How the US AI Vendor Governance Index is built.

A signed Business Associate Agreement (or equivalent Data Processing Addendum for non-HIPAA US deployments) is the contractual foundation for sending regulated data to a third-party AI vendor. Without a BAA, HIPAA-regulated US healthcare and adjacent buyers cannot legitimately deploy the vendor against PHI.

Yes: vendor publishes BAA terms or executes a BAA at standard enterprise tier without custom legal escalation, with public documentation linking enterprise tier to BAA availability.

Partial: BAA available only on the highest tier, only after manual sales escalation, or under a compliance-program SKU that is not the default enterprise contract.

No: vendor explicitly refuses BAA execution, has no public BAA mechanism, or restricts BAA execution to scenarios outside the typical buyer's reach.

Training-data opt-out is the difference between a vendor that uses your customer prompts to improve its model and a vendor that contractually segregates customer data from training pipelines. For regulated buyers, model training on customer content is often a non-starter regardless of pseudonymization claims.

Yes: customer content is excluded from model training by default at the standard enterprise tier, with public contractual language stating this explicitly.

Partial: opt-out is available but requires affirmative customer action (toggle, support ticket, contract addendum) or is conditioned on a higher tier than the standard enterprise plan.

No: vendor trains on customer content by default with no public exclusion mechanism, or opt-out is limited to a narrow data class that does not cover prompt/output content.

US data residency means processing and storage occur in US-domiciled infrastructure. For US regulated buyers, residency is increasingly load-bearing both for vendor risk reviews and for sector frameworks (FedRAMP, StateRAMP, CJIS, IRS Pub 1075, HICP 405(d)) that condition deployment on data-locality controls.

Yes: vendor publishes a US residency option that is selectable at the standard enterprise tier and applies to both data-at-rest and model-inference traffic.

Partial: US residency is available only for storage but not for inference, only on a separate SKU (FedRAMP/GovCloud, dedicated tenant), or only on the highest commercial tier.

No: vendor has no US residency commitment, runs inference on globally-distributed infrastructure with no regional pinning, or treats residency as a custom-deal-only conversation.

A current SOC 2 Type II report covering the AI service in scope is the table-stakes US infosec evidence artifact. Without it, vendor risk management programs at most US enterprises will not green-light deployment, regardless of how strong the AI-specific governance posture is.

Yes: vendor maintains a current SOC 2 Type II report that explicitly names the AI service in scope and is available to prospective buyers under NDA via a public trust portal.

Partial: SOC 2 Type II exists but the AI surface is not yet covered in scope, the report is only Type I, or access requires a manual sales request rather than a trust-portal flow.

No: no current SOC 2 Type II report, or the report covers only a non-AI corporate surface that is not the system being scored.

ISO/IEC 42001 is the international AI management-system standard. It is the most concrete public attestation a vendor can hold that it operates a formalized AI governance program with documented roles, risk management, supplier controls, and continual improvement. For US buyers, ISO 42001 is the cleanest way to evidence operating maturity beyond marketing claims.

Yes: vendor holds a current ISO 42001 certificate covering the AI service in scope, issued by an accredited certification body, with the certificate visible on the public trust portal.

Partial: vendor is publicly in the ISO 42001 certification audit cycle (Stage 1 complete, gap-assessment published, target certification date stated) but has not yet achieved certification.

No: no ISO 42001 certificate and no public statement of an active certification path.

The NIST AI Risk Management Framework is the US federal anchor for AI governance posture. While not a certification regime, public self-attestation against NIST AI RMF Govern / Map / Measure / Manage functions is the most credible US-aligned governance evidence available short of ISO 42001.

Yes: vendor publishes an explicit NIST AI RMF self-attestation, crosswalk, or governance whitepaper that walks each of Govern / Map / Measure / Manage with concrete control references.

Partial: vendor references NIST AI RMF in marketing material or a single blog post but has not produced a structured public crosswalk.

No: no public NIST AI RMF reference in vendor governance documentation as of the review date.

