IPY-04Cloud-Specific

Data Portability Contractual Obligations

Specification

Agreements must include provisions specifying AICs access to data upon contract termination and will include: a. Data format b. Length of time the data will be stored c. Scope of the data retained and made available to the AICs d. Data deletion policy

Threat coverage

Model manipulation

Data poisoning

Sensitive data disclosure

Model theft

Model/Service Failure

Insecure supply chain

Insecure apps/plugins

Denial of Service

Loss of governance

Architectural relevance

Physical infrastructure

Network

Compute

Storage

Application

Data

Lifecycle

Preparation

Data storage

Development

Not applicable

Evaluation

Not applicable

Deployment

Not applicable

Delivery

Not applicable

Retirement

Data deletion

Ownership / SSRM

Owned by the Cloud Service Provider (CSP)

The Cloud Service Provider (CSP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with cloud computing (processing, storage, and networking) technologies in the context of the services or products they develop and offer. The CSP is responsible and accountable for implementing the control within its own infrastructure/environment. The CSP is responsible for enabling the customer and/or upstream partner to implement/configure the control within their risk management approach. The CSP is accountable for ensuring that its providers upstream implement the control related to the service/product developed and offered by the CSP.

Model

Owned by the Cloud Service Provider (CSP)

Orchestrated

Owned by the Orchestrated Service Provider (OSP)

The Orchestrated Service Provider (OSP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The OSP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the OSP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The OSP is accountable for ensuring that its providers upstream (e.g MPs) implement the control as it relates to the service/product the develop and offered by the OSP. This refers to entities that create the technical building blocks and management tools that enable AI implementation. This can include platforms, frameworks, and tools that facilitate the integration, deployment, and management of AI models within enterprise workflows. These providers focus on model orchestration and offer services like API access, automated scaling, prompt management, workflow automation, monitoring, and governance rather than end-user functionality or raw infrastructure. They help businesses implement AI in a structured and efficient manner. Examples: AWS, Azure, GCP, OpenAI, Anthropic, LangChain (for AI workflow orchestration), Anyscale (Ray for distributed AI workloads), Databricks (MLflow), IBM Watson Orchestrate, and developer platforms like Google AI Studio.

Application

Owned by the Application Provider (AP)

The Application Provider (AP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The AP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the AP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The AP is accountable for carrying out the due diligence on its upstream providers (e.g MPs, Orchestrated Services) to verify that they implement the control as it relates to the service/product develop and offered by the AP. These providers build and offer end-user applications that leverage generative AI models for specific tasks such as content creation, chatbots, code generation, and enterprise automation. These applications are often delivered as software-as-a-service (SaaS) solutions. These providers focus on user interfaces, application logic, domain-specific functionality, and overall user experience rather than underlying model development. Example: OpenAI (GPTs,Assistants), Zapier, CustomGPT, Microsoft Copilot (integrated into Office products), Jasper (AI-driven content generation), Notion AI (AI-enhanced productivity tools), Adobe Firefly (AI-generated media), and AI-powered customer service solutions like Amazon Rufus, as well as any organization that develops its AI-based application internally.

Implementation guidelines

[All Actors]
1. Standard Contractual Clauses: a) Develop clear clauses detailing data portability rights upon termination. b) Specify machine-readable data format(s). c) State data retention duration post-termination for retrieval. d) Define precise scope of retrievable data. e) Detail data deletion policy (timeline, method, confirmation).  

2. Internal Procedures: a) Establish documented procedures for data extraction, formatting, secure delivery per contract. b) Implement verifiable data deletion procedures (e.g., NIST SP 800-88 compliant).  

3. Compliance & Audit: a) Maintain records demonstrating compliance. b) Ensure relevant teams are aware of terms/procedures.

Auditing guidelines

1. Review the contractual agreements to ensure customers know their rights and obligations maintaining data security and availability during transitions.

2. Verify if data format specifications are specified in the contracts which ensure customers can transfer and seamless use data with portability.

3. Examine data deletion period which ensures customers can plan for data migration or deletion in line with regulations.

4. Verify there is an annual review in place to review data portability provisions.

Standards mappings

ISO 42001Partial Gap

42001: A.10.2 - Allocating responsibilities
42001: B.10.2 - Allocating responsibilities
42001: A.10.4  - customers
42001: B.10.4  - customers

Addendum

ISO 42001 does not speak to the IPY-04 topics of data access process upon termination within customer agreement.

EU AI ActPartial Gap

Article 11 (1)
Annex IV
Article 17 (1) (f)
Article 25 (4)
Article 50 (2)
Article 53 (1) (b)
Annex XII
Annex XI Section 1 (1) (e)
Annex XII (1) (g)

Addendum

Include article for general-purpose AI systems or general-purpose AI models with systemic risk.

NIST AI 600-1Partial Gap

GV-6.1-004
GV-6.2-007

Addendum

Contrarily to the AICM control that provides an increased level of detail, the NIST AI 600-1 establishes more general principles and requirements that may be interpreted as encompassing the aspects tackled in the control.

BSI AIC4Partial Gap

C4 DM-02
C4 PF-03
C5 PI-02

Addendum

No C4 control speaks to IPY0-04 topic of contractual agreements regarding data access and exiting for AIC.

AI-CAIQ questions (1)

IPY-04.1

Are agreements including provisions specifying AICs access to data upon contract termination, including: a. Data format b. Length of time the data will be stored c. Scope of the data retained and made available to the AICs d. Data deletion policy?