S9.07 - Procurement
S9.07 ? Procurement
flowchart LR
A[Traditional procurement problem
Claims without run-level visibility] --> B[RAIDT
Run-level evidence framework]
B --> C[[Procurement
Evidence requirements for suppliers]]
H[Tender questions
Contract clauses
Due diligence
Interoperability] --> C
C --> D[Exportable evidence pack]
C --> E[RAIDT score profile]
C --> F[Reviewer reconstruction]
D --> G[Governance readiness
Auditability
Contestability
Organisational learning]
E --> G
F --> G? Star S9 - Policy, Standards and Assurance
Star context: Connects RAIDT to policy instruments, standards, assurance, procurement, audit and organisational accountability by showing how external governance expectations can be translated into concrete evidence demands at the level of an individual GenAI run.
Academic picture
Definition / background
Procurement is the organisational process through which a buyer specifies requirements, evaluates suppliers, awards contracts and governs delivery. In the context of GenAI governance, procurement matters because many of the conditions that determine later accountability are fixed before a system is fully embedded in practice. If a purchaser does not ask for evidence, logging, exportability, review routes or version transparency at the point of acquisition, those capabilities may be absent or difficult to recover later.
Within RAIDT, procurement is not treated as a generic buying function. It is the point at which governance principles are translated into operational evidence demands. RAIDT asks organisations to govern GenAI at the level of the run: one configured use of a system for a specific task, at a specific time, in a specific context. Procurement therefore needs to ask whether a supplier can support that level of granularity through run logs, configuration records, prompts or templates where appropriate, model and tool versions, reviewer reconstruction, evidence pack export and score reporting across Responsibility, Auditability, Interpretability, Dependability and Traceability.
This makes procurement conceptually distinct from high-level vendor assurance. A supplier may offer a strong policy statement, a generic model card or a platform security claim, but RAIDT-oriented procurement asks whether the buyer can inspect and reconstruct a specific organisational use. That is why procurement belongs in Star S9. It links policy and standards expectations to concrete assurance mechanisms, and it determines whether RAIDT evidence packs and score profiles will be contractually and technically obtainable in practice.
Why this concept matters
Procurement solves an important governance translation problem. Organisations often endorse responsible AI principles, yet still buy tools through tendering or commercial processes that request little more than promises of compliance. That creates a mismatch between strategic intent and operational oversight. RAIDT addresses this by making procurement ask for evidence structures that support later review, challenge and improvement.
Without this concept, buyers may acquire GenAI systems that are difficult to inspect after deployment. They may be unable to determine which model version was used for a disputed output, what prompt or configuration shaped the response, whether human review was required, or whether evidence can be exported for audit or incident response. The result is governance by assertion rather than governance by evidence.
Procurement therefore matters because it pushes accountability upstream. It allows organisations to state, before adoption, what must be observable, reconstructable and reviewable once the system is in use. In RAIDT terms, that is how governance moves from broad principles toward operational readiness.
Key idea: Procurement matters in RAIDT because it makes evidence requirements part of the buying decision, rather than a retrospective request after problems appear.
What this item enables
- Translation of responsible AI principles into tender questions, contract clauses and supplier selection criteria.
- Comparison of suppliers on the basis of evidence capability rather than marketing language alone.
- Early specification of exportable RAIDT evidence packs, score reports and review artefacts.
- Contractual access to run logs, version histories, configuration data and reconstruction pathways.
- Better interoperability between supplier systems and the organisation's assurance, audit and incident processes.
- Stronger post-award monitoring because the buyer has already defined what evidence must remain available.
Practical example / likely audience question
Audience question
If procurement already checks security, legal terms and supplier capability, why does RAIDT need a separate procurement concept?
Answer
The concern behind this question is that procurement may look like an administrative wrapper rather than a substantive governance mechanism. The direct answer is that ordinary procurement often checks whether a supplier appears credible, whereas RAIDT-oriented procurement checks whether a specific organisational use can later be evidenced, reconstructed and challenged.
For example, a supplier may pass standard due diligence by offering data protection terms, service levels and general statements about safe AI. That is useful, but it does not tell the buyer whether a contested output can later be traced to a particular run, model version, prompt template, reviewer decision or score profile. RAIDT adds value by making those evidential capabilities explicit procurement requirements instead of optional extras.
This is stronger than a generic AI governance approach because it does not stop at principles such as transparency or accountability. It asks what the buyer must receive, store or be able to reconstruct at run level for those principles to become operational. Procurement is therefore the gateway through which RAIDT becomes actionable in real organisations.
Practical example in RAIDT terms
A local authority procures a GenAI assistant to help staff draft responses for housing and benefits enquiries. At first glance, the purchase appears low risk because the tool is presented as a drafting aid rather than an autonomous decision-maker. The run-level issue, however, is that different runs may serve different functions: one run drafts routine replies, another summarises case notes, and another suggests escalation categories for vulnerable residents. Those runs have different governance implications even if they use the same supplier platform.
