04Procurement Library
Twelve clauses that change who owns the system you’re buying.
Copy-paste-ready contract language for AI and modernization procurements. Each clause names the bad outcome it prevents, the artifact it produces, and the words to put in the SOW. Have counsel review before incorporating. Use freely.
Continuity of service
- 01Continuity of service
No flag-day cutover
Why this matters. Modernization failures with public visibility almost always involved a flag-day cutover. Feature-flagged deployments make every change reversible and every divergence visible before it harms a claimant.
Without it. The Vendor proposes a launch date. On that date, all traffic is moved at once. The first failures are discovered by claimants in adverse-action status.
- 02Continuity of service
Traffic-shadowed parity testing
Why this matters. The only honest answer to 'is the new system correct?' is to run it in parallel against the legacy system and reconcile every divergence. Vendors who promise correctness without shadow-mode traffic have not, in fact, tested correctness.
Without it. Parity is measured on a curated test set, not real traffic. The first time the new system sees the actual claimant population is in production.
Decision provenance
- 03Decision provenance
Per-decision provenance
Why this matters. The audit-trail problem is the single most common reason promising government AI deployments are quietly retired. A model that cannot show its work cannot survive an OIG review.
Without it. The System produces decisions. Asked six months later why a specific decision was made, no one can answer.
- 04Decision provenance
Versioned policy storage
Why this matters. Most agencies have current policy. Almost none have versioned policy. The decision a model made in March was bound by the policy in force in March, not the policy that exists today.
Without it. When a six-month-old decision is challenged, the policy text bound to that decision cannot be retrieved. The challenge succeeds.
Model & data ownership
- 05Model & data ownership
Model artifact delivery to the Agency
Why this matters. If the vendor walks away with the trained model, you bought a service. If you walk away with the model, you bought capability. The difference is the difference between vendor lock-in and an asset.
Without it. At contract end, the Vendor offboards. The trained models leave with them. The Agency must contract for fresh training to obtain equivalent capability.
- 06Model & data ownership
Training-data lineage
Why this matters. A model with unknown training data lineage is a legal exposure. Models trained partly on protected-class data without a documented chain cannot be defended on civil-rights review.
Without it. The Vendor cannot answer: what data trained this model? Counsel cannot answer: was that lawful? OIG cannot answer either.
- 07Model & data ownership
Evaluation suite delivery
Why this matters. The agency that cannot re-run the evaluation suite is the agency that cannot decide when a model is good enough. Decisioning capability requires evaluation capability.
Without it. The Vendor reports the evaluation results. The Agency cannot verify them, cannot re-run them on new data, and cannot run them on the next vendor's model.
Operational accountability
- 08Operational accountability
Agency-triggered re-evaluation cadence
Why this matters. The party that decides when to re-evaluate the model is the party that operates the model. Cadence triggered by the vendor is cadence absent.
Without it. Re-evaluation happens when the Vendor finds it convenient. Drift accumulates between evaluations. Adversarial submissions exploit the gap.
- 09Operational accountability
Minimum-practice runbooks with on-call accountability
Why this matters. An AI minimum practice without a named on-call, a detector, an SLA, and a notification path is a wish. The OMB AI memos imply runbooks; the contract has to require them.
Without it. When the model drifts, no one is paged. When the model degrades, no one is responsible. When affected individuals deserve notice, no one sends it.
Notice & redress
- 10Notice & redress
Counsel-reviewed adverse-action notices
Why this matters. An AI-influenced adverse action without a notice that names the influence, and without a path to human review, is a due-process challenge waiting to be filed.
Without it. Adverse-action notices reference the system in generic terms. The first FOIA challenge surfaces the inadequacy. Decisions are vacated en masse.
- 11Notice & redress
Human-in-the-loop escalation thresholds
Why this matters. Calibration thresholds are how an agency operationalizes the difference between 'the model is confident' and 'a person should look at this.' Without contracted thresholds, the system silently shifts toward more automation over time.
Without it. The model's confidence threshold drifts upward as the team optimizes throughput. Cases that should have gone to a human are auto-determined.
Audit & oversight
- 12Audit & oversight
Agency and IG audit rights
Why this matters. Audit rights that are negotiated mid-incident are audit rights that don't exist. The right to look at any layer of the system, at any time, must be in the contract.
Without it. The OIG requests access to the model and the audit log. The Vendor's response begins 'pursuant to Section…'. Six weeks pass.
A note on what this is and isn’t
These clauses are not legal advice. They are a starting point that has been sharpened on engagements and aligned with the OMB AI memo guidance for federal civilian agencies. Have counsel review before incorporating into a solicitation, SOW, or contract.
Use them freely. Cite Vardr Partners if you find them useful. If you bring them to a vendor and the vendor objects, we’d like to hear about it — that information shapes our future versions of this library.
Want our help drafting a full RFP or solicitation using these?
We work with procurement offices on full solicitation drafting and vendor-proposal critique. NDA on file before discovery.