Jun 27, 2024 | innovation

Raghu Ramanathan, president, Legal Professionals, Thomson Reuters, and David Wong, chief product officer, Thomson Reuters, shared their insights on evaluating AI vendors during a webinar with Morgan Lewis partner Rahul Kapoor and associate Shokoh Yaghoubi.

They offered advice on evaluating a vendor’s technology expertise, support services, and transparency. Also, they shared how firms and organizations can mitigate the risks posed by acquiring a vendor’s AI services while maximizing their investment in AI. Below are highlights from their conversation.

Keys to choosing AI vendors

To start the process of assessing potential AI vendors, Yaghoubi emphasized the importance of reviewing their experience and expertise “to allow your business to make informed decisions about whether to engage the vendor.”

Wong said that in addition to performance and cost, firms should consider safety and trust factors.

Ramanathan noted it’s important to consider whether you want a consumer- grade model – that’s cheaper – or a more reliable professional-grade model. He emphasized three criteria to focus on when choosing an AI vendor:

1. “What’s your philosophy and principles around how AI should be used?” He said asking a vendor this question allows you to see if your firm’s vision and long-term strategy and roadmap are aligned with the vendor’s approach.
2. Request a vendor’s references and testimonials. Ramanathan explained that firms and organizations should ask vendors how many customers are already using their solutions. “AI is still a game of scale,” he said. “You don’t want to be the first customer training a model.”
3. Clarify the level of support and training a vendor provides. Ramanathan said this is key to ensuring that all levels of staff are trained and can use the AI solutions constructively.

Wong added that the questions he receives from potential clients focus on data, technology, and talent. He warned that some companies simply repackaged existing large language models (LLMs) for legal use cases without adding much.

“Clients that are working with companies that are building AI have a say,” Wong said. “They can contribute, iterate, and build the products.”

Also, he stressed the importance of working with a vendor that knows how to customize solutions and integrate customer feedback into product development.

How vendors use data

Kapoor asked what customers should consider regarding how vendors use their data. Wong said that understanding the data flow and how the data is processed are key, as well as understanding licensing and data rights, including intellectual property usage rights, cyber risk, and data leakage.

Ramanathan noted encryption standards as well as access control are critical as is demanding transparency from vendors: “You have the right to ask how the data your inputting is used.”

Ramanathan added, “Good vendors should have governance systems that answer” details such as where data is stored and who has access to it.

“Look for transparency” on data output

Wong advised firms to “look for transparency” from vendors, making sure they provide qualitative and quantitative information about the quality of their outputs. He said vendors should be guided by a set of AI principles and should follow a data governance and AI model governance process to mitigate hallucinations and potential risks.

Ramanathan noted that good vendors conduct regular model validation on a periodic basis. He also flagged that professional-grade AI solutions – unlike consumer-grade AI solutions – give a sense for the reliability of the answer.

Data output considerations also include encryption standards as well as vendors’ privacy and security policies. Ramanathan said a baseline is compliance with standards such as GDPR and CCPA.

“The privacy and security measures a vendor takes are a result of their philosophy about AI and how to use AI,” Ramanathan said. “It gives you a clue as to what you can expect downstream in terms of execution.”

Ramanathan added that vendors should share their risk management framework and enterprise risk framework as well as disclose how frequently they conduct audits and what mitigating actions they put in place.

Wong added that most firms and organizations have “tried and tested approaches for technology procurement” that they should apply to assessing AI vendors too.

Lack of AI-Specific SLAs

When exploring initial and ongoing training and documentation, Shokoh asked if AI service-level agreements (SLAs) are similar to those offered for SaaS-type platforms.

Ramanathan said there are elements of SLAs similar to cloud software “that you can and should expect,” such as uptime and maintenance. He noted the hard part is the lack of industry standards for AI-specific SLAs to address issues like response time and accuracy.

In the absence of industry standards, Ramanathan recommended asking questions around issues like product reliability controls and internal testing programs.

Going above the legal requirements

Part of assessing an AI vendor involves anticipating it will adapt to new and changing AI regulations, given the lack of a comprehensive federal law in United States and various states implementing their own guidance.

“There’s wide range and little consistency across the market,” Wong said. “What Thomson Reuters has done is look at AI standards in all the markets that we operate in and identify the most restrictive standards. We use a combination of the NIST standards and the EU AI directive as the basis for much of our governance framework.”

Wong added that Thomson Reuters applies this viewpoint to its risk management framework and to its data and AI model governance framework.

“We projected what the regulation would be rather than look at where the regulation is today,” Ramanathan explained. “We proactively defined what we call our Data and AI Ethics principles, which are very hard-coded guidelines that go into engineering our products as well.”

To watch a recording of the webinar, click here.