Subcontractor compliance for multi-vendor AI deployments: who owns the audit artifact?

A state benefits-program modernization with an AI component almost never has a single vendor on the hook. The deployment chain typically runs: a prime contractor (the systems integrator), a model provider (Anthropic, OpenAI, Google, or equivalent), a cloud provider (AWS, GCP, Azure), and the agency's own internal IT or shared-services organization. Sometimes the chain is longer — a sub-prime for the eligibility-rules engine, a specialty vendor for the document-intake pipeline, a different vendor for the notice-generation system.

The audit trail an OIG will eventually ask for runs across all of these. The decision that produced an adverse determination took inputs from the agency's data, was prepared by an agent running on the model provider's API, was hosted on the cloud provider's infrastructure, was orchestrated by the prime's application, was reviewed by a caseworker in the agency's UI, and was recorded as a transaction in the agency's system of record. Reconstructing that decision packet eighteen months later requires data from every step in the chain.

When the OIG asks, the question is: who owns the artifact?

In most contracts we have reviewed, the answer is: nobody, until it becomes a problem.

This piece is about why that is the default, what it costs when the audit arrives, and how to fix it upstream in the contract — before the deployment ships.

The audit gap in multi-vendor deployments

Each vendor in the chain produces its own logs and its own audit artifacts. The model provider records API calls — inputs, outputs, token counts, timing — in its own format, with its own retention policy. The cloud provider records infrastructure events — instances spun up, network traffic, storage access — also in its own format. The prime contractor's application produces transactional logs. The agency's system of record records the final determination.

None of these artifacts, on its own, answers the question the OIG is asking. The OIG wants to know: what decision was made, what inputs were used, what model and prompt version produced the suggestion, who reviewed and signed off, what policy basis was cited, what notice was sent. That information lives across all four vendors, in incompatible formats, with no integration that joins them.

The gap is structural. It is not a vendor's individual failure. Each vendor's audit trail is appropriate for its scope of responsibility. The aggregate artifact — the one that crosses all four — does not exist because no single party has been contractually responsible for assembling it.

The prime contractor is the closest analog to an owner, by default. The prime is on the hook to the state under a single contract; the prime has subcontracts or service agreements with the others; the prime is the natural integrator. But "natural integrator" is not the same as "contractually obligated to produce a cross-vendor evidence pack on demand." Without that obligation written explicitly, the prime will produce its own logs when the OIG asks, the state will ask for the rest, and the rest will arrive in pieces over weeks, in formats that have to be reconciled before they are useful.

The data-rights chain

Underneath the audit gap is a chain of data-rights questions, each of which is settled separately:

Between the model provider and the prime. What rights does the prime have to API call logs? In what format? For how long? Most model-provider terms of service give the customer (the prime) access to their own API logs for a limited retention period — sometimes as short as 30 days, sometimes 90, sometimes 365 depending on tier. If the state needs an artifact two years out, and the prime has not been actively exporting and retaining the logs, the artifact may no longer exist.

Between the prime and the state. What rights does the state have to the prime's audit artifacts? Under what data-rights clause? In perpetuity, or only during the contract term, or only during a specific audit window? Most prime contractors default to "during the contract term" or even "during the active term and one year thereafter," which is shorter than the OIG audit window and far shorter than the appeals window for some determinations.

Between the prime, the cloud provider, and the state. Infrastructure logs typically belong to the customer (the prime). When the contract ends, those logs may not transfer to the state by default. A subsequent contractor would have no access to the predecessor's logs unless the data-rights chain was explicitly architected to make them portable.

Across the chain, in aggregate. Even if each pairwise relationship is well-defined, the aggregate artifact — the cross-vendor evidence pack — does not naturally fall out of any one relationship. It has to be a deliverable the prime is responsible for producing, with the cooperation of the others, designed up-front.

These are not subtle issues. They are visible in the contracts. They are routinely under-specified. The OIG audit is the moment that surfaces every one of them at once.

The cross-vendor audit data product

The fix is the same architectural pattern we wrote about in Audit-grade logging is a data-platform problem, extended across vendor boundaries.

The deployment produces, for each decision, a structured evidence pack that contains:

• The decision identifier, the case identifier, the action effect, the timestamp.
• The inputs the system considered, content-addressed (the actual value, not a pointer to a record that may have changed).
• The model and prompt version (pinned, with content hash).
• The retrieved context (documents, policy guidance, prior decisions), version-pinned.
• The agent's reasoning trace, structured.
• The human reviewer's action.
• The policy basis cited.
• The notice generated.

