Skip to main content
EFROS

Research / Changelog

Index Changelog

Edition-over-edition diff for the EFROS US AI Vendor Governance Index. Every change to a score, axis, or vendor inclusion is documented with effective date and rationale.

By Stefan Efros, CEO & Founder, EFROSReviewed by Daniel Agrici, Chief Security Officer, EFROS
Reviewed by CSO ·

Why we publish a changelog

Vendor governance posture changes between editions. A BAA gets added. A SOC 2 Type II report lands. A vendor change of ownership shifts the subprocessor chain. An ISO/IEC 42001 certificate finally arrives. If the Index simply re-published quarterly without showing what moved, buyers couldn't tell whether a score change reflects vendor effort or methodology refinement. The changelog closes that gap — every score movement is dated, attributed to the vendor's public action, and linked back to the source that triggered the re-score.

Edition cadence

We publish quarterly. Material out-of-cycle changes — a new BAA, a new certification, a vendor change of ownership, a public model card revision — trigger a mid-quarter changelog entry but don't shift the headline edition number. The current edition is Q2 2026 — Inaugural Edition; the next edition is targeted for 2026-Q3.

Change types we record

  • added — vendor enters the universe (with rationale)
  • removed — vendor exits (acquired, deprecated, scope drift)
  • score_changed — composite movement (≥3 points) driven by axis updates
  • axis_changed — single-axis re-score (e.g., BAA flipped from Partial → Yes after vendor expanded BAA scope)
  • trust_center_changed — trust-center maturity sub-score updated (1-5 scale)

Q2 2026 — Inaugural Edition

Published 2026-05-13 · 25 vendors

Current edition

Highlights

  • 25 vendors scored across foundation models, productivity, legal, healthcare, and banking categories
  • Banking-vertical coverage added in v1.2 (FICO Falcon Fraud Manager + FICO Score AI, Zest AI, Upstart, Hummingbird, Unit21) — SR 11-7 ×2 sector weight applies
  • Best-in-class composite: Abridge (healthcare, A grade) — only vendor with explicit HHS-OCR Section 1557 algorithmic non-discrimination engagement
  • No vendor in the inaugural edition holds ISO/IEC 42001 attestation — the largest cross-category gap
  • Sector-vertical vendors (legal, healthcare, banking) outperform foundation models on the composite because of sector-overlay weight amplification
  • Upstart is the only vendor in the Index with a CFPB no-action letter history — uniquely deep fair-lending audit defensibility

Changes from previous edition

Inaugural edition — no prior baseline to diff against.

Want to challenge a scoring decision?

If a vendor's score doesn't match the most recent public evidence — a new BAA, a new certification, a documented policy change — email research@efros.com with the specific cell and the public source URL. We re-score and publish the change with the next quarterly edition (or as a mid-quarter changelog entry if the change is material).

Full methodology, sector weighting, source-citation requirements: Read the methodology page.

See the full Index →