Enterprise AI RFP template: 60-question vendor scoring.
Most enterprises run an AI RFP built from a 2019 SaaS template, miss the AI-specific risks, and negotiate from a shortlist that should never have cleared stage one. This note is the 60-question template our advisors use on AI procurement decisions in the $250K–$10M range: nine weighted domains, calibrated against 180 deployments, designed to eliminate three vendors before pricing.
A disciplined AI RFP does its work before pricing. Sixty questions across nine weighted domains eliminate three vendors on data, indemnity and exit failures no proof-of-concept exposes — and tighten the two finalists by 18–32% in negotiated outcome. Capability is the easy part; the risk that predicts post-deployment regret sits in the contract, not the demo.
01 Key findings
Capability is the weakest predictor of regret. Capability gaps are obvious in proof-of-concept and commoditise within months; it carries only 15% weight. The risks that decide outcomes are invisible in a demo.
Data and security is the single highest-weighted domain. At 20%, it is the strongest predictor of legal hold. Remediation requires a master-agreement reopener that vendors rarely grant, so failures here are eliminating.
Exit is the second most likely event after renewal. Across 180 deployments, 38% renegotiated their primary vendor inside 18 months and 14% switched. Skipping Domain 9 because exit "feels hypothetical" is the most common and most expensive shortcut.
Indemnity gaps are almost never fixed post-signature. An uncapped output-IP indemnity is a signature-stage lever; after signing it is a concession the vendor has no reason to give.
Weighting beats intuition. Fixed domain weights calibrated against post-deployment outcomes stop a slick capability demo from carrying a vendor past a data or exit failure that should have ended the evaluation.
02 The scoring model
Each domain carries a fixed weight. Vendors score 0–4 on each question (0 missing, 1 partial, 2 acceptable, 3 strong, 4 best in class). Weights are calibrated against post-deployment outcomes across 180 enterprise AI deployments tracked between 2023 and early 2026. Use the template for any AI procurement above $100K in annual fees, or any workload touching customer data, employee data, or regulated content.
| Domain | Questions | Weight | Why it carries that weight |
|---|---|---|---|
| 1. Model capability | 8 | 15% | Obvious in proof-of-concept; moderate weight because capability commoditises quickly |
| 2. Data & security | 10 | 20% | Highest predictor of legal hold; eliminating on failure |
| 3. Commercial model | 6 | 15% | Pricing structure determines exit cost and lock-in risk |
| 4. Integration | 6 | 10% | Integration friction predicts deployment delay |
| 5. Governance & observability | 6 | 10% | Required for EU AI Act compliance and regulated workloads |
| 6. Indemnity & IP | 5 | 10% | Indemnity gap is rarely fixed post-signature |
| 7. Support & SLA | 5 | 5% | Varies less across vendors than buyers expect |
| 8. Roadmap & viability | 6 | 10% | Vendor longevity matters for multi-year commitments |
| 9. Exit & portability | 8 | 5% | Low weight, but failure is catastrophic — hence binary scoring |
Zero-to-four scale
Every question is scored 0 (missing) to 4 (best in class). Force a numeric answer on each — "acceptable" without evidence scores 2, not 3.
Fixed domain weights
Weights are set before the RFP opens and calibrated on 180 tracked deployments. They are not adjusted to fit a preferred vendor mid-evaluation.
Elimination gates
Any vendor below acceptable on three or more Domain 2 questions, or scoring zero on three or more Domain 9 questions, is eliminated regardless of total.
Pass threshold
Below 60% weighted total is eliminated. Two finalists within 10% of each other advance to the commercial negotiation phase.
03 Model capability
8 questions · weight 15%. Screens raw model fitness — the part most buyers over-index on. A strong answer is specific, dated and version-pinned; vagueness or "contact us" scores low.