The evidence pack is assembled at decision time, not retrospectively. It is stored in a data product the prime contractor is responsible for, on infrastructure the agency has unrestricted-rights access to. The pack draws on the model provider's API call logs, the cloud provider's infrastructure metadata, the prime's application logs, and the agency's system of record — but the integration happens up-front, and the pack is the canonical record from then on.

When the OIG asks for the decision packet, the agency queries the evidence store directly. The prime is in the loop only to the extent of cooperating; the artifact does not depend on the prime's responsiveness, and survives the prime's departure.

Kevin's piece of this work is designing the data product across vendors. Each upstream vendor's data lands in the evidence store via an integration the prime is contractually obligated to operate. The integrations are tested. They run in production. They are not "available on request" — they are continuously populating the store. The cross-vendor data product is what the prime is selling, in effect, as the primary deliverable.

Subcontractor compliance clauses

The contract clauses that make this real are not exotic. They are the upstream version of the audit-readiness work the OIG is going to require anyway.

Flow-down attestation. The prime contractor attests, in writing and contractually, that the data-rights and audit-cooperation obligations in the prime contract flow down to all subcontractors and service providers in the deployment chain. The prime is responsible for ensuring the flow-down is in place; the state is not in privity with the model provider or the cloud provider, but the state's audit rights are protected by the prime's obligations.

Continuous evidence-pack assembly. The prime contractor is contractually obligated to assemble the evidence pack at decision time, not on request. The pack lives in the evidence store at the time of the decision. The store is operated by the prime but the state holds unrestricted-rights access.

Retention beyond contract term. The evidence pack and supporting artifacts are retained for the longer of (a) the relevant state retention schedule, (b) the federal grant retention requirement, (c) the active appeals window for the determinations contained therein, plus an explicit margin. The retention obligation survives the contract term, with the prime obligated either to maintain or to transfer to a state-designated successor.

Cooperation with audit. The prime contractor commits, in writing, to cooperate with OIG and federal-partner audits without billable rates for routine cooperation. The state should not be paying for the prime to do the audit-cooperation work; it is part of the contract.

Continuity in the event of vendor departure. If the prime, or any subcontractor, ceases performance or becomes unable to perform, the data-rights chain is designed to make the artifacts portable to a state-designated successor without renegotiation. This is the clause that protects against an out-of-business vendor or a contract-terminating dispute leaving the agency without its audit artifacts.

A contract with these five elements protects the state. A contract without them produces the OIG-audit scramble we have seen repeatedly in the past twelve months.

When a vendor disappears

This category of risk is real and increasing. Several model-provider entrants and AI-services startups that signed agency contracts in 2023 and 2024 have since been acquired, restructured, or — in a small number of cases — wound down. When that happens to a vendor in the deployment chain, the agency's ability to maintain audit-readiness depends entirely on whether the data-rights chain was designed to be portable.

The continuity clauses above are not theoretical. We have worked through them in practice for agencies whose vendors changed mid-deployment. The agencies that had the clauses in place transitioned the audit artifacts cleanly. The agencies that did not had to negotiate, sometimes against unsympathetic acquirers, sometimes for compensation, sometimes losing artifacts altogether.

The right time to think about this is before the contract is signed. The wrong time is when the prime sends a one-line email announcing a corporate transition.

What to do Monday

If you are a state agency contracting officer with a multi-vendor AI deployment in flight: ask the prime for the cross-vendor evidence-pack architecture in writing. If they cannot produce it, treat that as a contract-modification trigger. The cost of the modification is far smaller than the cost of an OIG finding two years out.

If you are a prime contractor on such a deployment: do the work up-front. The cross-vendor data product is the deliverable that justifies your position as the prime; without it, you are an aggregator of subcontractor licenses, which is a commodity role.

If you are the agency director: ask the question in the next quarterly review. Who owns the cross-vendor evidence pack? Show me the most recent one. If the answer is not immediate, you have a compliance gap.

Where Vardr fits

Gunnar brings the subcontractor-compliance and contract-administration discipline — the artifact set, the flow-down structure, the retention schedule, the cooperation clauses — drawn from a career across strategic finance, accounting, and corporate advisory work where these clauses are routine. Kevin brings the data-platform engineering that produces the cross-vendor evidence pack as an actual data product, not a hopeful promise. Together they design the artifact and the contractual obligation that produces it, so the agency director's answer to the OIG is "we already have it."