Methodology

Editorial independence

AI Compliance Vendors is an independent directory. Vendors cannot pay to be included, ranked higher, or reviewed more favorably. Our rankings, comparisons, and recommendations are not influenced by commercial relationships. We disclose any paid placement with a visible label on the relevant page.

Vendors may subscribe to a Verified tier that confirms their profile details are accurate and adds a "Verified" badge — nothing more. Verified tier does not affect rankings, comparisons, or the order vendors appear in. The baseline profile — features, pricing, framework coverage, pros and cons, comparisons, source links — is researched and written independently of any commercial relationship.

Source requirements

Every material factual claim on the site must trace to a citable public source. We use these source classes, in roughly descending order of weight:

1. 1. Primary regulatory text and official guidance. EU AI Act, NIST AI RMF publications, ISO standards (as abstracts — the standard itself is paywalled), Colorado Revised Statutes, NYC DCWP rulemaking, Federal Reserve SR letters.
2. 2. Vendor-published primary material. Documentation, pricing pages, security and compliance pages, customer case studies, SOC 2 reports, ISO certificates, SEC filings. Dated wherever a date is available.
3. 3. Independent reporting and analyst publications. Named journalism (TechCrunch, Forbes, Financial Times, Wired), Gartner Market Guides where the vendor is named a Representative Vendor, Forrester Wave reports, academic research with verifiable DOI.
4. 4. Marketplace and registry data. AWS Marketplace, Azure Marketplace, G2, Crunchbase, LinkedIn company pages — used for pricing ranges, team sizes, and funding history where vendor pages are silent.

We do not publish unverified claims, anonymous testimonials, internal data we cannot corroborate, or metrics without a source. If a vendor disputes a fact, we ask for a public source; if provided, we update within two business days.

Verification cadence

Every vendor profile carries a Last verified date showing when the profile was last checked against sources. The target cadence is at least quarterly, and we re-check sooner when:

• A vendor or reader reports a change through editorial@aicompliancevendors.com
• We see a public announcement of funding, acquisition, product rename, or discontinuation
• A new framework, regulation, or standard materially changes what a vendor needs to document

Corrections affecting accuracy are applied on the normal correction timeline (see below). Acquisitions, renames, and discontinuations are reflected as soon as we can corroborate the announcement — with the prior name preserved as an alias so inbound links keep working.

The site launched in April 2026. Current profiles were sourced from vendor websites, public funding records, framework coverage pages, and named customer references during the initial research pass. We are transparent about this: early-stage cadence relies on signals and reader reports, not a large editorial team. As the site grows, we'll publish the cadence we actually hit — not one we wish we did.

Inclusion criteria

A vendor qualifies for a listing if all of the following hold:

• Offers a product or service primarily purchased for AI governance, model risk, AI security, assurance, or compliance
• Has a public website with verifiable contact information
• Has at least one named customer, case study, published reference, or publicly documented deployment
• Is not a pure reseller or white-label wrapper of another listed product

Vendors that have been acquired or discontinued remain in the directory with a clearly labeled status and pointers to the acquiring entity or recommended successor. We do not quietly delete history — inbound links and citations continue to resolve.

Rankings and "best for" calls

Our "best of" lists (/best) and "best for" calls on comparison pages are based on publicly verifiable criteria, weighted differently per category:

• Feature coverage against the specific use case
• Named customers in the relevant segment (enterprise, mid-market, regulated industry)
• Jurisdictional and language support where relevant
• Pricing accessibility and procurement friction
• Framework-mapping depth for the stated use case
• Third-party certifications (SOC 2 Type II, ISO 27001, ISO/IEC 42001)
• Independent recognition (Gartner, Forrester, G2 category leader)

We do not publish opinions without a source. Where a ranking decision is judgment-based, we explain the trade-off and the evidence we considered.

Comparison methodology

Head-to-head comparisons (/compare) are not an attempt to crown a winner. Each comparison names:

• Core purpose — what each tool is fundamentally built for
• Primary buyer — which function inside the customer typically champions the purchase
• Key differences — 4–6 concrete, sourced differences in capability, pricing model, or deployment
• Best for vendor A and Best for vendor B — the buyer context in which each is the stronger fit
• Sources — every material claim linked to its origin

Conflict-of-interest policy

Editorial team members cannot hold equity, advisory roles, or paid consulting engagements with any vendor listed on the site. Commercial staff (sales, account management) do not have edit access to vendor profiles or comparison content. Any freelance contributor discloses prior or concurrent vendor engagements, and those disclosures are reflected in a byline note.

The cost calculator, framework pages, guides, and blog articles carry no affiliate links, no email gates, and no fake urgency.

Listing tiers explained

Two tiers exist; only the verification status differs, not the core profile. Editorial content — pros/cons, comparisons, framework coverage, rankings — is written independently in every tier.

We do not offer a Sponsored tier or paid placement. Directory pages, ranking order, badges, and "best of" lists carry no paid boosts and cannot be influenced by payment.

Lead routing

We operate an opt-in lead service at /get-quotes. Buyers describe their requirements, see a live preview of the vendors that would receive their information, and must explicitly consent before anything is shared. We charge vendors a flat per-lead fee ($50–$75 per qualified lead) when their profile is matched and the buyer submits a request.

The lead fee does not influence matching or rankings. Matching is driven solely by the buyer's selected criteria (frameworks, capabilities, industry, integrations, company size) scored against each vendor's public documentation using the same deterministic function that powers the Matchmaker. Vendors cannot pay to appear higher in match results, in directory pages, in "best of" lists, or in comparison verdicts.

A buyer can email editorial@aicompliancevendors.com at any time to retract their request; we will ask any notified vendor to delete the information we forwarded.

RFP broadcasts

Buyers who already know which vendors they want to evaluate can use /rfp to author a structured request — scope, decision criteria, timeline, and a free-form question list — and send it to a shortlist of vendors they pick themselves (up to 8). Unlike the matchmaker-driven /get-quotes flow, our matching function is not used: the buyer’s shortlist is authoritative and we do not add, remove, or re-order vendors.

Every RFP is reviewed by a human editor before any vendor is contacted. Once approved, we forward the RFP to each selected vendor’s listed contact address and the buyer’s email is included so vendors reply directly. We do not broker the conversation, sell the lead to adjacent vendors, or modify the buyer’s questions. The same disclosure applies: ranking, badges, and “best of” lists cannot be influenced by payment, and we charge the same flat per-lead fee to vendors who receive an RFP as we do for matchmaker leads.

Not legal advice

Framework summaries on this site are informational. They are not legal advice. Obligations depend on deployment context, jurisdiction, model tier, customer industry, and downstream use. Consult qualified counsel for compliance obligations specific to your business before making procurement or deployment decisions.

Corrections & disputes

Spotted an error? Email editorial@aicompliancevendors.com with the page URL and a public source we should reference. Our standard review target is two business days. If we agree an error exists, we correct it and add a public-facing correction note on any page materially affected.

Vendors who dispute a characterization are offered an opportunity to supply contrary public evidence. If the evidence is acceptable, we update. If not, the original framing stands — we do not remove accurate information because a vendor prefers it gone.