Third-party AI risk management for Australian organisations.

ASIC surveyed 23 licensees covering 624 AI use cases and found insufficient governance of third-party AI providers at nearly all of them. APRA now requires material service provider registers. We assess, govern, and monitor your AI vendor relationships against CPS 230, ASIC REP 798, and the Privacy Act.

View regulatory context

Built for

Procurement teams Risk management Chief risk officers Compliance officers Vendor management offices

What you walk away with.

Assessment framework

Due diligence methodology covering AI-specific risks, mapped to CPS 230, CPS 234, and ASIC REP 798.

Questionnaires & templates

AI vendor assessment questionnaires, contract clause templates, risk rating criteria, and monitoring frameworks.

MSP classification

Structured methodology to identify which AI vendors qualify as material service providers under CPS 230, supporting your APRA register submission.

Monitoring programme

AI vendor performance monitoring, model drift detection, board reporting templates, and escalation triggers.

Traditional vendor management was not built for AI.

Standard questionnaires and due diligence processes were not designed for the risk categories AI and machine learning systems create. Six risks every AI vendor framework now has to cover.

  1. 01

    GenAI data leakage and privacy.

    Generative AI vendor solutions introduce data leakage risks that traditional security controls do not detect. Vendors may use your customer data to train models without explicit consent, prompt injection may extract confidential information, and data can be shared indirectly through trained models. We assess vendor data handling against Australian Privacy Principles and build contractual protections that prevent unauthorised use.

  2. 02

    Hallucination and output accuracy.

    Vendor AI, particularly large language models and generative AI, produces confident but incorrect outputs. When vendor AI informs credit decisions, customer advice, or claims assessment, hallucinated outputs create regulatory exposure and consumer harm. Risk frameworks need output validation requirements and accuracy monitoring tailored to each vendor's AI capabilities.

  3. 03
    33% IP indemnity

    IP contamination and bias.

    Vendor AI models can carry biases from training data that produce discriminatory outcomes. Generative AI risks IP contamination when models trained on copyrighted material generate outputs you use commercially. Only 33% of AI vendors provide indemnification for third-party IP claims. ASIC found nearly half of licensees lack policies addressing algorithmic bias.

  4. 04

    Performance drift and silent updates.

    Machine learning model performance degrades over time as real-world data changes. Vendors may update models without notice, silently altering business outcomes. Without ongoing monitoring and contractual notification requirements, performance drift can go undetected until it causes material harm.

  5. 05

    Supply chain AI concentration.

    Many AI vendors depend on the same underlying infrastructure and foundation models. When document processing, customer service, and fraud detection all rely on the same cloud AI services (AWS, Azure, GCP), a single point of failure creates correlated risk across your entire AI supply chain.

  6. 06
    88% liability caps

    Liability and contractual gaps.

    Industry research shows 88% of AI vendors impose liability caps while only 38% cap customer liability. Just 33% provide indemnification for third-party IP claims, and only 17% commit to full regulatory compliance. Standard SaaS agreements leave significant gaps your organisation must negotiate.

What Australian regulators expect for third-party AI.

APRA, ASIC, and the OAIC apply existing frameworks to AI vendor relationships with specific expectations standard third-party risk programmes do not cover.

01
APRA CPS 230. Material service providers.

CPS 230 requires all APRA-regulated entities to identify material service providers: those on which the entity relies to undertake critical operations or that expose it to material operational risk. AI vendors providing core operational capabilities, processing material volumes of customer data, or supporting automated decision-making are strong candidates for MSP classification. APRA's supervision timeline runs 2025 to 2028, with prudential reviews of a subset of entities beginning now.

Pre-existing contracts must comply by the earlier of renewal or 1 July 2026.

In force
02
ASIC REP 798. Released 29 October 2024.

23 licensees surveyed, 624 AI/ML use cases identified. ASIC found licensees "quickly relied on third parties for AI models but overlooked associated risks", and stated they should "apply the same governing principles to third-party models as internally developed models." 61% of licensees planned to increase AI use within 12 months. Expectations: due diligence, ongoing monitoring across the AI lifecycle, governance matching internal rigour, and active management of vendor outputs.

Published
03
CPS 234 and Privacy Act. Data governance for AI vendors.

CPS 234 requires APRA-regulated entities to assess the information security capability of third-party AI vendors, including their sub-processors and cloud services dependencies. Privacy Act amendments add automated decision-making transparency requirements effective December 2026. Combined, comprehensive data governance and privacy controls are needed across your AI supply chain.

Dec 2026

Four ways AI enters your supply chain.

Organisations consume AI through several vendor categories. Each presents distinct risk management challenges, and effective vendor governance has to address all of them.

Type 01

Generative AI platforms

Enterprise generative AI and GenAI tools embedded in productivity suites. Co-pilot assistants, AI-powered search, content generation integrated into existing SaaS.

  • 路 Data processed through GenAI features may train vendor models
  • 路 Opt-out mechanisms vary by platform and licence tier
  • 路 Employees may share sensitive data through AI-powered features
  • 路 Output accuracy and hallucination risks in business decisions

Type 02

Embedded AI in SaaS

Machine learning and AI features built into existing cloud services, activated by default or bundled into subscription tiers without separate procurement review.

  • 路 AI features may be enabled without explicit organisational approval
  • 路 Shadow AI adoption when teams activate features independently
  • 路 Existing SaaS contracts may not cover new AI functionality
  • 路 Difficult to inventory all embedded AI across cloud services

Type 03

Custom ML solutions

Bespoke AI from specialist vendors for industry-specific use cases: credit scoring, claims assessment, fraud detection, customer analytics. Typically custom machine learning models trained on your data.

