How Enterprise InfoSec Reviews Are Blocking AI Deals, and What Actually Unblocks Them

← Back to Insights

Enterprise procurement of AI products has changed materially in the last eighteen months. The InfoSec review process that ten years ago consisted of a 40-question SOC 2 questionnaire is now a multi-stage review involving Legal, Compliance, Data Protection, and sometimes the board itself. AI vendors are encountering procurement blocks that have nothing to do with their product's technical merit, and everything to do with their documentation posture.

The block is entirely solvable. But only if you understand what the reviewing team is actually looking for.

Why AI reviews are different

Traditional SaaS procurement evaluates four questions: where is the data, who can access it, how is it transmitted, and what happens if the vendor disappears. These are well-understood questions with well-understood answers.

AI procurement adds four more questions that most vendor documentation does not answer:

• Model governance: Whose model is making decisions, on what data was it trained, what are its failure modes, and who is liable for incorrect output?
• Data residency for model interactions: Where is inference physically performed? Does customer data leave the EU during a model call? Is the model provider a sub-processor under GDPR Article 28?
• Training data exposure: Will customer data be used to train models, even inadvertently? What contractual mechanism prevents this? What audit rights does the buyer have to verify it?
• Regulatory posture: Where does the vendor sit relative to the EU AI Act, NIS2, DORA (for financial services), the proposed EU Data Act, and sectoral regulations like MDR (medical devices) or PSD2 (payments)?

Most AI vendors selling into enterprise have documentation that answers the first four questions in detail and the second four either superficially or not at all. The block is in the gap.

The documents the reviewer expects

An enterprise procurement review of an AI vendor typically requires the following documentation pack:

1. Data Processing Agreement (DPA) compliant with GDPR Article 28, with sub-processor list and EU SCC integration where applicable
2. Model governance statement: which models are used, by whom, under what contractual terms, with what retention guarantees
3. AI training data declaration: explicit confirmation that customer data is not used for training, with the contractual mechanism that prevents it
4. Data residency map: physical location of data at rest, in transit, during inference, and during backup
5. Pre-filled vendor risk questionnaire in the enterprise standard format (typically a derivative of CAIQ or SIG)
6. Regulatory alignment statement: GDPR, NIS2, EU AI Act position, plus relevant sectoral regulations
7. Security architecture overview: encryption, access controls, logging, incident response, breach notification commitments
8. Sub-processor list with DPAs: including all AI model providers, with their respective enterprise terms documented

If your sales pack does not include items 2, 3, 4, 6, and 8, your deal will stall at any procurement review run by a competent enterprise InfoSec team.

The model provider question

One question, more than any other, determines whether your AI deal closes or stalls: "Are inputs and outputs of your AI features retained by your model provider, used to train models, or accessible to model provider personnel?"

The correct answer is: no, no, and no, with specific contractual citation.

If you use Anthropic, OpenAI, or another major model provider, this means you need to be operating under their enterprise / commercial terms (not their free / consumer terms), which provide zero-retention guarantees. You need to be able to cite this in writing. The InfoSec reviewer will not take your word for it; they will want to see the relevant clauses.

If you cannot answer this question with specific contractual citations, your AI deal is at risk in any regulated industry buyer. Banking, healthcare, insurance, government, and any organisation with a serious data classification policy will block on this single question.

The EU AI Act question

The EU AI Act is now in force, and enterprise buyers are operationalising its risk categories. Most AI vendors will be classified as either limited risk or minimal risk systems, but a substantial minority (anything that influences hiring, credit, healthcare, education, law enforcement, or critical infrastructure decisions) will be classified as high risk and require formal conformity assessment.

Even if your product is limited or minimal risk, your enterprise buyer's compliance team will want a written statement confirming your AI Act classification, the reasoning behind it, and your commitment to maintain that classification as the product evolves. A one-paragraph statement is sufficient. Its absence is not.

What actually unblocks the deal

An InfoSec review that has stalled is rarely unblocked by re-sending the original documentation. The reviewer has already concluded the original documentation is insufficient. What works is producing a complete documentation pack in the format the reviewer expects, addressing the questions they have already raised plus the questions they are likely to raise next.

This is the work the Enterprise AI Governance Pack does: it produces a complete, regulator-aligned documentation set that closes the procurement gap and equips the vendor to handle the next deal with the same buying organisation more quickly. Five-day turnaround. One delivery; multiple deal applications.