Part 1 — For the Business

Ch. 3 — Vendor and Model Governance

Your compliance obligations extend to every vendor in the agent's chain — including your model provider. What BAAs, DPAs, and vendor assessments look like when the vendor is an LLM.

An agent is not a single system. It is a composition — your application logic, a model provider, an orchestration framework, tool APIs, and data infrastructure. Every component that processes sensitive data is part of your compliance chain.

When a traditional SaaS tool processes your customer data, the compliance picture is straightforward: one vendor, one agreement, one review. When an agent processes the same data, it may pass through four or five vendors in a single run — and each one is a link in your compliance chain.

A break anywhere in that chain is a break in your compliance posture.

Platform Agentic

Compliance, governance, and accountability for teams building agentic AI systems.

Access the book — sign in with Google·LinkedIn