The operational problem
When a legal function issues an RFP for an AI vendor that reads like a generic SaaS RFP, the responses come back as generic SaaS responses. Vendor marketing fills the gaps that the questions did not close. The evaluation criteria that distinguish a defensible AI vendor from a hopeful AI vendor — client-data exfiltration controls, model-training disclosure, agentic capability boundary, Risk Taxonomy class-by-class mitigation — never appear in the questions and therefore cannot appear in the comparable answers.
The institutional standard for Defensible AI procurement requires RFP discipline that converts vendor talking points into structured, comparable, risk-mapped responses. Without it, vendor evaluation begins on slideware and the function cannot demonstrate to the regulator or the AI Task Force that procurement followed a documented, methodology-grounded evaluation.
The Vendor RFP Methodology defines the canonical structure. Without it, the function’s AI vendor selection is indistinguishable from its general SaaS procurement — and the institutional standard requires distinction.
Legal AI OS Relevance
The Vendor RFP Methodology sits at the intersection of Pillar P6 (Vendor, Procurement & Technology) and the Governance Layer (Layer G). It produces evidence for two Defensibility Elements:
- DE-2 Methodology transparency — the RFP structure is itself documented methodology
- DE-3 Evidence framework — vendor responses scored against the methodology form the procurement evidence record
Anchoring to Bands 1 and 2 (Foundational → Operational), the Module is the procurement instrument at Band 1 and the standing procurement methodology at Band 2+. Methodology v2026.1.
Pillar Alignment
Pillar 6 (Vendor, Procurement & Technology) is the institutional capability that converts vendor markets into defensible firm capability. The Vendor RFP Methodology is the Pillar-6 instrument that issues the structured request and scores the comparable responses.
The Pillar 6 posture this Module advances: from vendor selection on demos and marketing to RFP responses scored against Risk Taxonomy 2026 with AI BoM disclosure as condition precedent to shortlisting.
Operating Layer Impact
The Governance Layer (Layer G) is the institutional substrate that constrains how vendors are evaluated. The RFP is the Layer-G artefact that scopes the evaluation against the function’s risk posture; the POC (VEN-03) operates against the shortlist; the Security and Compliance Checklist (VEN-04) operates the final gate.
Without the RFP Methodology, vendor evaluation begins with vendor-supplied talking points and the comparable scoring discipline collapses.
Maturity Band Relevance
The Module strengthens the Sophistication and Adoption lenses of the Maturity Stack.
From Band
To Band
Sophistication-lens shift
Adoption-lens shift
1 — Foundational
2 — Operational
Vendor selection on demos → vendor selection on RFP-comparable scoring
Procurement happens ad hoc → procurement happens through the AI Task Force gate
Functions at Band 1 typically issue the first RFP using this Module. Band 2+ functions operate the Methodology as the standing procurement instrument for AI capability.
Operational Outcomes
Operating the Methodology produces five institutional artefacts:
Artefact
Purpose
DPS evidence stream
Structured vendor responses scored against VEN-01 dimensions
The comparable evaluation substrate
DE-3 (primary)
Risk Taxonomy 2026 class evidence record per vendor
The risk-mapped vendor posture
DE-2 + DE-3
AI BoM vendor inventory per vendor
The disclosure-disciplined inventory
DE-3
Vendor ROAI projections against USE-05 baseline
The vendor’s projected value substrate
DE-3
Vendor selection recommendation for AI Task Force approval
The procurement decision-record substrate
DE-2
Records retain for the regulator’s limitation period plus the lifecycle of the selected vendor.
Defensibility and Governance Considerations
The Module produces evidence for DE-2 (Methodology transparency) and DE-3 (Evidence framework). All nine Risk Taxonomy 2026 classes appear as mandatory RFP response sections; incomplete responses are a governance red flag.
For Agentic Tier (Tier 4) vendor solutions, the RFP requires four additional contract provisions:
Provision
What the vendor must commit to
Autonomous-action audit trail
Per-action immutable record accessible to the firm
Configurable intervention thresholds
Materiality thresholds that route to Full HITL per GOV-16
Permanent human override
At any point, designated human may halt or reverse autonomous action
Scope limitation controls
Capability cannot expand decision-class scope without firm authorisation
For all vendors, mandatory contract conditions:
- DAT-03-aligned Data Protection Agreement as Schedule 1
- Prohibition on training on client data (or explicit opt-in language with clear scope)
- SOC 2 Type II as a baseline (Type I may be permitted with remediation timeline)
- AI BoM registration as condition precedent to implementation commencement
The editorial-independence attestation applies — the Module makes no vendor-specific recommendations.
