Procurement Readiness: Buying AI Tools for Institutions

UpdatedJune 23, 2025

ByIuliia Gorshkova

Procuring artificial intelligence systems within European institutions, whether public bodies, regulated enterprises, or research organizations, requires a shift in how traditional procurement frameworks are applied. The complexity of AI—its probabilistic nature, data dependency, and potential for high-impact decisions—introduces risks that standard IT purchasing processes are ill-equipped to handle. A responsible procurement process is not merely a checklist; it is a lifecycle approach that integrates legal compliance, technical due diligence, and operational governance from the very first draft of a request for proposal (RFP) through to the final acceptance of the system.

For professionals managing these acquisitions, the central challenge is aligning the flexibility required for AI development with the rigidity of public procurement law and internal risk management policies. The European Union’s regulatory landscape, dominated by the Artificial Intelligence Act (AI Act) and underpinned by the General Data Protection Regulation (GDPR), mandates a proactive stance. Institutions cannot simply buy a “black box” and hope for the best; they must demonstrate that they have exercised due diligence to ensure the tool is safe, compliant, and fit for purpose. This article outlines a structured methodology for achieving this readiness, moving from internal requirements definition to vendor evaluation and pilot design.

Defining the Scope: Internal Readiness and Requirements Gathering

Before engaging with the market, an institution must possess a clear understanding of its own operational gaps and the specific role AI is expected to fill. Procurement failures often stem from a misalignment between the problem the institution wants to solve and the capabilities of the technology being purchased. The requirements gathering phase must be interdisciplinary, involving legal, IT, security, and domain experts.

Identifying the Use Case and Risk Profile

Under the AI Act, the obligations on the provider (and in some cases the deployer) depend heavily on the intended purpose and the risk classification of the system. Institutions must first ask: Is this AI system intended to be used as a safety component? Or does it make decisions that affect individuals’ rights? This initial triage determines the level of scrutiny required.

For example, an AI tool used to optimize energy consumption in a building (a high-risk use case only if it controls safety-critical infrastructure) differs significantly in regulatory burden from an AI system used to screen job applications (a prohibited practice in many contexts, or strictly regulated). The requirements document must explicitly state the intended purpose, as this legally binds the vendor’s obligations regarding conformity assessments and post-market monitoring.

Functional vs. Non-Functional Requirements

While functional requirements define what the system should do (e.g., “categorize support tickets”), non-functional requirements are often where compliance and safety reside. In an AI context, these include:

Explainability: Can the system provide a rationale for its outputs that is understandable to a human operator?
Robustness: How does the system handle adversarial attacks or data drift?
Human Oversight: What mechanisms are built in to allow a human to intervene or override a decision?

These requirements should be formulated as measurable criteria. Vague terms like “high accuracy” are insufficient. Instead, specify: “Accuracy must remain above 95% across all demographic subgroups defined in the training data,” or “The system must provide a confidence score and a counterfactual explanation for any prediction falling below a 0.8 threshold.”

Legal and Regulatory Compliance Mapping

European institutions operate under strict public procurement directives and data protection laws. When buying AI, the legal analysis must go beyond standard software licensing terms. It must map the specific features of the AI tool against the requirements of the AI Act, GDPR, and relevant sectoral regulations (e.g., medical devices, financial services).

The AI Act and the “Provider” Definition

A critical distinction in the AI Act is between the provider (the entity developing the AI system) and the deployer (the entity using it). When an institution buys an off-the-shelf AI tool, it is generally the deployer. However, if the institution significantly modifies the system or uses it for a purpose not intended by the provider, it may legally become a provider, assuming full liability.

Key Interpretation: Institutions must ensure that their intended use aligns exactly with the vendor’s declared intended purpose. Any customization that alters the system’s logic or risk profile requires a re-evaluation of the conformity assessment.

The procurement contract must explicitly allocate responsibilities. The vendor (as provider) must supply technical documentation, ensure a risk management system is in place, and designate an authorized representative within the EU if they are a third-country entity. The institution (as deployer) must ensure human oversight and monitor the system for risks.

GDPR and Data Protection by Design

AI systems are data-hungry. The procurement process must verify that the vendor has implemented Data Protection by Design and by Default. This is not just about data security; it is about the legality of processing.

Key questions for the vendor include:

What is the legal basis for processing the data used to train or fine-tune the model?
How is the model trained on personal data, and is there a mechanism to “forget” specific data points (right to erasure) without retraining the entire model?
Does the model leak sensitive information?

