PowerQuantEUSend your AI questionnaire

Why AI questions appear in due diligence

When EU-facing companies procure or invest in AI and SaaS services, they increasingly ask about compliance with Regulation (EU) 2024/1689 of the European Parliament and of the Council (the AI Act). The questions often arrive via standardised questionnaires such as the CAIQ (Consensus Assessments Initiative Questionnaire) and SIG (Standardized Information Gathering), or via investor due diligence ahead of funding rounds.

For a supplier, it is not just about answering, but about answering with sources – so that every claim can be traced to a concrete basis in the Regulation and in the organisation's own documentation. The AI Act is an EU regulation that applies directly in the Member States; no separate national implementing law is required.

Which AI Act questions buyers ask

Typical question areas that recur in AI and security questionnaires:

  • Role under the Regulation: Are you a provider or a deployer for the respective AI system? Note that Article 25 can reclassify a deployer as a provider.
  • Risk classification: Does any system fall under high risk per Annex III, or are you affected by the prohibitions in Article 5?
  • AI literacy: How do you meet Article 4 (in force since 2 February 2025)?
  • Transparency: How do you handle Article 50, which applies from 2 August 2026, for example for chatbots and AI-generated content?
  • High-risk obligations: If Annex III becomes relevant – how do you meet documentation, oversight and monitoring requirements (cf. Article 26)?
  • Timelines: How do you relate to the Annex III date of 2 August 2026 and the proposed postponement to 2 December 2027 (Digital Omnibus proposal, not yet in force)?

How to answer with sourced citations

A credible answer should, for each question, state:

  1. Legal basis – which article or annex the question concerns (e.g. Article 50, Annex III).
  2. Actual status – how your organisation actually stands in relation to the requirement.
  3. Evidence – where the documentation is held (e.g. AI inventory, instructions for use, policies).

Avoid vague wording. Writing that you are "fully compliant" without stating a basis and date is weak. It is better to be precise: Article 4 has been in force since 2 February 2025 and is met through documented training; Article 50 is being prepared for its entry into application on 2 August 2026. Be careful with timelines – 2 December 2027 must always be marked as a proposal (Digital Omnibus, not yet in force).

Why sourcing pays off

Buyers and investors value answers that can be verified. Incorrect information can also have consequences in other contexts: under Article 99, providing incorrect information to authorities can lead to fines of up to EUR 7.5 million or 1 % of global annual turnover. Even though a customer questionnaire is not a report to an authority, the habit of answering correctly and traceably is a good foundation for compliance overall.

For orientation on the wider penalty framework: breaches of the prohibited practices in Article 5 can lead to fines of up to EUR 35 million or 7 % of global annual turnover; most other infringements up to EUR 15 million or 3 %; and the supply of incorrect information up to EUR 7.5 million or 1 %.

How Module 2 Procurement Evidence Pack helps

PowerQuant's Module 2 (Procurement Evidence Pack / Leverantörsdokumentationspaket) is designed for exactly this situation: sourced answers to the AI part of customer and investor questionnaires, such as SIG and CAIQ. The pack links the answers to the relevant basis in Regulation (EU) 2024/1689 and to the organisation's own documentation.

The underlying material builds ideally on an AI inventory and an Article 4 register (PowerQuant's Module 1), so that role and risk classification are in place before the questionnaires are answered. Everything is delivered as documentation, not legal advice. Any SEK prices stated are preliminary.

Before procurement

  • Ensure you have a current AI inventory and can state your role (provider/deployer) per system.
  • Prepare standard answers with legal basis, actual status and evidence for recurring CAIQ/SIG questions.
  • Always mark 2 December 2027 as a Digital Omnibus proposal, not yet in force (adopted by the European Parliament on 16 June 2026, the Council awaiting publication in the Official Journal).
  • Keep the answers traceable and up to date as Article 50 (2 August 2026) approaches.
  • Consider a sourced documentation pack (cf. PowerQuant Module 2) to answer consistently.

This page is general information about the AI Act and does not constitute legal advice.