For buyers & procurement teams

RFP language for AI accountability.

If your vendors run AI agents that can move money, change records, or contact your customers, your RFPs should require proof of human authorization — not promises of it. The clauses below are written to paste directly into an RFP, vendor questionnaire, or MSA security schedule.

These clauses are anchored to an open specification (draft-schrock-ep-authorization-receipts, IETF individual submission) — not to any vendor. Any conformant implementation satisfies them, including ours. That is the point: require the property, not the brand.

Clause A — Baseline — human approval for irreversible actions

When to use: Any procurement involving AI agents that can move money, change records, or communicate externally.

The Vendor's AI agents and autonomous systems shall not execute Irreversible Actions — including funds transfers, payment-instruction or beneficiary changes, creation or modification of records in systems of record, outbound communications at scale, production configuration changes, and access-control changes — without prior approval by a named, authenticated human approver.

Each approval shall be cryptographically bound to the specific action's parameters (including amount, counterparty, target system, and validity window), such that any post-approval modification of those parameters invalidates the approval. Approvals shall be single-use and shall expire after a defined period.

For each approved Irreversible Action, the Vendor shall retain and produce on request evidence of the approval that the Customer can verify without reliance on Vendor-operated systems.

Clause B — EU AI Act — Article 14 human oversight

When to use: Systems in scope of Regulation (EU) 2024/1689 Annex III (high-risk) — obligations provisionally deferred to December 2, 2027 by the Digital Omnibus (May 2026); the requirements themselves are unchanged.

For AI systems within scope of Regulation (EU) 2024/1689 (EU AI Act) Annex III, the Vendor shall implement technical measures enabling human oversight, intervention, and override consistent with Article 14, including pre-execution human approval for actions producing legal or similarly significant effects on natural persons.

The Vendor shall maintain records sufficient to demonstrate such oversight consistent with Article 12 (record-keeping), in a machine-verifiable format. Upon request, the Vendor shall provide the Customer with the records and the means to verify their integrity and authenticity independently of the Vendor, including verification while offline.

Statements of policy, manual review procedures, or dashboard-based approval queues that do not produce independently verifiable records shall not satisfy this requirement.

Clause C — Full specification — verifiable authorization receipts

When to use: High-assurance deployments: financial controls, government benefits, treasury, healthcare.

For each approved Irreversible Action, the Vendor shall produce an authorization receipt containing at minimum:

(a) a cryptographic digest of the approved action computed over a canonical serialization of its parameters (e.g., RFC 8785 JSON Canonicalization Scheme);
(b) the identity of the human approver and the class of authenticator used;
(c) a digital signature produced by an approver-held key over material derived from the action digest — for high-assurance actions, a device-bound WebAuthn/FIDO2 assertion with user verification (biometric or PIN);
(d) issuance and expiry timestamps and single-use (anti-replay) semantics; and
(e) sufficient material for the Customer to verify the receipt offline using a published, open-source verifier distributed under an OSI-approved license.

Authorization receipts conforming to draft-schrock-ep-authorization-receipts (IETF, individual submission) or a successor specification satisfy this requirement in full.

Evaluating vendor responses

The clause does the filtering for you. What you are listening for in responses:

“We maintain comprehensive audit logs.”

Logs are written after execution and assert rather than prove. They do not bind a human to the specific action before it ran.

“Approvals happen in our admin dashboard.”

Dashboard queues are server-state: the evidence lives in the vendor’s database and cannot be verified independently or offline.

“All operators use MFA / SSO.”

MFA authenticates a session identity. It does not bind anyone to one specific action’s parameters — the agent still acts under delegated credentials.

✓

“Here is a signed receipt for each action; verify it with the open-source verifier — no access to our systems needed.”

This is the compliant shape: action-bound, human-bound, offline-verifiable.

Compliance mappings by sector

Two-page mappings of EU AI Act articles to the receipt architecture, written for a compliance file:

Financial services (FinGuard) — wire release, beneficiary changes, dual authorization
Government programs (GovGuard) — benefit account changes, caseworker overrides
Healthcare — high-risk clinical and administrative actions

Auditing a vendor that claims conformance? See the auditor’s guide to verifying Trust Receipts — verification takes about two minutes and requires nothing from us. This page supports your procurement program; it is not legal advice.