DPO Conslting Rejoin Grant Thornton
Artificial intelligence has become a major lever of transformation for organisations. But behind every solution purchased, every tool integrated, every third-party model deployed lies a reality that is often underestimated: AI vendor risk cannot be managed like an ordinary procurement risk.
Who designs the system? Who is accountable for it? What obligations fall on the organisation that deploys it? How do you frame the contractual relationship when its effects can extend well beyond signature? Which documents should you require? How do you supervise the relationship over time? And how do you plan a controlled exit?
These are precisely the questions Grant Thornton France and DPO Consulting set out to answer in this white paper, written for legal, compliance, procurement, IT, and DPO teams tasked with governing third-party AI systems.
Across ten structured sections, this practical guide walks through the full lifecycle of an AI vendor relationship: from identifying the system to ensuring reversibility on exit, covering role qualification, real risk analysis, contractual framing, documentation requirements, and ongoing supervision.
This is not a theoretical commentary on the AI Act. It is an operational tool, built to help organisations structure their approach, strengthen internal processes, and where needed demonstrate that they have acted with due diligence.
This white paper is for organisations that purchase, integrate, or deploy artificial intelligence solutions, regardless of size or sector, and that want to approach this reality with rigour, method, and legal certainty.
