Sub-processor

A sub-processor is a third party that processes personal data on behalf of a primary processor. For AI vendors, upstream model APIs are nearly always sub-processors — and the most overlooked AI risk.

What is a sub-processor?

Under GDPR Article 28 (and substantially similar U.S. state privacy laws), a sub-processor is any third party engaged by a primary processor to carry out specific data-processing activities on behalf of a controller. For SaaS in general, sub-processors include cloud hosts (AWS, GCP, Azure), payment processors, email senders, and analytics tools.

For AI vendors, the most consequential sub-processor is usually the upstream model API — OpenAI, Anthropic, Google, Mistral. Every prompt your users send may flow through one or more of these upstream APIs depending on routing rules. Each is a sub-processor with its own DPA, jurisdiction, retention policy, and training-data stance.

Sub-processor disclosure

Under Article 28, sub-processors must be disclosed to the controller and listed in or annexed to the DPA. Many AI vendors maintain a public sub-processor list on their trust center. When you can't find one, ask. The list should include each sub-processor's name, role, and country of processing. New sub-processors must typically be announced with notice, giving the controller a window to object.

Sub-processor diligence checklist

For each sub-processor an AI vendor uses: which data flows to them, do they process in your acceptable jurisdictions, do they have their own DPA covering the same scope, do they train on data they receive (this is the question), do they offer a HIPAA BAA if you need one, and what happens if they have an incident. The end-to-end posture is only as strong as the weakest link in the sub-processor chain.