A RAIDT-oriented procurement process would therefore require the supplier to support evidence for each configured use. The buyer would ask for run identifiers, model and version records, prompt or workflow configuration, human review checkpoints, data handling details, logging scope, exportable evidence packs, and score outputs or inputs sufficient to calculate the five-pillar profile. If a complaint later arises about an inaccurate or insensitive response, reviewers can inspect the relevant run rather than rely on generic supplier assurances.
In this example, Responsibility is affected because the authority must define acceptable use and oversight roles; Auditability and Traceability are affected because disputed outputs need reconstruction; Interpretability matters because staff must understand the basis of the generated draft; and Dependability matters because the system must perform consistently across routine and high-stakes cases. Procurement improves governance readiness by ensuring these evidential requirements are built into the buying and contracting process from the start.
Detailed link to RAIDT
Procurement links to RAIDT in four ways.
First, it connects RAIDT's core idea to institutional decision-making by turning responsible governance into explicit acquisition requirements.
Second, it links directly to the run because the buyer must ask whether evidence can be generated and retrieved for a specific configured use, not just for a product in the abstract.
Third, it shapes the evidence pack and score profile by determining whether the supplier can provide the artefacts, metadata and access needed to assemble them.
Fourth, it supports reviewability, contestability, audit readiness and organisational learning because evidence requested at procurement stage remains available when incidents, audits or policy reviews occur.
Procurement specification ? Run-level evidence ? Evidence pack ? RAIDT score profile ? Governance readiness
When procurement is weak, the rest of this chain is fragile. When procurement is evidence-aware, RAIDT can function as an operational governance framework rather than a conceptual aspiration.
Link to the five RAIDT pillars
Responsibility
Procurement supports Responsibility by clarifying who must define acceptable uses, approve supplier choices, set review thresholds and own accountability for deployment decisions.
Example evidence / implication:
- Tender documents specify the intended task, users, risk boundaries and human oversight expectations.
- Contract terms allocate responsibilities for updates, issue reporting, retraining decisions and evidence access.
Auditability
Procurement strongly affects Auditability because buyers must secure the right to inspect records, reconstruct events and review supplier behaviour over time.
Example evidence / implication:
- The supplier can export run logs, version histories and configuration records in a usable format.
- The contract includes retention periods and access rights for internal audit or external assurance review.
Interpretability
Procurement affects Interpretability by requiring suppliers to expose enough information for users and reviewers to understand how outputs were produced in context.
Example evidence / implication:
- Documentation explains workflow logic, prompt structures, model limitations and escalation triggers.
- The organisation can review why a particular run produced a specific output pattern or confidence signal.
Dependability
Procurement contributes to Dependability by testing whether the tool performs consistently under the organisational conditions in which it will actually be used.
Example evidence / implication:
- Pre-award evaluation includes realistic task scenarios, failure modes and service reliability expectations.
- The supplier provides evidence of update control, rollback options and incident handling capability.
Traceability
Procurement has a particularly strong effect on Traceability because traceable governance depends on being able to link outputs back to the relevant run, configuration and review decisions.
Example evidence / implication:
- The buyer requires stable run identifiers, timestamping and linkage between inputs, outputs and reviewer actions.
- Evidence packs can be exported with provenance fields that support later challenge, comparison and policy reporting.
Procurement touches all five pillars, but it is especially influential for Auditability and Traceability because those capabilities are difficult to retrofit after a contract has already been signed.
Why this item is more than a generic concept
In general AI governance, procurement may simply mean buying technology responsibly, adding vendor due diligence, or asking for compliance statements during tendering. In RAIDT, procurement means specifying the evidential and review conditions under which a GenAI system may be used in organisational work.
The RAIDT meaning is more operational because it is tied to run-level evidence. It asks not only whether a supplier seems trustworthy, but whether the organisation can later inspect a particular use, export the relevant evidence pack, understand the resulting score profile and challenge the basis of a disputed output. That shift from supplier claim to run-specific evidence is what makes procurement a substantive governance instrument rather than a procedural checkbox.
Common misunderstanding
Misunderstanding
Procurement is only relevant before contract award; once the tool is purchased, governance becomes a separate operational matter.
Correction
This is too narrow. Procurement establishes the evidential rights, technical interfaces and contractual expectations that determine whether later governance is even possible. For instance, if a supplier is not required to retain version history or provide exportable run records, an organisation may discover during an incident review that it cannot reconstruct the run that produced a harmful output. In RAIDT, procurement is therefore both an entry point and a continuing governance lever, because post-award monitoring depends on what was specified and negotiated at the start.
Boundary and limitation
Procurement does not prove that a GenAI system is safe, fair or effective in every context. It cannot by itself guarantee good human oversight, adequate organisational competence or appropriate downstream use. A buyer may request excellent evidence capabilities and still misuse the system, interpret outputs poorly or fail to respond when warning signs emerge.
