Free template from Sayfe.ai · Take the AI Compliance Assessment
Sayfe.ai
An authorized OpenAI SMB Channel Partner · sayfeai.com

AI Vendor & Impact Assessment Worksheet

Complete one per AI tool or use case · [Company Name] · Assessed by: [Name] · Date: [Date]

1. Tool & use case

FieldYour answer
AI tool / vendor name[e.g., ChatGPT Business]
What it is used for[use case]
Business owner of this use[name / title]
Does it influence a "consequential decision" (hiring, credit, housing, insurance, healthcare, education)?[Yes / No]

2. Data & privacy

QuestionAnswer
What data is entered into the tool?[describe]
Does it include personal data (PII)?[Yes / No]
Does it include health data (PHI)?[Yes / No — if Yes, BAA required]
Does the vendor train on our data by default?[Yes / No — confirm in contract]
Is data encrypted in transit and at rest?[Yes / No]
Where is data stored / processed?[region]

3. Regulatory exposure (check all that may apply)

RegulationApplies?Why / mitigation
Colorado SB 26-189 (ADMT)[Y/N][notice + human review + 3-yr records]
EU AI Act[Y/N][transparency disclosures by Aug 2 2026]
NYC LL144 / automated hiring[Y/N][bias audit + applicant notice]
FCC one-to-one consent[Y/N][per-seller consent capture]
HIPAA[Y/N][BAA-eligible path only]
Privacy (state / PIPEDA)[Y/N][access & deletion process]

4. Risk rating & decision

Overall risk (Low / Moderate / High)[rating]
Human-review safeguard in place?[describe]
Approved for use?[Approved / Approved with conditions / Not approved]
Re-assessment date[date]
Reviewer signature
Date
Keep completed worksheets on file for at least 3 years — several AI rules (including Colorado SB 26-189) expect decision-level records. Need help? Book a free 15-minute review at sayfeai.com/compliance-assessment.
Educational template — not legal advice. This template is provided by Sayfe.ai as a free starting point and does not constitute legal advice or create an attorney-client relationship. AI regulations change frequently; have qualified counsel review and adapt this document for your jurisdiction and circumstances before adopting it.

© 2026 Sayfe.ai, an authorized OpenAI SMB Channel Partner (operated by Vandelay Consulting Inc.), Houston, Texas. Reuse and edit freely for your own business. Learn more or book a free 15-minute compliance review at sayfeai.com/compliance-assessment.