Solicitation tips for AI

Support cross-functional collaboration. Collaborate early and often with stakeholders across the organization, including AI specialists, legal, security, compliance, and end users, to ensure the solution meets diverse needs and regulatory requirements. Have an expert who understands AI solutions on your evaluation team.

Engage the end users and vendors early. In line with good technology procurement, make sure that you have a deep understanding of your user or beneficiary needs through user research and testing. Equally important, the vendor market can give you helpful feedback not only on what is possible, but also what would incentivize them to participate in solicitations. Engagement efforts may include conducting a request for information (RFI), requesting demonstrations, and more.

Use an outcomes-based approach. Focus on the problem and measurable features or Key Performance Indicators (KPIs) rather than prescribing specific technologies. Consider solutions that can leverage current commercial and emerging AI capabilities while meeting your requirements. Understand how the underlying technology works, both in terms of the algorithms and training data. For example, if a health agency wants to deploy GenAI to rapidly summarize information about patients, an outcomes-based RFP might say: "we seek to reduce time/cost for feedback summaries by 50%, ensure explainability, minimize bias—all while safely handling sensitive patient data.”

Support testing and iteration. Encourage pilot projects, sandbox environments, and modular procurement to enable safe testing of AI models. Consider proof-of-concept deployments or trial periods to evaluate capabilities before full implementation. Look for documented evidence of real-world implementations in similar contexts.

Incorporate compliance and risk management. Include requirements for relevant IT security and AI-specific certifications and regulatory alignment, while balancing flexibility to encourage vendor participation. This can look like specifying any needs for bias mitigation, stakeholder participation, explainability, audit trails, human-in-the-loop controls, and transparency about training data, ensuring these align with your organization's risk management framework. Also ensure alignment with appropriate security frameworks and regional compliance requirements set out by your jurisdiction. The NIST Risk Management Framework can be a helpful resource.

Address intellectual property (IP) and data rights. Clearly define ownership of outputs, terms for using public sector data for model improvement, and data portability expectations. Consider contractual requirements for data residency, usage restrictions, and data handling protocols.

Ensure legal and regulatory alignment. Reference applicable AI and data protection laws in your jurisdiction and incorporate them in solicitation and contract clauses. Consider requirements for demonstrating compliance with relevant legal frameworks.

Include vendor and contract management. Plan for knowledge transfer and evaluate the long-term flexibility of your chosen solution, including data portability and integration capabilities.

Specify integration requirements. This includes existing IT environments and compliance with relevant accessibility standards, ensuring inclusiveness and usability for all users. Evaluate technical compatibility with your current systems and infrastructure. Consider data flow and interoperability requirements, and solutions that support industry-standard APIs and data formats to enable integration with your existing systems and provide flexibility for future technology evolution.

Align on technical infrastructure needs for development. Clarify whose technological infrastructure will be used for developing and deploying the solution.

Include data governance and privacy requirements. These can include data governance, breach notification protocols, and data protection responsibilities. Consider appropriate security certifications and privacy controls for your context. Understand clearly how the solution provider will use your data and address associated risks.

Consider sustainability. You may have sustainability requirements for environmental impact reporting, such as energy usage metrics and sustainability practices, aligned with your organization's environmental goals.

Core structure: Start with your standard organizational RFI or RFP structure (e.g., timeline, instructions, scoring) and make it even stronger by focusing on the problem that you are trying to solve and the outcomes you want to achieve. Keep it short and use simple language.

Technical evaluation: Incorporate sections for AI capabilities, security measures, multi-model integration, vendor support and transitions.

Quality and capability assessment: Include questions around topics like model accuracy, hallucination, mitigation, benchmark validation, ethics, and compliance.

AI disclosure: Consider adding a requirement for transparency and accountability depending upon your policies and use case.

Scoring rubric: Assign weights to elements like security and compliance, disclosure, model performance and evaluation, support and maintenance, and pricing/value.

Guarantee period: Include a guarantee period to help ensure that the vendor will fix issues early on to meet your specifications.