Interoperability & Portability
CSA AI Controls Matrix v1.1 domain
Enable controlled movement of data and workloads while limiting lock-in risk.
What this domain means for procurement
Buyers should be able to export relevant data and transition away from a model or platform without losing governance evidence or accepting unreasonable operational risk.
How TrustAtlas dimensions support it
Dependency chain measures lock-in and substitutes; business stability covers continuity through transition; IP exposure covers rights to export and reuse customer-created assets.
Dependency chainBusiness stabilityIP exposure
This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.
Questions to ask vendors
Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.
- Which prompts, outputs, embeddings, fine-tunes, logs, and governance records can customers export in documented formats?
- What technical and contractual dependencies prevent migration to another model, platform, or cloud provider?
- What deletion assistance, transition period, and continued access apply at contract termination?
Related
- Back to all 18 CSA AICM v1.1 domains
- Official CSA AICM v1.1 artifact
- NIST AI RMF cross-walk
- TrustAtlas methodology — how the nine risk dimensions are scored