| Ref | Question | What a best-in-class answer looks like |
|---|---|---|
| 1.1 | List every model available under the proposed contract, including name, version, parameter count, context window, modalities, and supported languages. | A complete, named inventory with versions — no "family" hand-waving or gated list. |
| 1.2 | Provide benchmark results on MMLU, HumanEval, GSM8K, MMLU-Pro, GPQA, and any domain-specific benchmark, with the date and model version tested. | Recent, independently verifiable scores tied to a named version and date, plus a workload-relevant benchmark. |
| 1.3 | State latency at p50, p95 and p99 for a 500-token completion at 0.7 temperature on your largest model, measured in the past 30 days. | Real measured percentiles from the last 30 days — not a marketing "typical" figure. |
| 1.4 | What is the maximum context window in tokens, and how does pricing scale across it? | Stated ceiling with a disclosed, predictable pricing curve across the window. |
| 1.5 | What languages are supported beyond English, and what is the demonstrated quality gap on standard benchmarks? | Named languages with quantified, benchmarked quality deltas rather than a marketing list. |
| 1.6 | Describe safety-classifier behaviour, false-positive rate on standard enterprise content, and ability to configure or disable classifiers. | Disclosed false-positive rate and customer-configurable (or disable-able) classifiers. |
| 1.7 | What fine-tuning, adapter or instruction-tuning options exist, and how is fine-tuned output indemnified differently from base output? | Clear tuning options with the indemnity differential stated up front, not buried. |
| 1.8 | What multimodal capabilities are included (vision, audio in/out, code execution, computer use), and what does each cost? | Itemised capabilities with separate, transparent per-modality pricing. |
04 Data & security
10 questions · weight 20% — the heaviest domain. Three or more below-acceptable answers here eliminate the vendor regardless of total score, because remediation needs a master-agreement reopener that is rarely granted.
| Ref | Question | What a best-in-class answer looks like |
|---|---|---|
| 2.1 | In which geographic regions is customer prompt and completion data processed and stored under the proposed agreement? | Named regions the customer can pin contractually, with no silent overflow. |
| 2.2 | Are prompt logs, completion logs, abuse-monitoring data and human-reviewed safety samples processed in the same region as inference? | All ancillary processing stays in-region, or any exception is disclosed and controllable. |
| 2.3 | Provide the precise contract language stating whether the vendor trains or fine-tunes on customer content. | Verbatim, unconditional no-training clause — not a policy page or a toggle. |
| 2.4 | What logging is retained for human review, by whom, for how long, and under what circumstances is a log read by a human? | Minimal retention, named reviewer roles, narrow triggers, and an opt-out. |
| 2.5 | Provide your SOC 2 Type II, ISO 27001, ISO 42001 and any sector attestations (HITRUST, FedRAMP, IRAP, C5). | Current reports supplied on request, including ISO 42001 and relevant sector attestations. |
| 2.6 | Confirm customer-managed encryption keys (CMK) for content at rest and customer-controlled encryption in transit. | CMK at rest and controlled in transit, both confirmed contractually. |
| 2.7 | Describe the data-deletion process: how long after termination is data permanently deleted, and what attestation is provided? | A bounded window (e.g. 30 days) with a written deletion attestation. |
| 2.8 | What is the data-breach notification timeline, and the contractual remedy if it is missed? | A firm notice window (e.g. 72 hours) with a defined remedy for failure. |
| 2.9 | Provide audit rights: direct audit, third-party audit, vendor-supplied SOC 2 only, or none. | A direct or third-party audit right — not SOC 2 report review alone. |
| 2.10 | Does the customer have a contractual right to remain on a specified model version for a stated minimum period? | An explicit version-pinning right for a defined minimum term. |
05 Commercial model
6 questions · weight 15%. Pricing structure — not headline rate — determines exit cost and lock-in. Push for full transparency across every token type and a worked example.
| Ref | Question | What a best-in-class answer looks like |
|---|---|---|
| 3.1 | Provide per-input-token, per-output-token, per-cached-input, per-batch-input and per-image-input prices for every model offered. | A complete price grid across all token types and models — nothing "on application". |
| 3.2 | What is the lowest unit-price tier at our committed annual volume, and the trigger volume for the next tier? | The committed-volume floor price plus the exact next-tier threshold. |
| 3.3 | What capacity-reservation or provisioned-throughput options exist, what is the term, and the differential versus on-demand? | Clear reservation terms with a quantified discount against on-demand. |
| 3.4 | Describe the volume true-up and true-down mechanism, and the renewal price-increase cap. | A symmetric true-up/true-down and a stated renewal cap. |
| 3.5 | Provide an example invoice for our projected first-month volume, broken down by model and token type. | A worked sample invoice, itemised by model and token type. |
| 3.6 | What contract term options are offered (1, 2, 3, 5 years), and how does the discount tier escalate by term? | Named term options with a transparent discount-by-term schedule. |
06 Integration
6 questions · weight 10%. Integration friction is the leading predictor of deployment delay. Look for breadth of patterns, identity support, and documented operational behaviour.