Procurement also depends on market reality. Some suppliers may not yet provide granular exportability, interoperable logs or strong reconstruction pathways. Smaller organisations may lack bargaining power or the expertise needed to evaluate evidence claims critically. RAIDT handles this limitation by giving procurement a clearer evidential grammar: even where full implementation is not possible, organisations can still ask structured questions, compare maturity levels and identify where residual governance gaps remain.
Implementation levels
Manual implementation
A researcher, public body or small team can apply RAIDT-oriented procurement manually by adding evidence-focused questions to supplier selection documents. This includes asking for sample evidence packs, model and version disclosure, logging arrangements, review pathways, retention periods and examples of how a specific run can be reconstructed after a complaint.
Semi-automated implementation
A semi-automated approach uses templates, metadata fields, supplier questionnaires and structured evaluation rubrics. Procurement teams can score suppliers against RAIDT-related criteria, capture responses in a standard format, and map procurement answers to anticipated evidence pack components and five-pillar assessment inputs.
Fully automated implementation
At scale, a governance platform, wrapper or orchestration layer can enforce procurement-linked evidence requirements automatically. Approved suppliers may be onboarded only if their systems expose the required metadata, logging hooks, export formats and score inputs. Dashboards can then track evidence completeness, contract compliance, version changes and post-award assurance status across many runs and vendors.
Practical use in the RAIDT project
This item is useful across the RAIDT project because it explains how the framework enters real organisational decision processes. In Paper 08 Foundations, procurement helps show that RAIDT is not merely a descriptive taxonomy but a mechanism for structuring governance requirements before deployment. In Paper 09 Empirical Validation, procurement can inform interview protocols, field observations or case comparisons about what organisations actually request from suppliers and what evidence they receive. In Paper 10 Policy Pathways, procurement becomes a route for policy translation because standards, assurance expectations and public-sector obligations can be embedded into tenders, framework agreements and contract management practices.
It is also useful for sector playbooks and viva defence. Procurement gives a concrete answer when supervisors, reviewers or practitioners ask how RAIDT changes organisational behaviour. The answer is that it changes what buyers ask for, what suppliers must provide, and what evidence remains available for review, scoring and continuous improvement.
Key audience questions to prepare for
Q1. Why is procurement so important if RAIDT is mainly about run-level evidence?
Because run-level evidence is only useful if the organisation can obtain, retain and review it. Procurement is where those access conditions are negotiated and formalised.
Q2. Does RAIDT procurement apply only to public-sector tendering?
No. It is highly relevant to public procurement, but the principle also applies to private-sector vendor selection, internal platform onboarding and managed-service agreements wherever GenAI capability is acquired from another party.
Q3. What is the difference between procurement evidence and assurance evidence?
Procurement evidence is requested to determine whether a supplier can support accountable use; assurance evidence is examined to evaluate performance, compliance or control after or during use. In RAIDT, procurement helps ensure that assurance evidence will later exist in a usable form.
Q4. Can procurement address harms caused by later system updates?
Not on its own, but it can require update notification, version transparency, evidence retention and re-evaluation triggers. That makes later changes more visible and governable.
Q5. Why not just require compliance with a standard instead of asking for RAIDT-style evidence?
Standards compliance is valuable, but it may remain abstract. RAIDT adds operational specificity by asking how a particular run can be evidenced, reconstructed and scored in the organisation's real context of use.
Suggested citation concepts to support this item
- AI procurement governance
- public procurement of algorithmic systems
- responsible procurement for generative AI
- supplier transparency and AI assurance
- auditability requirements in AI contracts
- run-level logging and evidence export
- model documentation in vendor due diligence
- post-award monitoring of AI systems
- interoperability requirements for AI governance artefacts
- organisational accountability in AI acquisition
Short explanation for presentation
Procurement matters in RAIDT because governance capacity is often decided before a GenAI system is fully deployed. If an organisation buys a tool without requiring run logs, version records, evidence export, reviewer reconstruction and score-related metadata, it may later discover that contested outputs cannot be inspected properly. RAIDT therefore treats procurement as an upstream governance mechanism. It turns abstract expectations such as transparency, accountability and assurance into concrete supplier requirements. In practice, this means buyers ask not only whether a vendor appears compliant, but whether a specific organisational run can be reconstructed, reviewed and challenged. That makes procurement central to evidence-pack generation, five-pillar scoring, audit readiness and continuous organisational learning.
One-line takeaway
Procurement is the governance mechanism that makes RAIDT evidentially achievable because it decides whether run-level evidence can be demanded, exported and reviewed in practice.
Related items in policy, standards and assurance
Mentioned in reference-paper summaries (4)
Paper summaries live in Port/93-References/pdf_summaries/. Each file listed below contains the key term at least once.
REF-071__Metcalf-2021.mdREF-083__Panigutti-2021.mdUNM-028__oa_10.1147_JRD.2019.2942288.mdUNM-037__s43681-022-00171-7.md