The IAIL Standard
AI arrived in your contracts.
The governance didn't.
Every enterprise vendor relationship now creates AI liability — including vendors you did not procure as AI vendors. The IAIL Standard finds it, measures it, and makes it governable across the full lifecycle.
The Problem
The gap nobody closed
Before you signed
Procurement moves slower than AI. By the time legal finishes vetting, the technology has moved, the business has started using it, and the contract reflects neither. You inherited the liability at signature.
After you signed
Your CRM, your HR platform, your document management system — they all added AI features. No new contract. No updated DPA. No governance event. The products changed. The contracts didn’t.
After it ended
Standard deletion certificates cover what the contract called data. They don’t cover embeddings, fine-tuning artefacts, or what the model memorised. Some of that liability is permanent. Most enterprises assume it isn’t.
Under GDPR, India’s DPDP Act, and the EU AI Act, this exposure attaches to the enterprise. It does not transfer to the vendor. That is not a policy position. It is how the regulation works.
The IAIL Standard
One standard. Four moments. Nothing ungoverned.
The complete standard for enterprise AI liability. Each product addresses a different moment in the vendor relationship lifecycle.
01
IAIL Signal
Before you sign
What will you carry if you sign this? Pre-contract intelligence and a redline pack so procurement can move fast without inheriting the liability that comes with moving blind.
Learn more02
IAIL Assurance
After you’ve signed
What are you already carrying? Independent assessment across nine dimensions. Seven Stop Conditions. Seven output documents. Evidence-based. Clause-level.
Learn more03
IAIL Monitor
While it’s running
Is your assessed position still current? Continuous surveillance of the conditions that could change what your last assessment found. Position decay tracked in real time.
Learn more04
IAIL Exit
When it ends
What are you still carrying after termination? Deletion verification against nine persistence categories. An Inability-to-Cure Register for what can’t be deleted.
Learn moreThe Regulatory Environment
The regulatory environment is not waiting
India — DPDP Act 2023
Staged commencement from November 2025. Data Fiduciary accountability attaches to the enterprise, not the vendor. Every AI vendor relationship involving personal data of Indian data principals is a Data Fiduciary obligation.
Europe — GDPR & EU AI Act
GDPR processor obligations attach to every AI vendor relationship involving personal data. EU AI Act deployer obligations apply to enterprises using high-risk AI vendor products regardless of who built the system. Prohibited practices provisions in force since February 2025.
The accountability dimension
When a regulator investigates, it traces decisions to individuals. The GC who signed. The DPO who filed the record. Documented governance decisions are their evidence. The absence of documentation is not a neutral position.
Independence
The assessment most valuable to the enterprise is the one no advisory firm with a vendor relationship can produce.
The structural problem
Major advisory firms maintain commercial relationships with the AI vendors their enterprise clients are assessing. That relationship constrains the findings they can produce. This is not about individual integrity. It is about incentive architecture. A firm that earns revenue from a vendor is not well-positioned to publish findings that the vendor’s standard contract terms are structurally inadequate.
How IAIL is different
Discovery AI Limited maintains no commercial relationship with any vendor assessed under the IAIL Standard. No revenue from vendors. No partnerships. No referral fees. Every engagement is enterprise-funded exclusively. The methodology is published. Every version is permanently archived. Findings trace to named, dated source documents — not to professional judgement.
Who This Is For
Wherever you sit, the exposure is yours to govern
General Counsel
Clause-level gaps. Indemnity asymmetry. Contract redlines ready to use.
ViewChief Risk Officer
Residual risk taxonomy. Insurance alignment. Balance-sheet language for every finding.
ViewData Protection Officer
Regulatory exposure matrix. Jurisdiction by jurisdiction. What you can’t currently demonstrate.
ViewChief Procurement Officer
Pre-contract intelligence. Negotiation leverage. Speed without exposure.
ViewAudit Committee
Documented decisions. Named approvers. Residual Risk Acceptance Register.
ViewBoard
12-page Board Report. Stop Condition verdicts. Accountability map. Immediate actions.
ViewPrecedent
This has happened before. It took fifteen years to resolve.
In the 1990s, commercial insurance policies covered physical loss. They didn’t mention cyber risk because no one had thought to name it yet. When cyber incidents produced claims, those claims fell into existing policies through silence. The insurance industry spent fifteen years resolving what it named Silent Cyber.
Enterprise AI vendor contracts are following the same pattern on a compressed timeline. They were written for software relationships. AI liability falls into them through silence. The deletion clause that doesn’t mention embeddings. The liability cap drafted before AI outputs were a category of vendor output.
Silent Cyber took fifteen years to identify, price, and manage. AI contract liability is in year two or three. The enterprises that identify their exposure now will spend orders of magnitude less than those that discover it through enforcement.
Getting Started
The contracts are already signed. The question is whether they’ve been measured.
Briefing
45 minutes. No obligation. Covers your current AI vendor portfolio, where exposure is most likely concentrated, and what a scoped engagement would examine.
Entry engagement
Single vendor. All nine dimensions. All seven output documents. Two weeks. Below standard procurement threshold. Creates the first documented AI liability evidence record.
Full programme
Portfolio assessment, Monitor retention, and Signal for every new vendor relationship. Complete lifecycle governance infrastructure.
Resources
Published. Public. Permanently archived.
Standard Contract Schedule
Annex B. 13 mandatory clause families. Reusable by General Counsel.
DownloadNext Step
Request a briefing
45 minutes. No obligation. We walk through your vendor portfolio and where your exposure is most likely sitting.