-party service providers at the entity, sub-consolidated, and consolidated levels, per Article 28(3).

For AI vendors providing services that support critical functions, Article 28 requires pre-contract due diligence covering information security standards, concentration risk, and subcontracting chains. Article 28(8) requires financial entities to maintain documented exit strategies for ICT third-party arrangements supporting critical or important functions, covering alternative provider identification, cutover procedures, data migration, and operational continuity.

Article 30 specifies mandatory contract clauses. Contracts must include service descriptions and SLAs, the financial entity’s audit rights, the regulator’s audit rights, data security standards, business continuity obligations, and termination rights. DORA’s text contains no grace period for legacy contracts: arrangements in place before January 17, 2025 must be renegotiated to include these clauses.

On November 18, 2025, the European Supervisory Authorities (ESAs) published the first official list of 19 designated Critical Third-Party Providers (CTPPs) under Article 31 of DORA. The list includes AWS, Microsoft, Google Cloud, Deutsche Telekom, Oracle, and SAP, among others. Designation as a CTPP subjects a provider to direct ESA oversight, but financial entities’ own Article 28 obligations apply independently of whether their specific AI vendors appear on the CTPP list. DORA Pillar 4, the third-party risk management pillar, carries the highest rate of compliance gaps in 2025–2026 supervisory assessments, according to EBA findings cited by Neotas.

For TPRM teams, the practical question DORA asks of any AI vendor relationship is: Can you demonstrate, with documentary evidence, that this vendor meets your information security standards, that you have assessed and documented concentration risk, that your contract includes the Article 30 mandatory clauses, and that you have a tested exit strategy? AI vendors are not a special category under DORA. They are ICT third-party service providers, and the assessment standard is the same.

What the EU AI Act Requires When Your Vendors Deploy High-Risk AI Systems

The EU AI Act’s phased enforcement timeline is the most active compliance calendar in the AI regulatory landscape. As of February 2, 2025, prohibitions on unacceptable-risk AI systems are in force, including systems that use subliminal techniques to manipulate behavior and social scoring systems operated by governments. From August 2, 2025, governance infrastructure, including notified bodies and conformity assessment systems, must be operational, and obligations for providers of General-Purpose AI (GPAI) models have applied. The next significant threshold, originally set for August 2, 2026, covers most high-risk AI system obligations under Annex III.

On May 7, 2026, EU lawmakers reached political agreement on the Digital Omnibus on AI, which would extend the Annex III compliance deadline to December 2, 2027, and Annex I (AI embedded in regulated products such as medical devices and machinery) to August 2, 2028. The August 2, 2026 date governs transparency obligations under Article 50, which are not deferred. The high-risk deployer obligations most relevant to TPRM (human oversight, monitoring, record-keeping under Annex III) are the ones the Omnibus moves to December 2, 2027.

As of this writing, the Omnibus has not been formally adopted or published in the Official Journal of the European Union. Until formal adoption occurs, the original August 2, 2026 deadline remains operative.Formal adoption is expected in late June or July 2026; once published in the Official Journal, the deferred dates below take effect. Per guidance from DLA Piper published April 29, 2026: “Organisations deploying AI in employment-related contexts should continue their compliance preparations in line with the existing deadline of August 2, 2026.” The European Commission’s AI Act Service Desk confirms the same.

For TPRM programs, the EU AI Act’s deployer obligations are the most relevant. An organization that deploys a third-party AI system to make or substantially influence decisions in the Annex III high-risk categories is a deployer and must: ensure appropriate human oversight measures are in place; monitor the AI system for risks on an ongoing basis; report serious incidents to national competent authorities; and maintain logs and documentation sufficient to demonstrate compliance. But deployer status does not depend on technical sophistication. Under Holland & Knight’s April 2026 analysis, a company that merely licenses and integrates a third-party AI model into its platform without substantial modification is a deployer, not a provider, even though it did not build the system.

Thus, TPRM programs must determine whether any vendor AI systems they deploy fall within the Annex III high-risk categories, document that determination, and if so, build the human oversight and monitoring mechanisms the Act requires. Vendor contracts should be reviewed to ensure the AI provider’s conformity assessment documentation is accessible and that audit rights cover AI system performance, not just security.

