AI Vendor Assessment for CH

CH-specific obligations covered

The output is anchored on the regulations that apply to AI deployments in CH. The top frameworks cited:

• revFADP — Revised Federal Act on Data Protection (revFADP, SR 235.1), in force 1 September 2023legislation · In force

  Article 6 — Principles for data processing • Article 5(c) — Sensitive personal data (includes health, biometric data) • Article 21 — Automated individual decisions (right to request human review) • Article 22 — Data protection impact assessment

• Swiss MedDO — Swiss Medical Devices Ordinance (MedDO, SR 812.213)legislation · In force

  Healthcare — Switzerland uses mutual recognition with EU MDR/IVDR via MRA. Post-2024 CE marking is not automatically valid in Switzerland for new devices.

• FINMA Circular 2023/1 — Operational Risks and Resilience — Banks (RS 2023/1)regulatory_circular · In force

  FINMA-supervised institutions must identify, assess, and manage AI and ML model risks as part of their operational risk framework; maintain independent model validation processes; ensure board-level accountability for technology risks; and demonstrate adequate controls over AI systems used in credit decisions, trading, and customer-facing services.

• Federal Act on Financial Services (FinSA, SR 950.1)federal_legislation · In force

  Financial service providers using AI for client advisory, portfolio management, or investment recommendations must conduct a client suitability and appropriateness assessment, ensure AI-generated advice is explainable to clients, maintain adequate documentation of algorithmic decision logic, and provide clients with a key information document where required.

How the AI Vendor Assessment approaches this

You describe the vendor (name and product or service) and your organisation's context — jurisdiction, industry, staff size, risk appetite — and choose your alignment framework: ISO/IEC 42001:2023, NIST AI RMF, or both. The tool produces a structured, evidence-based assessment ready to hand to your procurement, legal, and information-security teams.

The Executive Summary Word document is a one-page sign-off artifact — recommendation (Approved / Conditional / Rejected), top three risk flags, top three strengths, sign-off block. The detailed Excel workbook is the working assessment instrument: 30 questions across six weighted categories, with evidence guidance, regulatory call-outs, and an auto-summing scoring sheet. Both are AI-assisted drafting aids intended to accelerate review by qualified practitioners.

What you get

• ✓ Four deliverables, three jobs: Executive Summary (.docx) for board sign-off, Detailed Workbook (.xlsx) for the working scoring (with the Evidence Request List on a dedicated tab inside it), Procurement Checklist (.xlsx) for foundational readiness — no overlap, no confusion.
• ✓ Aligned to ISO/IEC 42001:2023 Annex A or NIST AI Risk Management Framework — your choice. Every question carries the framework reference and (where applicable) jurisdiction-critical regulatory call-outs.
• ✓ Excel formulas auto-sum each category total, calculate the weighted overall percentage, and surface Pass / Conditional / Reject thresholds — procurement teams don't have to re-key or re-calculate.
• ✓ Tailored to the vendor's product category, your industry, jurisdiction, and organisation size — not a generic checklist. Designed for review and sign-off by qualified procurement, legal, or information-security practitioners.

Ready to generate?

$29 · one-time — answer a 6-question intake (including jurisdiction = CH), and download your tailored document immediately.

Also available framed for your sector → see industry-specific pages