Module 8 – Responsible AI Design & Procurement
2025-10-01
Tip
👉 We’re buying capability under uncertainty. Our job is to make uncertainty tractable with evidence and enforceable obligations. 👈
You may already have a software procurement practice in place.
You have a Request for Information (RFI) or Request for Proposal (RFP) framework.
| Clause pattern (what to borrow) | What it does | Where to tune for your context |
|---|---|---|
| Documentation & transparency (tech dossier + Model/System Cards + Datasheets) | Forces concrete artifacts (intended use, limits, subgroup metrics, safety mitigations) | Specify formats you accept; require updates on each model/version change |
| Risk mgmt & post-market monitoring | Makes risk controls ongoing (not one-and-done) and mandates monitoring plans | Define review cadence; align to your governance (e.g., quarterly reviews) |
| Testing & audit rights | Grants sandbox, pre-award testing, periodic re-tests; obliges cooperation and log access | Add subgroup floors; require change-impact summaries after each update |
| Security & incidents | Aligns with recognized risks (e.g., OWASP LLM Top-10); sets incident notice windows | Name timelines (e.g., P1 ≤ 24h); require vuln disclosure & patch SLAs |
| Data & IP / training-use | Controls data lineage/licences; bans training on your data/outputs without consent | Add “no fine-tuning on our data” unless expressly approved |
| Performance & SLAs | Sets quality targets and error ceilings (incl. hallucination) | Include subgroup floors + latency/uptime; define acceptance tests |
| Change control & re-certification | Requires notice & re-assessment for major updates or provider swaps | Define what counts as “major” (e.g., base model change; Δperf > X%) |
| Subcontractors & supply-chain | Ensures flow-down of duties to subprocessors | Require list of subprocessors + approval rights |
| Exit & portability | Guarantees export of data/prompts/logs/fine-tunes; transition help | Add escrow or “functional equivalence” if escrow isn’t possible |
Tip
If you only do one thing, require a post-award monitoring plan + periodic evidence refresh—this is where most contracts fail.
We spoke a lot about ‘model cards’ (Mitchell et al. 2019) 👀.
Model details
| Field | Value |
|---|---|
| Owner | Demo Vendor Inc. |
| Model type | Multi-class classifier (routes citizen service tickets to 6 queues) |
| Version | 0.3 (2025-09-01) |
| Interface | REST API, batch CSV |
| Training data | Internal labeled tickets (2019–2024) + synthetic augmentation for rare classes |
| Evaluation data | Stratified 2024-Q4 holdout; sandbox supports customer shadow data |
Note
Assurance summary. Robustness checks; security tested against OWASP LLM Top 10; subgroup audits quarterly; change-control & rollback documented.
Intended use & users
Out-of-scope
Performance summary
| Metric | Value |
|---|---|
| Macro-F1 | 0.80 (±0.01) |
| Top-1 accuracy | 0.86 |
| Latency (P95) | 180 ms (CPU), 95 ms (GPU) |
| Uptime (90d) | 99.9% |
Subgroup F1 (2024-Q4 holdout; floors ≥ 0.78)
| Subgroup | F1 |
|---|---|
| General | 0.84 |
| Newcomers | 0.78 |
| Rural | 0.80 |
| Seniors | 0.76 |
| Accessibility | 0.79 |
Calibration (holdout)
ECE ≈ 0.02; isotonic calibration applied post fine-tune.
Evaluation data & methods
| Area | Notes |
|---|---|
| Holdout split | Stratified by queue & time (last quarter); dual-review labels (κ = 0.87). |
| Fairness eval | Subgroup metrics where available: newcomer status, region (urban/rural), age band, accessibility needs. |
| Robustness eval | Adversarial typos; injection strings in free text; out-of-domain class names. |
| Security tests | OWASP LLM Top-10 threat model; no tool-use plugins in production. |
Limitations
Ethical considerations & mitigations
| Risk | Potential harm | Mitigation | Residual |
|---|---|---|---|
| Misrouting urgent tickets | Delays | Urgency gate; human review | Low |
| Subgroup performance gaps | Unequal wait times | Floors + quarterly audits; targeted fine-tunes | Medium |
| Data leakage | Privacy breach | Pseudonymization; logging redaction; DLP rules | Low |
| Prompt injection | Tool abuse | No tools; filters; canary strings | Low |
Monitoring & update policy
Versioning
| Version | Notes |
|---|---|
| v0.3 | Added calibration; improved rural F1 0.76 → 0.80 |
| v0.2 | Expanded training data; added urgency gate |
| v0.1 | Initial internal release |
Licensing & contact
Demo content © 2025 Demo Vendor Inc. Classroom use only.
Contact: ai-procurement@example.org
Procurement evidence checklist (request these)
Tip
Translate answers into measurable obligations and acceptance criteria. Put these into your contract/agreements.
Task (20–30 min): Draft a \(\leq\) 1‑page checklist your organization (or a fictional organization you devise) will apply before and during any AI purchase.
Include:
- Purpose & risk (use case, harm analysis, oversight)
- Evidence pack (docs at RFP)
- Security & robustness (OWASP LLM checks, red‑team, patch cadence)
- Fairness & performance (metrics & cadence)
- Contract must‑haves (data/IP, audit, SLAs, change control, incidents, exit)
- Lifecycle (monitoring schedule, owners, review gates)
✍️ Deliverable: email me (or upload to Teams) your checklist
Next module: Building an ethical AI culture