The US Regulatory Landscape: Fragmentation, Enforcement, and a Federal Preemption Attempt

The United States has no comprehensive federal AI statute. The current regulatory environment is built from three overlapping layers: existing federal agency enforcement under consumer protection, anti-discrimination, and financial services law; state-level AI governance legislation; and a federal executive order that is actively attempting to consolidate and preempt state action.

Three federal signals have emerged since late 2025 that collectively define the US AI governance posture. First, on December 11, 2025, President Trump signed Executive Order 14365, “Ensuring a National Policy Framework for Artificial Intelligence,” directing the Attorney General to establish an AI Litigation Task Force empowered to challenge state AI laws on grounds including unconstitutional burden on interstate commerce and federal preemption. The Secretary of Commerce was directed to publish within 90 days an evaluation identifying state laws deemed onerous or inconsistent with federal policy. The practical effect is that state-level AI compliance obligations are in legal flux: laws on the books may be challenged, and the compliance standard may shift before enforcement begins.

Second, on June 2, 2026, President Trump signed Executive Order “Promoting Advanced Artificial Intelligence Innovation and Security.” This order does not create private sector compliance obligations; it expressly states it creates no right or benefit enforceable at law. Its focus is federal agency cybersecurity hardening, directing agencies to deploy AI-enabled cyber defenses within 30 days and requiring Treasury, NSA, CISA, and NIST to develop, by August 1, 2026, a classified benchmarking process for designating “covered frontier models” with advanced cyber capabilities. It establishes a voluntary pre-release review framework under which frontier AI developers can collaborate with the government on security evaluation before model release. It also creates an AI cybersecurity clearinghouse for voluntary vulnerability scanning coordination between government and critical infrastructure operators.

Hogan Lovells law firm notes that companies considering participation in the voluntary frontier model framework should evaluate the order’s confidentiality, cybersecurity, and insider-risk parameters carefully, as “selection as a trusted partner” may become a differentiator in federal acquisitions once the framework is finalized.

Third, on June 5, 2026, President Trump issued a National Security Presidential Memorandum on Artificial Intelligence in the National Security Enterprise, establishing a four-pillar framework (Adoption, Adaptation, Assurance, and Accountability) for AI procurement and use in defense and intelligence contexts.

These three actions taken together describe a US AI governance approach oriented toward enabling AI adoption with voluntary security frameworks, consolidating regulatory authority at the federal level, and actively contesting state-level regulation, rather than establishing a compliance framework that directly binds private sector TPRM programs.

For organizations assessing their US regulatory exposure on AI vendor relationships, the operative federal compliance pressure comes from existing federal agency enforcement under consumer protection, anti-discrimination, and financial services law, not from this executive framework.
At the same time, states have moved independently. California’s Transparency in Frontier AI Act (TFAIA) imposes transparency requirements on frontier model developers, while Texas’s Responsible AI Governance Act (TRAIGA) creates broader obligations for any organization deploying AI systems to Texas residents. Both are in effect as of January 1, 2026. Organizations operating across large markets cannot defer compliance planning while the two levels align.

Colorado’s SB 24-205, which the original version of this post cited as effective February 2026, has been repealed and replaced. Governor Polis signed SB 26-189 on May 14, 2026, replacing the original with a narrower framework effective January 1, 2027, with enforcement contingent on attorney general rulemaking that has not formally begun. California’s SB 942 (AI-generated content disclosure requirements) and the CCPA’s automated decision-making regulations remain in effect as of January 2026 and have not been formally challenged under the EO as of this writing.

Enforcement under existing federal law will not wait for the preemption debate to resolve. Regulators, including the FTC, EEOC, CFPB, and state attorneys general, have made clear that existing consumer protection, anti-discrimination, and financial services statutes apply to AI-mediated decisions regardless of federal preemption debates. In May 2025, Pennsylvania Attorney General Dave Sunday announced a $45,000 settlement with Home365, LLC, a property management company whose proprietary AI platform was alleged to have contributed to maintenance delays and the leasing of unsafe housing, in violation of Pennsylvania’s Unfair Trade Practices and Consumer Protection Law. In July 2025, Massachusetts Attorney General Andrea Joy Campbell announced a $2.5 million settlement with Earnest Operations LLC, a student loan company, over AI underwriting models that allegedly produced discriminatory outcomes for Black, Hispanic, and non-citizen borrowers.

