The AI-CAIQ: what it is, why your buyer just sent you one, and how to answer it
In October 2025 the Cloud Security Alliance published the AI-CAIQ — the AI extension of the CAIQ (Consensus Assessments Initiative Questionnaire), the self-assessment that enterprise security teams have used for a decade to vet cloud vendors. If your product "uses AI" anywhere in its marketing, expect the AI-CAIQ, or questions copied from it, in your next vendor assessment.
The questionnaire itself is free to download from the CSA (cloudsecurityalliance.org — AI-CAIQ). What's not free is knowing how to answer it when you're a 10–50 person company with no compliance team.
What buyers actually look for in AI-CAIQ responses
Across AI-CAIQ, SIG 2026 and custom buyer questionnaires, the recurring asks are remarkably consistent:
- An AI systems inventory — every AI capability in your product: model, provider, version, purpose.
- Model provenance — OpenAI / Anthropic / Google / self-hosted, and whether you fine-tune.
- AI subprocessors — is your model provider on your public subprocessor list?
- Data flows to models — exactly what customer data reaches the model API, in which region.
- Training question — is customer data used to train or fine-tune any model? (See the trap below.)
- Output controls — human review, labelling of AI-generated content, logging.
- Documented evidence — buyers increasingly want ~90 days of documented operation of these controls, not just policy statements.
The training-data trap
Do not answer "customer data is never used for training" by reflex. The correct answer cites two layers: (1) your own practice (you don't train or fine-tune), and (2) your model provider's data processing agreement. Enterprise APIs from major providers do not train on API inputs by default — but verify the current version of the DPA you actually signed before asserting it in writing. A response that cites the specific agreement survives due diligence; a bare "never" invites the follow-up that stalls your deal.
How a small vendor answers well — the method
- Build the inventory first. Half the questionnaire derives from it. One page: capabilities, models, providers, data, regions, oversight, logging. (This is why we include a One-page AI Inventory in every engagement — buyers ask for it next anyway.)
- Answer from documents, not from memory. Every claim about your company should trace to something written — a DPA, a policy, a screenshot of the disclosure label. If it isn't written down, it's a gap, not an answer.
- State gaps with the procurement-tested formula: current state + compensating control + "in progress" + a target only if it's real. Buyers accept honest gaps with a plan; they punish vague yeses discovered later.
- Cite the law precisely where relevant — e.g. transparency obligations under Regulation (EU) 2024/1689, Art. 50, applicable from 2 August 2026 (not postponed by the Digital Omnibus). Precision here is what separates a credible vendor from one that pasted ChatGPT output. See our Article 50 guide for the provider-vs-deployer distinction that most responses get wrong.
What not to do
- Don't claim certifications you don't hold (ISO 42001, SOC 2). "Not currently certified; our AI governance covers inventory, transparency and human oversight; we evaluate certification as customer demand requires" is honest and acceptable.
- Don't promise dates your leadership hasn't approved.
- Don't answer legal-classification questions by guessing — flag them for counsel explicitly. One flagged question looks diligent; ten wrong ones look negligent.
- Cloud Security Alliance, AI-CAIQ (published 16 October 2025)
- Regulation (EU) 2024/1689 (EU AI Act), Art. 50, Art. 113
- Shared Assessments, SIG 2026 (AI risk domain)