AI Vendor Assessment for US

US-specific obligations covered

The output is anchored on the regulations that apply to AI deployments in US. The top frameworks cited:

• Colorado Artificial Intelligence Act (SB 24-205, codified at C.R.S. §§ 6-1-1701 to 6-1-1707)state_legislation · Enacted - not yet in force

  Deployers of high-risk AI systems must conduct impact assessments, implement AI risk management programmes, provide consumers with clear disclosure of AI use and adverse action explanations, and notify developers of discovered risks.

• Texas Responsible AI Governance Act (HB 149)state_legislation · In force

  AI developers and deployers must avoid prohibited uses, provide clear disclosures when consumers interact with AI in consequential contexts, conduct algorithmic-discrimination assessments for in-scope systems, and report adverse incidents to the Texas Attorney General. Compliance with NIST AI RMF and recognised standards is treated as a rebuttable presumption of reasonable care.

• California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)state_legislation · In force

  Businesses must disclose automated decision-making logic upon consumer request, allow opt-out of profiling for targeted advertising or significant decisions, and conduct and document risk assessments for high-risk data processing activities.

• California Bot Disclosure Law (SB 1001 — Cal. Bus. & Prof. Code §§17940-17943)state_legislation · In force

  Operators of bots that interact with California consumers in commercial or electoral contexts must clearly and conspicuously disclose that the consumer is communicating with a bot, with the disclosure designed to inform a reasonable person communicating with the bot. Disclosure must not be hidden behind interaction or buried in a privacy notice.

How the AI Vendor Assessment approaches this

You describe the vendor (name and product or service) and your organisation's context — jurisdiction, industry, staff size, risk appetite — and choose your alignment framework: ISO/IEC 42001:2023, NIST AI RMF, or both. The tool produces a structured, evidence-based assessment ready to hand to your procurement, legal, and information-security teams.

The Executive Summary Word document is a one-page sign-off artifact — recommendation (Approved / Conditional / Rejected), top three risk flags, top three strengths, sign-off block. The detailed Excel workbook is the working assessment instrument: 30 questions across six weighted categories, with evidence guidance, regulatory call-outs, and an auto-summing scoring sheet. Both are AI-assisted drafting aids intended to accelerate review by qualified practitioners.

What you get

• ✓ Four deliverables, three jobs: Executive Summary (.docx) for board sign-off, Detailed Workbook (.xlsx) for the working scoring (with the Evidence Request List on a dedicated tab inside it), Procurement Checklist (.xlsx) for foundational readiness — no overlap, no confusion.
• ✓ Aligned to ISO/IEC 42001:2023 Annex A or NIST AI Risk Management Framework — your choice. Every question carries the framework reference and (where applicable) jurisdiction-critical regulatory call-outs.
• ✓ Excel formulas auto-sum each category total, calculate the weighted overall percentage, and surface Pass / Conditional / Reject thresholds — procurement teams don't have to re-key or re-calculate.
• ✓ Tailored to the vendor's product category, your industry, jurisdiction, and organisation size — not a generic checklist. Designed for review and sign-off by qualified procurement, legal, or information-security practitioners.

Ready to generate?

$29 · one-time — answer a 6-question intake (including jurisdiction = US), and download your tailored document immediately.

Also available framed for your sector → see industry-specific pages