Colorado AI Act SB 24-205 is the first US state law imposing structured obligations on developers and deployers of high-risk AI systems across nine consequential-decision categories (healthcare, employment, education, financial services, housing, insurance, legal, government services). Vendor readiness for deployer-side compliance is the load-bearing question for any US regulated buyer.

Yes: vendor publishes deployer-facing documentation that explicitly enables Colorado AI Act compliance — impact assessment inputs, consumer-notice content, opt-out plumbing, NIST AI RMF crosswalk — referenced as a Colorado AI Act readiness artifact.

Partial: vendor publishes general AI governance documentation that touches Colorado AI Act-adjacent obligations but does not explicitly name the act or map to its specific deployer requirements.

No: no public Colorado AI Act-aligned documentation; deployer would have to construct compliance artifacts from scratch without vendor inputs.

HHS-OCR Section 1557 final rule (effective July 2024) prohibits algorithmic discrimination in covered health programs receiving federal financial assistance. For healthcare-primary AI vendors, public posture on Section 1557 readiness — bias-testing methodology, demographic performance analysis, remediation triggers — is a load-bearing trust signal.

Yes: vendor publishes a Section 1557 readiness statement covering bias-testing methodology, demographic performance reporting, and remediation protocol for performance disparities by race, ethnicity, sex, disability, age, or national origin.

Partial: vendor publishes a general fairness or bias-mitigation statement that touches Section 1557 themes but does not explicitly name the regulation or commit to demographic-performance disclosure.

No: no Section 1557-aligned documentation; deployer would have to construct the non-discrimination evidence chain entirely outside the vendor relationship.

N/A: applies when the vendor is not a healthcare-primary deployment (foundation models, productivity, legal) and the buyer-side responsibility for Section 1557 readiness sits with the downstream clinical-AI integrator rather than the foundation vendor.

Federal Reserve Board SR 11-7 (Supervisory Guidance on Model Risk Management) is the long-standing US banking-supervision anchor for model governance. For banking-primary AI vendors, public posture on SR 11-7 alignment — model documentation, validation evidence, change-management governance — is the most concrete trust signal for regulated US bank buyers.

Yes: vendor publishes SR 11-7 readiness documentation covering model documentation, independent validation evidence, ongoing monitoring, and change-management governance specifically anchored to SR 11-7 expectations.

Partial: vendor publishes general model-governance documentation that touches SR 11-7-adjacent expectations but does not explicitly map to the guidance.

No: no SR 11-7-aligned documentation; banking buyer would have to construct the model-risk evidence chain entirely from internal validation.

N/A: applies when the vendor is not a banking-primary deployment (foundation models, productivity, healthcare, legal) and the buyer-side responsibility for SR 11-7 alignment sits with the downstream bank's model-risk function.

ABA Formal Opinion 512 (2024) extended US lawyer ethical duties — competence, confidentiality, candor, supervision — to generative AI use. For legal-primary AI vendors, public posture on confidentiality protections, work-product safeguards, and supervisory-review enablement is the load-bearing trust signal for regulated US legal buyers.

Yes: vendor publishes documentation explicitly addressing ABA Op 512 obligations — confidentiality of client matter content, contractual non-training on work product, audit-log capture for supervisory review, and lawyer-in-the-loop enablement.

Partial: vendor publishes confidentiality and non-training language that touches Op 512 obligations but does not explicitly name the opinion or address the full supervisory-review surface.

No: no Op 512-aligned documentation; lawyer-buyer would have to construct the ethical-compliance evidence chain outside the vendor relationship.

N/A: applies when the vendor is not a legal-primary deployment and the lawyer-buyer responsibility for Op 512 compliance sits with the downstream legal-AI integrator rather than the foundation vendor.

A current, public subprocessor list is the table-stakes transparency artifact for US enterprise procurement. Without one, vendor risk management programs cannot perform fourth-party diligence, evaluate cross-border data exposure, or assess concentration risk in the subprocessor chain.

Yes: vendor publishes a complete current subprocessor list on the trust portal with named entities, processing purposes, and US/regional locations, plus a documented subprocessor change-notification mechanism.