Per the Massachusetts AG’s press release, Earnest failed to test its models for disparate impact and did not mitigate known fair lending risks. In both cases, the enforcement target was the organization that operated the AI system — not the underlying technology provider. Regulators are applying existing consumer protection, housing, and fair lending statutes to AI-driven decisions, and the compliance obligation sits with the deployer.

Unevenness between state and federal obligations means that companies must be aware of both. Vendor contracts should require disclosure of AI system use, bias testing methodology, and compliance with applicable federal anti-discrimination standards, regardless of which state AI law is or is not currently enforceable.

ISO 42001: The Vendor Assessment Benchmark Your Program Needs

ISO/IEC 42001:2023 is the international standard for AI management systems. Published in December 2023, it establishes requirements for organizations that develop, provide, or use AI systems, setting out a governance framework for responsible AI management across the AI lifecycle. For TPRM programs, it has become the most practical benchmark for evaluating whether an AI vendor has structured AI governance in place.

ISO 42001 requires organizations to establish an AI management system (AIMS) covering policy, risk management, transparency, human oversight, data governance, and continual improvement. It aligns with ISO 27001 for information security and is increasingly referenced in regulatory harmonization efforts: the European Commission has noted alignment between ISO 42001 and EU AI Act governance requirements, and NIST has incorporated ISO 42001 references in its AI RMF companion resources. Organizations can seek certification to ISO 42001, providing third-party verified evidence of AI governance maturity.

From a TPRM assessment standpoint, ISO 42001 certification is not equivalent to EU AI Act conformity assessment for high-risk systems; these are different processes with different legal standing. But for AI vendors operating below the high-risk threshold, or for TPRM programs that need a structured basis for evaluating AI governance maturity before more specific regulatory obligations apply, ISO 42001 provides a credible, internationally recognized framework. Requiring AI vendors to demonstrate ISO 42001 alignment, or to describe how their governance practices map to its requirements, is a defensible and proportionate assessment approach.

Why Most TPRM Programs Are Not Ready for AI Vendor Compliance

The 2026 KPMG Global Third-Party Risk Management Survey, which gathered responses from 851 professionals across industries and geographies, found that only 15% of leaders express high confidence in the data underpinning their TPRM programs. Reliable data, KPMG noted, is the foundation of effective third-party risk decisions; most programs are building on an uncertain base.

Regulators are no longer treating this gap as a maturity issue. DORA’s Pillar 4 carries the highest rate of supervisory findings in 2025–2026 assessments. Direct deployer liability under the EU AI Act attaches to any organization that cannot demonstrate it has assessed the AI systems it deployed. Both enforcement actions confirmed the same principle under existing US law: compliance obligations sit with the operator, not the technology provider. The readiness gap between program documentation and what regulators are now scrutinizing has not closed.

For CFOs evaluating TPRM investment, this is the calculation: the cost of manual vendor AI assessment processes, which produce point-in-time documentation that satisfies no regulator’s current standard, is now measurable against the settlement exposure and supervisory findings that result from inadequate third-party AI oversight. Organizations that have not yet built a structured AI vendor assessment into their TPRM programs will build it after an enforcement action creates the urgency instead.

Not sure where your AI governance program stands?

Get the AI Maturity Matrix

Building a Vendor AI Assessment Framework That Works Across Jurisdictions

A multi-jurisdictional AI vendor assessment does not require a separate process for each regulatory regime. DORA, the EU AI Act, and ISO 42001 are distinct frameworks with different legal standing, but they share a common evidentiary logic. They each require documented governance, contractual adequacy, ongoing oversight, and exit planning. A single structured assessment can generate the documentation each framework requires. The following elements should be present in any AI vendor assessment for organizations subject to DORA or operating in markets with active AI governance requirements.

First, classify the vendor’s AI services by risk. Determine whether the services fall within DORA’s definition of ICT services supporting critical or important functions, and separately whether they fall within the EU AI Act’s Annex III high-risk categories; these are distinct classifications with different consequences. A vendor providing an AI-powered contract review tool may be an ICT third-party service provider under DORA without qualifying as a high-risk AI system under the Act, while a vendor providing AI-based credit scoring is subject to both.