| Ref | Question | What a best-in-class answer looks like |
|---|---|---|
| 4.1 | List supported integration patterns: REST API, SDKs by language (Python, Node, Java, Go, .NET), Kafka/event-stream connectors, JDBC drivers, RAG framework support. | Broad, first-party SDK and connector coverage including RAG frameworks. |
| 4.2 | What is the SLA on latency for streaming completions versus full completions? | Distinct, stated latency SLAs for streaming and full completions. |
| 4.3 | Confirm support for our identity provider (Okta, Entra ID, Ping) for end-user SSO into any vendor UI. | Confirmed SSO against our named IdP for all vendor-supplied UI. |
| 4.4 | Describe rate-limit headers, retry semantics, and overage behaviour when limits are hit. | Documented headers, predictable retry semantics, and graceful overage handling. |
| 4.5 | What developer tooling is included (evaluation framework, prompt registry, observability traces, dashboards)? | A real tooling suite — eval harness, prompt registry and traces, not just docs. |
| 4.6 | Provide reference architecture documents for the three most common enterprise deployment patterns you support. | Concrete reference architectures supplied, not promised. |
07 Governance & observability
6 questions · weight 10%. Required for EU AI Act compliance and any regulated workload. Weak governance answers signal a vendor built for developers, not enterprises.
| Ref | Question | What a best-in-class answer looks like |
|---|---|---|
| 5.1 | What documentation supports our EU AI Act Article 26 deployer obligations and AI Act compliance programme? | Purpose-built Article 26 deployer documentation, not generic policy pages. |
| 5.2 | Provide the model or system card for each model: training-data summary, intended use, known limitations, evaluation results. | A current card per model, covering data, limits and evaluations. |
| 5.3 | Describe observability: prompt-logging dashboard, evaluation harness, drift detection, anomaly alerting. | Native observability across logging, evaluation, drift and alerting. |
| 5.4 | What policy controls are customer-configurable (content categories, output filters, allowlists, denylists)? | Granular, customer-owned policy controls — not vendor-only defaults. |
| 5.5 | Describe red-team testing performed before model release, and summarise recent findings. | A structured red-team programme with a shareable findings summary. |
| 5.6 | Confirm a contractual obligation to notify us of material changes to safety classifiers, model behaviour or alignment tuning. | A binding change-notification clause covering behaviour and alignment shifts. |
08 Indemnity & IP
5 questions · weight 10%. The indemnity gap is almost never fixed after signature, so it is a signature-stage lever. Read the exact language and every carve-out.
| Ref | Question | What a best-in-class answer looks like |
|---|---|---|
| 6.1 | Provide the precise indemnity language for third-party IP claims arising from outputs. | Verbatim output-IP indemnity, offered without prompting. |
| 6.2 | What is the indemnity cap (uncapped, multiple of annual fees, or excluded)? | Uncapped, or at least a high multiple of annual fees. |
| 6.3 | List every carve-out from the indemnity (customer fine-tuning, bypassed safety controls, off-policy prompts). | A short, clearly enumerated carve-out list with no catch-all exclusions. |
| 6.4 | Describe defence rights: vendor controls defence, customer controls, or shared. | Vendor-controlled defence with cooperation, or a defined shared model. |
| 6.5 | Provide examples of indemnity claims you have honoured in the past 24 months. | Evidence of claims actually honoured — not just a clause on paper. |
09 Support & SLA
5 questions · weight 5%. SLA varies less across vendors than buyers expect, so weight is low — but named support at your spend tier and honest incident history still separate the field.