  • 路 Deep integration creates vendor lock-in and dependency risk
  • 路 Model ownership and IP rights require clarity
  • 路 Vendor access to proprietary business data and processes
  • 路 Substitutability challenges if vendor relationship ends

Type 04

AI-as-a-Service / APIs

Cloud-based AI APIs consumed by development teams or embedded in internal applications. NLP, computer vision, speech recognition, and foundation model APIs.

  • 路 API terms of service may change unilaterally
  • 路 Cross-border data processing through global cloud infrastructure
  • 路 Sub-processor chains extend your AI supply chain oversight
  • 路 Model versioning and deprecation affect application stability

Seven due diligence domains.

Each domain maps to Australian regulatory requirements and to ISO 42001 plus the NIST AI Risk Management Framework.

01
Data handling and privacy

Training data use, retention, cross-border transfers, data ownership, whether vendor AI uses your input for training. Mapped to Privacy Act APPs and CPS 234.

APPs 路 CPS 234
02
Model governance

Development methodology, ML testing protocols, bias mitigation strategies, model update procedures, performance drift detection.

ASIC REP 798
03
Information security

Vendor security capability, penetration testing, incident response for AI-specific threats (prompt injection, model poisoning), sub-processor oversight.

CPS 234
04
Transparency and explainability

Vendor ability to explain how AI makes decisions, documentation quality, model limitations disclosure, audit access rights.

ASIC
05
Regulatory compliance

Certifications held (ISO 42001, SOC 2), compliance with Australian regulations, alignment with international AI governance standards, assurance reporting.

ISO 42001 路 SOC 2
06
Business continuity

Service availability, disaster recovery for AI, substitutability assessment, exit planning, data portability.

CPS 230
07
Contractual terms

Liability allocation, indemnification, training data rights, output ownership, model update notification, exit provisions. Closes gaps standard SaaS agreements leave.

Contract

How the 12-week engagement runs.

We integrate AI vendor risk into your existing governance framework and third-party risk processes rather than creating parallel programmes. Sustainable compliance without slowing AI adoption.

  1. 01

    AI vendor discovery and categorisation.

    Weeks 1 to 2

    Inventory AI vendor relationships across the organisation: embedded AI in SaaS, generative AI tools, custom machine learning, AI-as-a-service APIs. Each vendor is categorised by risk and materiality (critical, high, standard), and candidates for material service provider classification under CPS 230 are identified. Shadow AI discovery surfaces unauthorised tools.

  2. 02

    Regulatory gap assessment.

    Weeks 3 to 4

    Current AI vendor governance assessed against APRA CPS 230, CPS 234, ASIC REP 798 expectations, and Privacy Act requirements. Detailed remediation roadmap with prioritised actions, ownership, and compliance timelines. Covers data governance, due diligence, contractual terms, and ongoing monitoring across the portfolio.

  3. 03

    Governance framework and tools development.

    Weeks 5 to 8

    AI Vendor Risk Management Framework developed: assessment methodology, due diligence questionnaires tailored to generative AI, machine learning, and embedded AI vendor types, risk rating approach, contract requirements checklist with AI-specific clauses, ongoing monitoring programme design, and board reporting templates.

  4. 04

    Implementation and capability building.

    Weeks 9 to 12

    Procurement and risk team training on AI-specific due diligence, pilot vendor assessments on priority AI vendors, integration with existing third-party risk processes, and preparation of the material service provider register for APRA submission. Your teams are equipped to sustain the programme independently.

Six essential clauses for AI vendor contracts.

Industry research shows 92% of AI vendors claim broad data usage rights in standard terms. These are the clauses your vendor management team should negotiate before signing or renewing.

01
Data ownership and training rights.

Clear ownership of input data and outputs. Explicit prohibition on using your data to train vendor models without consent. Restrictions on retention, geographic processing, and secondary use.

02
Model update notification.

Advance notice when the vendor updates or retrains models. Testing rights before updates go live. Rollback if changes adversely affect outcomes. Version control transparency.

03
Liability and indemnification.

Allocation of liability for AI errors, biased outputs, and compliance failures. Indemnification for third-party IP infringement, data breaches, and regulatory violations. Balanced liability caps.

04
Audit rights and transparency.

Rights to audit vendor AI controls, data handling, and model performance. Access to documentation on how AI makes decisions. Performance metrics reporting. Essential for APRA and ASIC.

05
Exit and transition provisions.

Data portability requirements and formats. Transition assistance obligations. Wind-down provisions. Substitutability planning to reduce lock-in. Critical for CPS 230 business continuity.

06
Sub-processor and supply chain controls.

Vendor oversight of their own AI dependencies, including cloud infrastructure and foundation model APIs. Notification when sub-processors change. Your right to approve material changes in the vendor's AI supply chain.

Related services.

01
AI governance consulting

Comprehensive AI governance frameworks covering internal AI, third-party AI, and organisational transformation strategies.
02
AI audit and assessment

Independent assessment of AI governance maturity, regulatory compliance readiness, and risk management effectiveness across internal and third-party AI.
03
Regulatory compliance

Manage overlapping AI compliance requirements across APRA, ASIC, the Privacy Act, and sector-specific regulations.

Further reading

CPS 230 for AI. The operational playbook APRA expects you to have.

Material service provider classification for foundation-model vendors, AI-specific tolerance levels, and an exit strategy that acknowledges foundation-model lock-in.

Address third-party AI risk before your next APRA engagement.

Whether you are updating your material service provider register, responding to ASIC's third-party AI governance expectations, negotiating contracts for CPS 230 compliance, or evaluating an urgent procurement decision, we help Australian businesses manage third-party AI risk with confidence.

Or read the CPS 230 playbook

Get in Touch