Partial: subprocessor list is available only on request, omits processing purposes or locations, or has not been updated within the most recent 12 months.

No: no public or on-request subprocessor list; deployer cannot perform fourth-party diligence without breaking contractual transparency expectations.

Healthcare-primary

Section 1557 axis weight ×2.0, BAA axis weight ×1.5, all other axes ×1.0

A clinical-AI vendor failing Section 1557 is a bigger problem than a productivity-AI vendor failing it. The amplified Section 1557 weight forces the composite to reflect what actually breaks regulated clinical deployment.

Legal-primary

ABA Op 512 axis weight ×2.0, BAA axis weight ×1.5, all other axes ×1.0

Lawyer ethical obligations on confidentiality and supervision do not transfer to the vendor — but the vendor's posture determines whether the lawyer can satisfy them. The amplified Op 512 weight makes legal-vendor scoring reflect that reality.

Banking-primary

SR 11-7 axis weight ×2.0, BAA axis weight ×1.5, all other axes ×1.0

US banking supervision frames AI models as model-risk objects under SR 11-7. The amplified weight ensures banking-vendor composite scoring tracks the supervisory framing the buyer is actually being examined against.

General / Foundation

All 12 axes ×1.0 (baseline)

Foundation and general-productivity vendors are not the right object for sector-specific axis amplification — the buyer is the locus of sector compliance. Baseline weights apply, and sector-specific axes (Section 1557, SR 11-7, ABA Op 512) typically score N/A and are excluded from the denominator.

How is this different from a Gartner Magic Quadrant or Forrester Wave?

Gartner and Forrester sell analyst access to vendors and run an analyst-relations process where vendors review draft positioning. The EFROS US AI Vendor Governance Index is publicly-sourced and ungated — every cell links to a public artifact (vendor trust portal, SOC report cover page, BAA template, model card, vendor documentation). Vendors do not see draft scores before publication and EFROS does not accept vendor payment for inclusion or scoring. EFROS is paid by buyers operating the controls, not by vendors purchasing positioning.

Why isn't my favorite vendor in the Index?

The v1 (May 2026) universe is 20 vendors selected by US regulated-buyer pipeline volume across foundation, productivity, legal, and healthcare categories. Subsequent editions expand the universe based on procurement patterns EFROS observes in buyer engagements. To nominate a vendor, email research@efros.com with a one-paragraph rationale describing the regulated US buyer use case and the public documentation we can score against.

Why do you penalize foundation models on sector-specific axes when those are downstream responsibilities?

We don't — that's exactly why the framework uses N/A for sector axes (Section 1557, SR 11-7, ABA Op 512) on general-purpose foundation vendors. N/A is excluded from the composite denominator so the foundation vendor isn't penalized for an axis that isn't its responsibility. Sector amplification only applies to vendors whose primary deployment is in that sector (healthcare, banking, or legal).

Can my vendor pay to be added or re-scored faster?

No. Inclusion in the vendor universe is set by EFROS based on regulated-buyer pipeline volume, and re-scoring follows the quarterly edition cadence with out-of-cycle updates only for material changes documented in public evidence (new attestation, new BAA, change of ownership). Vendor payment is never accepted for either dimension. This is non-negotiable.

What's the EFROS business interest here?

EFROS is a US-only cybersecurity-first managed IT firm. Buyers in regulated US sectors (healthcare, financial services, legal, and adjacent) increasingly need credible AI vendor diligence inputs before committing to multi-year contracts. The Index is a public research artifact that makes EFROS the obvious accountable partner to run the deployer-side AI governance program once a vendor is selected. EFROS does not sell rankings, sponsored placements, or premium tiers within the Index.

How often does scoring actually change between editions?

Material score changes between quarterly editions average two to four vendors per edition based on observed 2026 patterns: a new ISO 42001 certificate moves an axis from No to Yes, a deprecated tier moves a Yes to Partial, a new sector readiness publication adds a positive signal. The composite letter grade typically moves on roughly one in eight vendors per quarter. Stability is a feature — Index volatility would indicate the framework is measuring noise rather than posture.