Institutional Use Cases
Use case 1 — A 14-partner firm issuing first AI RFP. Use case (USE-01) is contract review. Eight vendors invited to respond. Methodology v2026.1 issued. Two vendors fail Risk Taxonomy 2026 Class 2 (Data leakage) response — disqualified at shortlisting. Three vendors fail Class 6 (Shadow AI controls) — disqualified. Three remaining vendors invited to POC (VEN-03). Comparable scoring at shortlist: 28 of 30 Risk Taxonomy responses verified per vendor.
Use case 2 — A 200-lawyer in-house function issuing RFP for second-generation eDiscovery. RFP includes mandatory AI BoM disclosure — each vendor lists all model components (foundation models, fine-tuning, prompt-engineering, post-processing). Two vendors decline to disclose; disqualified. One vendor’s AI BoM includes a foundation model the function’s Risk Register flags as Class 7-vulnerable (client confidentiality through retraining); disqualified after evaluation. Three vendors advanced to POC under tightened Class 7 mitigation criteria.
Use case 3 — A global energy GC office issuing RFP for Tier-4 autonomous renewal-triage. Agentic Tier provisions activated. Four vendors invited; two satisfy all four agentic provisions. Both advance to POC under the enhanced Agentic Tier evaluation gate.
Recommended Stakeholders
The Module’s stakeholders field is not currently populated; the canonical RACI for the Methodology is:
RACI role
Stakeholders
Owner
Legal Operations Lead
Approvers
AI Task Force Chair · Procurement Lead
Contributors
Risk and Compliance · CIO / CISO
Informed
General Counsel · Audit Committee
The AI Task Force (per STR-07) authorises RFP issuance and approves the shortlist. Procurement operates the RFP cycle day-to-day; Risk contributes the Risk Taxonomy 2026 response criteria.
Implementation Complexity
Dimension
Specification
RFP drafting and issuance
2–4 weeks
Full RFP cycle (issue → shortlist → recommendation)
4–8 weeks depending on complexity
Cross-team dependencies
Procurement · Risk · IT · Practice Group sponsor
Self-serve viability
Yes — template-driven
Advisory recommendation
Programme Design for first RFP of an unfamiliar capability category; Strategic Retainer for functions running ≥4 RFPs per year
The Module is methodology-versioned (v2026.1); the master template, response workbook, and AI BoM disclosure checklist are versioned alongside.
Inputs
Input
Source
USE-01 ranked use case
Use Case Prioritisation Methodology
AI Task Force RFP issuance approval
STR-07
Evaluation dimensions and weights
VEN-01
DPA requirements
DAT-03
Framework — RFP Architecture
RFP structure
The canonical RFP has eight sections:
Section
Content
1 — Executive summary and scope
Use case; expected scope; success criteria; commercial frame
2 — Governance and non-negotiable requirements
Mandatory contract conditions; DAT-03 DPA; SOC 2; AI BoM registration; training-on-client-data prohibition
3 — Technical specifications
Capability requirements; integration requirements; performance requirements
4 — AI Bill of Materials disclosures
Mandatory per-vendor BoM disclosure with model components, training data sources, fine-tuning approach, post-processing
5 — Risk Taxonomy 2026 evaluation
Per-class response requirements (one section per class)
6 — Evaluation criteria and weighting
Transparent scoring methodology aligned to VEN-01
7 — Commercial terms
Pricing structure; SLAs; commercial governance
8 — Standardised response format
Required response template for comparability
Risk Taxonomy 2026 — per-class mandatory response sections
Each vendor response must include, per Risk Class:
Class
Required response content
Class 1 — Hallucination
Hallucination rate; mitigation methodology; sampling protocol; evaluation discipline
Class 2 — Data leakage
Data residency; training prohibition; data isolation; encryption posture
Class 3 — Bias
Bias testing methodology; bias-detection cadence; remediation protocol
Class 4 — Vendor lock-in
Portability of trained artefacts; data export; exit-without-penalty terms
Class 5 — Regulatory non-compliance
Jurisdictional posture; regulatory-update cadence; compliance attestations
Class 6 — Shadow AI
Discovery / disclosure of any embedded foundation models or downstream AI; usage controls
Class 7 — Client confidentiality
Privilege-preserving architecture; retraining prohibition; engagement-letter language
Class 8 — Professional conduct
Supervisor-friendly architecture (ABA 5.3 alignment); user-level audit trail
Class 9 — Accountability dilution
Per-decision accountability trail; delegation interface; HITL configurability
Incomplete or evasive responses to any class are disqualification triggers; complete responses are scored against the calibration rubric.