Institutions should demand a Data Protection Impact Assessment (DPIA) from the vendor, tailored to the specific use case. If the AI tool processes special category data (e.g., biometrics, health data), the compliance burden increases significantly, often requiring explicit consent or substantial public interest justification.

EU Level vs. National Implementation

While the AI Act is a Regulation (directly applicable), its implementation involves Member State authorities. For instance, the designation of Notified Bodies for conformity assessment of high-risk AI systems varies by country. Some nations may have stricter requirements for the use of AI in the public sector than others. For example, Germany’s public procurement law emphasizes “technical quality” and “interoperability” heavily, potentially requiring more detailed technical specifications than in other jurisdictions. Conversely, France’s “Mission d’inspection générale” has issued guidelines on algorithmic transparency that may require public disclosure of source code or logic for public sector AI, going beyond the baseline EU requirements. Procurement officers must check national transpositions and local guidance.

Vendor Evaluation: Technical and Ethical Due Diligence

The evaluation of vendors must move beyond price and feature lists. It requires a forensic examination of the AI system’s lifecycle and the vendor’s governance structure. This phase acts as a filter for “AI washing”—vendors claiming capabilities they do not possess or compliance they have not verified.

Technical Documentation and Transparency

The AI Act mandates the creation of technical documentation for high-risk systems. Procurement teams should request this documentation early in the tender process (perhaps under a Non-Disclosure Agreement). It should contain:

The general description of the AI system.
Elements of the AI system and its development process (architecture, algorithms, training data sources).
Monitoring, functioning, and control of the AI system.

If a vendor cannot produce this documentation, they are likely not compliant. Furthermore, institutions should assess the Model Card or System Card, which provides standardized information about the model’s characteristics, intended use, and limitations.

Algorithmic Impact Assessments (AIA)

Many European institutions are adopting Algorithmic Impact Assessments as a prerequisite for procurement. This is a self-assessment by the vendor regarding the potential impact of their system on fundamental rights, society, and the environment. A robust AIA should cover:

Traceability: Can the vendor trace the lineage of the data used?
Fairness: Has the vendor tested for bias across protected characteristics (gender, age, ethnicity)?
Energy Consumption: What is the carbon footprint of training and running the model? (Increasingly relevant under the EU Green Deal).

Institutions should request the results of independent audits or third-party assessments of these factors. Relying solely on the vendor’s self-declaration is insufficient for high-stakes procurement.

Vendor Viability and Support

AI models degrade over time (model drift) and require continuous updates. The evaluation must assess the vendor’s long-term viability and their capacity to support the system over its lifecycle. This includes:

Access to the underlying code or model weights (avoiding vendor lock-in).
Clear Service Level Agreements (SLAs) regarding model updates and retraining.
Exit strategies: How can the institution extract its data and migrate to a different system if the vendor goes out of business?

Privacy and Security Checks

AI systems introduce unique security vulnerabilities, such as model inversion attacks (reconstructing training data) or adversarial perturbations (tricking the model). Standard IT security audits often miss these nuances.

Adversarial Robustness Testing

Procurement contracts should mandate specific security testing phases. This goes beyond standard penetration testing. It should include adversarial machine learning testing. The institution should require the vendor to demonstrate how the system behaves when subjected to noisy or manipulated inputs. For example, if the AI is used for document verification, can it be fooled by slightly altered images?

Data Sovereignty and Localization

For public institutions, where data resides is a matter of national security and legal sovereignty. The contract must specify:

Geographic location of data storage and processing.
Prohibition on data transfer outside the EU/EEA unless adequate safeguards (Standard Contractual Clauses) are in place.
For generative AI tools: Is the data used for “improving the service” (i.e., training the vendor’s foundation model)? If so, this constitutes a data transfer and processing activity that requires explicit legal basis.

Note: Many large language model (LLM) providers now offer “Zero Retention” APIs. This is a contractual necessity for processing personal or sensitive institutional data.

Designing the Pilot: From Sandbox to Scale

Direct deployment of AI in critical institutional processes is reckless. A structured pilot phase is essential to validate the system in a real-world environment while limiting risk exposure. The pilot is not a free trial; it is a controlled experiment with defined scientific and legal parameters.