Second, confirm the vendor’s governance documentation. For DORA compliance, this means the information security standards the vendor meets (ISO 27001, SOC 2 Type II), subcontracting chain disclosure, and the data needed for the Register of Information. Where EU AI Act obligations apply, confirm conformity assessment documentation, transparency disclosures, and the technical documentation required under Article 11. For ISO 42001 alignment, confirm the vendor’s AIMS policy, risk management approach, and any certification status. Organizations aligning with the NIST AI RMF as their internal governance framework can map vendor assessments directly against its GOVERN, MAP, MEASURE, and MANAGE functions across the NIST AI RMF.

Third, build the contract requirements before onboarding, not after. DORA Article 30 mandatory clauses (audit rights, data security standards, business continuity, termination) must be present. For high-risk AI systems under the EU AI Act, deployer obligations around human oversight and incident reporting should be reflected in contractual responsibilities between the deployer organization and the vendor. Contracts that predate these requirements and have not been renegotiated are a supervisory exposure under DORA.

Fourth, establish continuous monitoring rather than annual review. DORA requires ongoing oversight of ICT third-party providers, and static questionnaires sent once a year do not meet that evidential standard. Monitoring should include tracking changes to AI models in use, subcontractor changes that affect the ICT service, and adverse media or regulatory actions involving the vendor.

Fifth, document the exit strategy. DORA Article 28(8) requires this for critical or important function providers. For AI vendors specifically, the exit strategy should cover: the identification of alternative providers, data portability and migration, the operational continuity plan during transition, and the substitutability assessment that DORA requires financial entities to maintain.

What TPRM Programs Should Do Now

The regulatory frameworks covered in this post are not future obligations: DORA has been enforceable since January 2025, EU AI Act prohibitions and GPAI obligations are applied, and US enforcement actions under existing law are already producing settlements. The gap between what most TPRM programs currently do and what these frameworks require is closing from the regulatory side, not the program side.

The organizations that will handle this most effectively are those that treat AI vendor assessment as a structured program function rather than an ad hoc questionnaire process. That means an inventory of AI vendor relationships with risk classification, a contract review against DORA Article 30 minimum requirements, a determination of which vendors fall within EU AI Act Annex III high-risk categories, and a monitoring process that captures material changes to AI systems on an ongoing basis.

None of this requires building a separate AI risk program. It requires extending existing TPRM infrastructure to cover the documentation, contractual, and monitoring requirements that AI vendor relationships now trigger under applicable law.

Is your vendor program meeting DORA's third-party requirements?

Sprechen Sie mit einem Experten

AI Third-Party Risk Management: Common Questions

What do regulators expect in TPRM programs for EU versus US companies managing AI vendors?

EU entities under DORA must maintain a documented Register of Information, conduct pre-contract due diligence, include mandatory Article 30 contract clauses, assess concentration risk, and maintain tested exit strategies. EU AI Act deployer obligations also apply to high-risk AI systems.
US companies face no comprehensive federal AI statute — compliance is shaped by enforcement risk under existing consumer protection and anti-discrimination law, plus active state-level legislation. That framework is evolving quickly.

Which sectors are most impacted by AI risk regulations in the context of TPRM?
Financial services faces the heaviest burden: DORA applies directly, and EU AI Act Annex III covers credit scoring, insurance risk, and creditworthiness. Employment AI tools such as recruitment, performance evaluation, and task allocation also fall under Annex III and face US anti-discrimination enforcement. Healthcare, education, and critical infrastructure share Annex III obligations where AI influences consequential decisions, though immediate enforcement pressure is lighter.

What must third-party vendors with AI applications do to satisfy DORA and the EU AI Act?
Under DORA: demonstrate ISO 27001 or equivalent, provide Article 30 contract documentation, disclose subcontracting chains, and support audit rights.
Under the EU AI Act: complete conformity assessments, maintain Article 11 technical documentation, register high-risk systems in the EU database, and provide deployers with transparency documentation.
Financial entities must contractually require and verify all of this within their TPRM program.

How should TPRM programs assess AI vendor readiness against multiple regulatory frameworks simultaneously?
Use a single structured assessment that maps to all frameworks at once. Classify vendors separately by DORA criticality and EU AI Act risk tier — different classifications with different consequences. Confirm documentation against DORA’s Register of Information, EU AI Act Article 11, and ISO 42001. Build Article 30–compliant contracts before onboarding and monitor continuously rather than annually. NIST AI RMF or ISO 42001 as your baseline gives a defensible, cross-jurisdictional audit trail.