Interoperability & Portability

CSA AI Controls Matrix v1.1 domain

Enable controlled movement of data and workloads while limiting lock-in risk.

What this domain means for procurement

Buyers should be able to export relevant data and transition away from a model or platform without losing governance evidence or accepting unreasonable operational risk.

How TrustAtlas dimensions support it

Dependency chain measures lock-in and substitutes; business stability covers continuity through transition; IP exposure covers rights to export and reuse customer-created assets.

Dependency chainBusiness stabilityIP exposure

This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.

Questions to ask vendors

Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.

  1. Which prompts, outputs, embeddings, fine-tunes, logs, and governance records can customers export in documented formats?
  2. What technical and contractual dependencies prevent migration to another model, platform, or cloud provider?
  3. What deletion assistance, transition period, and continued access apply at contract termination?
← Identity & Access Management Infrastructure Security →

Related