| Ref | Question | What a best-in-class answer looks like |
|---|---|---|
| 7.1 | Provide the SLA matrix: severity 1/2/3 response times, restoration times, and service credits. | A full severity matrix with meaningful, enforceable service credits. |
| 7.2 | What is the named technical account manager allocation at our spend tier? | A named TAM committed at our tier, not a shared queue. |
| 7.3 | What is the response time for security-incident reports? | A short, contractual security-incident response window. |
| 7.4 | Describe the escalation path from technical support to product engineering for unresolved incidents. | A documented, time-bound path into engineering. |
| 7.5 | Provide the past 12 months of incident reports and post-incident reviews for outages over 30 minutes. | Candid 12-month incident and PIR history supplied in full. |
10 Roadmap & viability
6 questions · weight 10%. Vendor longevity matters for any multi-year commitment. Probe financials, deprecation policy and change-of-control, not just the roadmap slide.
| Ref | Question | What a best-in-class answer looks like |
|---|---|---|
| 8.1 | Provide your published 12-month roadmap and any backwards-compatibility commitments for current models. | A dated roadmap with explicit back-compat guarantees. |
| 8.2 | Confirm financial viability: recent audited statements, current funding runway, major investors. | Audited financials or a credible runway and investor picture. |
| 8.3 | Describe the deprecation policy: minimum notice for model retirement and migration support. | A generous notice period with hands-on migration support. |
| 8.4 | What is the change-of-control clause in your master agreement? | A disclosed clause that protects the customer on acquisition. |
| 8.5 | Confirm continuity of service if a major investor changes or a competitor acquires you. | Contractual continuity commitments through ownership change. |
| 8.6 | List the three most significant product or commercial changes in the past 24 months that materially affected enterprise customers. | A candid, specific list — evasiveness here is itself a signal. |
11 Exit & portability
8 questions · weight 5%, scored binary. Low weight, but failure is catastrophic — a vendor scoring zero on three or more here is eliminated regardless of total. Exit is the second most likely event after renewal.
| Ref | Question | What a best-in-class answer looks like |
|---|---|---|
| 9.1 | Confirm a contractual right to export all prompts, completions, fine-tuning and evaluation data within 30 days of termination, in a documented format. | A 30-day full-export right in an open, documented format. |
| 9.2 | Confirm fine-tuned model weights are exportable by the customer. | Yes — customer can take the fine-tuned weights. |
| 9.3 | Confirm prompt library and versioning data are exportable in a vendor-neutral format. | Yes — portable, vendor-neutral prompt and version export. |
| 9.4 | Describe the data-destruction attestation issued after exit. | A written destruction attestation on completion. |
| 9.5 | Confirm no early-termination penalty beyond unconsumed reserved capacity. | No exit penalty except genuinely unconsumed committed capacity. |
| 9.6 | Provide an example exit plan you have executed for a customer in the past 12 months. | A real, executed exit-plan example — not a template. |
| 9.7 | Confirm the customer retains ownership of all fine-tuning data and derived embeddings. | Unambiguous customer ownership of tuning data and embeddings. |
| 9.8 | Confirm API contracts are documented well enough that re-implementation against another vendor is feasible. | API shapes documented to a re-implementable standard. |
12 Scoring pitfalls
The scoring model fails in predictable ways. Two traps account for most bad AI vendor selections.
The shortcut most procurement teams take is skipping Domain 9 because exit feels like a hypothetical. Across 180 deployments, 38% of buyers renegotiated their primary AI vendor inside the first 18 months and 14% switched primary vendor. Exit and portability are not hypothetical — they are the second most likely event after renewal, which is why Domain 9 is scored binary and gated.
Capability commoditises; contracts don't. A vendor that dazzles in proof-of-concept can still fail on data residency, indemnity or exit — the domains no demo exposes. Hold the fixed weights and honour the elimination gates: any vendor below 60% total, or failing the Domain 2 or Domain 9 gates, is out regardless of how good the model looked.
13 Our recommendation
Score all 60 questions before you open commercials. The RFP eliminates three vendors on data, indemnity and exit failures a pricing conversation would never surface.
Below 60% total is out. Three below-acceptable Domain 2 answers, or three zeros in Domain 9, eliminate regardless of total — because remediation needs a reopener vendors rarely grant.
Take two finalists within 10% of each other into commercial negotiation. Concurrent tension between them is worth 18–32% of negotiated improvement.
Run a defensible AI RFP
Our advisors build, run and score the 60-question RFP and deliver a defensible vendor recommendation in 21 days, backed by 180 prior evaluations.
The Licensing Edge
Weekly AI and licensing intelligence for enterprise IT leaders. 3,000+ subscribers.