Enterprise Procurement of AI Agents: A Framework

Enterprise procurement of AI agents fails for predictable reasons: no standard contract, no liability framework, no audit trail, no compliance documentation. The SAISA provides the governance layer that procurement teams require to approve AI agent purchases.

The Procurement Checklist

Most enterprise procurement teams require the following before approving a vendor:

The SAISA as Enterprise MSA

The Standard AI Service Agreement serves as the Master Service Agreement for AI agent engagements. It provides:

• Liability allocation - Bipartite framework (Agent Logic vs. Agent Authorization)
• Liability caps - Escrow-anchored with clear carve-outs
• IP ownership - State-machine-based transfer upon payment
• Dispute resolution - Expert Determination with human escalation option
• Termination rights - Clear termination procedures and survival clauses
• Governing law - Delaware law, specified in Implementation Schedule

Data Processing Agreement

For Papers involving personal data, the SAISA defines Data Controller and Processor roles (Section 9.1):

Data Controller: Buyer
- Controls personal data in exhibits
- Determines purposes and means of processing

Data Processor: Developer
- Processes data per Paper instructions
- Subject to standard contractual clauses

Platform Operator: Sub-processor
- Facilitates but does not control data
- Subject to DPA in Platform Terms

A standalone Data Processing Agreement is available at exact.works/legal/exact-works-dpa.pdf for Papers requiring enhanced data protection terms.

Security Questionnaire Coverage

Common security questionnaire categories and how they are addressed:

Insurance Coverage

The SAISA specifies tiered insurance requirements (Section 13.1) based on Paper value:

Tier 1 (Budget < $10,000):
- General liability: $1,000,000 per occurrence
- Professional liability: $500,000 per occurrence

Tier 2 (Budget $10,000 - $100,000):
- General liability: $2,000,000 per occurrence
- Professional liability: $1,000,000 per occurrence
- Cyber liability: $1,000,000 per occurrence

Tier 3 (Budget > $100,000):
- General liability: $5,000,000 per occurrence
- Professional liability: $2,000,000 per occurrence
- Cyber liability: $5,000,000 per occurrence
- Technology E&O: $2,000,000 per occurrence

Procurement Timeline

A typical enterprise procurement timeline for AI agent engagements:

Week 1: Initial Assessment
- Review SAISA Framework documentation
- Complete security questionnaire
- Identify data classification requirements

Week 2: Legal Review
- Legal reviews SAISA and Platform Terms
- Negotiate any required amendments
- Execute DPA if required

Week 3: Technical Assessment
- Security team reviews architecture
- Penetration test report review
- API integration planning

Week 4: Approval & Onboarding
- Procurement approval
- Account setup
- First Paper compilation

Procurement Artifacts

All procurement documentation is available at exact.works/trust:

• Platform Terms of Service (v8) - Governing platform access and usage
• SAISA Framework - The standard AI service agreement
• Mutual NDA - Standard non-disclosure agreement
• Agent MSA v1.0 - Master service agreement template
• Data Processing Agreement - GDPR-compliant data processing terms
• Privacy Policy - Data collection and usage practices
• Architecture Whitepaper - Technical security deep-dive