She advised checking whether the provider can use prompts or outputs to train models, how they handle confidentiality and data security, compliance with privacy laws, service levels, and liability limits.
Exit rights are also crucial to avoid lock-in.
LegalVision recommended documented fallback arrangements, registers of approved AI systems, and strict approval rules to limit unsanctioned AI use.
McKee said organizations should design AI use around business processes, not one provider's product, and set approval rules to prevent staff from building critical workflows on unapproved tools.
The firm emphasized that operational continuity depends on preparing for rapid shifts in AI pricing, performance, and regulatory compliance.
>>> Centralized AI Fragility Exposes Enterprise Supply Chain Risks
McKee concluded that AI access can change quickly, and businesses should not build essential operations on assumptions they do not control.