The Regulatory Sandbox Concept

European regulators are increasingly encouraging the use of “regulatory sandboxes.” This is a controlled environment where an AI system can be tested under the supervision of a competent authority. While usually initiated by the provider, institutions can create internal sandboxes. This involves:

Isolating the pilot data from production systems.
Limiting the impact of the AI’s decisions (e.g., the AI makes recommendations, but a human makes the final decision, and the AI’s recommendation is not recorded as the final outcome).
Continuous logging of the system’s performance.

Defining Pilot Success Metrics

The pilot must have clear “Go/No-Go” criteria. These should be a mix of technical and ethical metrics.

Technical: Latency, throughput, accuracy, error rates.
Operational: Does the tool integrate with existing workflows? Is it accepted by staff?
Compliance: Did the system operate within the bounds of the GDPR? Were there any instances of discriminatory output?

The duration of the pilot should be long enough to capture variations in data (e.g., seasonal trends). A two-week pilot is rarely sufficient to assess a system intended for year-round use.

Acceptance Criteria and Contractual Clauses

The final phase of procurement readiness is drafting the contract and acceptance criteria. This is where the requirements defined at the start are codified into legally binding obligations.

Acceptance Criteria

Acceptance of an AI system should never be based solely on the delivery of a software package. It should be based on the system’s performance against the metrics defined in the requirements phase.

For example:

“Acceptance is conditional upon the system achieving an F1-score of 0.90 or higher on the validation dataset provided by the Institution, and demonstrating no statistically significant performance disparity (p > 0.05) across protected demographic groups.”

Without such precise criteria, the institution has little leverage if the system performs poorly after deployment.

Liability and Insurance

AI liability is a complex, evolving area. The contract must clearly state who is liable if the AI makes a harmful error. The vendor should be required to hold specific insurance coverage for AI-related risks (professional indemnity or product liability). Furthermore, the contract should include an indemnification clause where the vendor agrees to cover costs if the AI system infringes on third-party intellectual property rights (a significant risk with generative AI) or causes data breaches.

Continuous Monitoring and Post-Market Surveillance

Acceptance is not the end. The AI Act imposes post-market monitoring obligations on providers, but deployers must also monitor for “conformity” throughout the lifecycle. The contract should stipulate:

The vendor’s obligation to report serious incidents or malfunctions to the institution immediately.
The institution’s right to audit the vendor’s compliance with the agreed specifications.
Provisions for periodic re-evaluation of the system’s risk profile, especially if the vendor updates the model or the institution changes the use case.

By adhering to this rigorous framework, European institutions can navigate the complexities of AI procurement. It transforms the process from a simple transaction into a strategic risk management exercise, ensuring that the technology acquired serves the public interest while upholding the fundamental rights enshrined in European law.

AI in Education: Fundamentals & Tools

Understanding AI Basics

Practical AI Tools for Educators

Integrating AI into Teaching

Case Studies & Success Stories

Ethical AI & Inclusive Practices

Ethical & Legal Frameworks for AI Systems

Equity & Inclusion

Transparency & Trust

Algorithmic Bias, Discrimination & Legal Risk

AI Errors, Accountability & Legal Responsibility

Institutional AI Governance & Policy Design

AI, Security & GDPR Compliance

Data Protection & Privacy

Cybersecurity in AI

EU Regulations & Policies

Engaging Parents & Guardians

Data Protection, Privacy & AI Governance

Additional Resources

Glossary of Terms

Templates & Guides

Webinars & Research

AI for Administrative & Pedagogical Support

AI for Time Management

AI in Student Performance Tracking

AI for Automated Communication

AI for Document Management

AI, Robotics & Biotech Regulation in Europe

EU AI Act Explained: Scope, Risk Levels, Obligations

AI-Enabled Products: Robots, Medical Software, Smart Devices

Machinery Regulation & Safety Standards for Intelligent Systems

AI in Healthcare & Biotech: MDR, IVDR, EMA

Liability & Responsibility for AI-Driven Systems

Compliance in Practice: From Risk Assessment to CE Marking

Country-Specific AI Regulation & Enforcement

How EU AI Law Is Applied at National Level

Different Compliance Models

National AI Sandboxes & Regulatory Experiments

Public Sector AI Rules Across Europe

Cross-Border AI Deployment Challenges

When National Law Overrides EU Guidance

Legal Cases, Enforcement & Real-World Precedents

AI Act, GDPR & Algorithmic Decision-Making Cases

Liability Disputes Involving Automated Systems

Robotics Accidents & Legal Responsibility

Medical & Biotech AI Failures: Lessons Learned

What Enforcement Trends Tell Us About Future Regulation