AI Vendor Assessment for BR

BR-specific obligations covered

The output is anchored on the regulations that apply to AI deployments in BR. The top frameworks cited:

• Lei Geral de Proteção de Dados — LGPD (Law 13,709/2018)national_law · In force

  Data controllers must establish a lawful basis for all personal data processing, honour data subject rights including the right to request review of decisions made exclusively by automated processing, appoint a DPO, and report data breaches to the ANPD.

• Brazilian Artificial Intelligence Bill (PL 2338/2023 — Senate)proposed_legislation · Proposed

  Providers and operators of high-risk AI systems must conduct impact assessments, ensure transparency and explainability of consequential AI decisions, implement human oversight mechanisms, and register high-risk AI systems with the designated national authority.

• Marco Civil da Internet — Law 12,965/2014national_law · In force

  Internet application providers must preserve connection and application access logs for court-ordered disclosure, refrain from supplying personal data to third parties without consent, and comply with Brazilian judicial orders for user data within specified timeframes.

• BACEN Resolution 4,658/2018 — Cybersecurity Policy for Financial Institutionsregulatory_resolution · In force

  Financial institutions using AI must establish board-approved cybersecurity policies, conduct comprehensive risk assessments of AI suppliers and cloud providers, maintain relevant contracts with security obligations, and report significant cybersecurity incidents to BACEN.

How the AI Vendor Assessment approaches this

You describe the vendor (name and product or service) and your organisation's context — jurisdiction, industry, staff size, risk appetite — and choose your alignment framework: ISO/IEC 42001:2023, NIST AI RMF, or both. The tool produces a structured, evidence-based assessment ready to hand to your procurement, legal, and information-security teams.

The Executive Summary Word document is a one-page sign-off artifact — recommendation (Approved / Conditional / Rejected), top three risk flags, top three strengths, sign-off block. The detailed Excel workbook is the working assessment instrument: 30 questions across six weighted categories, with evidence guidance, regulatory call-outs, and an auto-summing scoring sheet. Both are AI-assisted drafting aids intended to accelerate review by qualified practitioners.

What you get

• ✓ Four deliverables, three jobs: Executive Summary (.docx) for board sign-off, Detailed Workbook (.xlsx) for the working scoring (with the Evidence Request List on a dedicated tab inside it), Procurement Checklist (.xlsx) for foundational readiness — no overlap, no confusion.
• ✓ Aligned to ISO/IEC 42001:2023 Annex A or NIST AI Risk Management Framework — your choice. Every question carries the framework reference and (where applicable) jurisdiction-critical regulatory call-outs.
• ✓ Excel formulas auto-sum each category total, calculate the weighted overall percentage, and surface Pass / Conditional / Reject thresholds — procurement teams don't have to re-key or re-calculate.
• ✓ Tailored to the vendor's product category, your industry, jurisdiction, and organisation size — not a generic checklist. Designed for review and sign-off by qualified procurement, legal, or information-security practitioners.

Ready to generate?

$29 · one-time — answer a 6-question intake (including jurisdiction = BR), and download your tailored document immediately.

Also available framed for your sector → see industry-specific pages