AI BoM disclosure
The AI Bill of Materials disclosure section requires each vendor to enumerate:
Component
Required disclosure
Foundation model(s)
Name, version, provider, licensing posture
Fine-tuning data
Source, volume, last refresh, content-rights chain
Prompt-engineering
System prompts, prompt templates, prompt-management discipline
Post-processing
Filtering, scoring, formatting layers
Retrieval-augmented generation
Vector store, embedding model, retrieval index source
Agent orchestration (Tier 4 only)
Agent framework, tool surface, autonomous-action scope
Downstream AI components
Any embedded models in supporting infrastructure
Vendors unable to disclose components in full are disqualified — the discipline reflects the function’s Class 6 (Shadow AI) posture at the vendor surface.
Mandatory contract conditions
Condition
What it requires
DAT-03 Data Protection Agreement
Schedule 1 of the contract; vendor unable to satisfy DAT-03 = ineligible
Training-on-client-data prohibition
Default off; opt-in language explicit and scope-limited
SOC 2 Type II baseline
Type I permitted with remediation timeline
AI BoM registration
Condition precedent to implementation commencement
Risk Taxonomy 2026 mitigation attestations
Per-class attestation incorporated by reference into the contract
Agentic Tier provisions (Tier 4 only)
Four provisions per Agentic Tier section above
Scoring methodology
Dimension
Source weight
Scoring approach
Technical performance
30%
Calibrated against use-case-specific test criteria
Business value
25%
Vendor ROAI projection against USE-05 baseline
User experience
20%
Practitioner-facing capability assessment
Governance
15%
Risk Taxonomy 2026 + AI BoM disclosure + contract conditions
Commercial viability
10%
TCO including AI BoM impact + portability terms
Weights configurable per use case; defaults shown above.
Shortlist gate
To advance from RFP to POC:
Gate criterion
Pass requirement
Risk Taxonomy 2026 responses
All 9 classes complete and verified
AI BoM disclosure
Complete with no opaque components
Mandatory contract conditions
All satisfied or explicit remediation plan
Agentic Tier provisions (Tier 4)
All 4 satisfied
Aggregate score
≥ pre-set threshold (typically 75/100)
Failure on any criterion disqualifies; aggregate score below threshold disqualifies.
Worked Example
A 200-lawyer in-house function issues an RFP for second-generation eDiscovery (Tier 3 capability).
Week
Activity
Output
1–2
RFP drafted using master template; AI Task Force review; issuance approval
RFP v1.0 issued
3–6
Vendors respond (8 vendors invited)
8 vendor response packs
7
Risk Taxonomy 2026 verification: 2 fail Class 2; 1 fails Class 6; 5 advance
5 vendors verified
8
AI BoM disclosure review: 2 fail (incomplete BoM); 3 advance
3 vendors disclosed
9
Aggregate scoring against 30/25/20/15/10 dimension weights
Final scoring
10
Shortlist recommendation to AI Task Force: 3 vendors advance to POC
Phase-1 (RFP) closure
Total cycle: 10 weeks. POC (VEN-03) opens on the 3-vendor shortlist.
Common Failure Modes
Failure mode
Detection signal
Recovery
RFP issued without governance section
No DAT-03 / SOC 2 / BoM requirements
Reject; require governance section before issuance
Risk Taxonomy responses evaluated qualitatively without scoring
Subjective shortlist
Bind to scoring rubric; re-evaluate
AI BoM disclosure section skipped
Vendor disclosure not requested
Mandatory; cannot skip
Agentic Tier provisions absent for Tier 4 RFP
Tier 4 evaluation proceeds without 4 provisions
Reject; reissue with provisions
Scoring weights configured without sponsor sign-off
Weights drift between RFPs
Standing weights template; deviations require sponsor approval
Shortlist proceeds with incomplete responses
Vendors advanced despite missing class responses
Hold; require complete responses or disqualify
Vendor selection bypasses POC
Final selection on RFP scoring alone
POC is mandatory per VEN-03
Edge Cases
The Module does not apply when:
- The function is acquiring a single-purpose tool with no AI component — general SaaS procurement applies
- The vendor is sole-source by regulatory requirement — Methodology operates abbreviated (governance + Risk Taxonomy sections only)
- The function is renewing an existing capability — light-touch RFP with refresh of Risk Taxonomy and BoM only
- The vendor is operating under a parent-organisation MSA with existing governance posture — Module produces gap analysis against MSA rather than full RFP