The deal was real. The deadline was tight.
In late 2024, FEtch was in commercial engagement with a global systems integrator. The buyer required completion of a Responsible AI assessment as a precondition for proceeding with a multi-year enterprise relationship. The assessment ran to dozens of questions covering model governance, risk classification, evaluation methodology, incident response, data lineage, supplier oversight, and human-in-the-loop controls.
FEtch had the underlying AI capability. What they did not have was a coherent governance position the buyer's procurement and assessment teams could validate against an enterprise framework.
Dozens
Assessment questions across governance, risk, evals, incident response, data lineage, and oversight.
4
Frameworks in play: ISO 42001, EU AI Act, NIST AI RMF, buyer-specific RAI classification.
3
Engagement phases: Translate, Templatise, reserve bounded advisory.
1
Multi-year deal. A global systems integrator relationship, accepted and proceeding.
The gap was not technical. It was translation.
FEtch's engineering team could speak to how their AI agents were built, what models sat behind them, how they handled data, and how they monitored outputs. The problem was that no one in the organisation could render those answers in the form the buyer's procurement and assessment teams needed. The engineering reality was sound. The translation between that reality and what enterprise reviewers would accept did not exist.
This is the gap most mid-market AI vendors hit at procurement. The deal does not die on price or product. It dies because the vendor cannot produce a single, coherent, internally consistent governance response the buyer can sign off.
Exhibit 1 · The translation gap
Engineering reality
What FEtch could already answer
- MODELSArchitecture, providers, prompts, guardrails
- DATASources, retention, isolation, PII handling
- EVALSMethodology, accepted ranges, regression tests
- MONITORINGTelemetry, drift checks, anomaly flags
- HITLWhere a human reviews, approves, or overrides
Enterprise reviewer
What the buyer needed to validate
- ISO 42001Readiness signals, conformance posture
- EU AI ACTApplicability and risk-tier positioning
- NIST AI RMFConcepts mapped to FEtch's footprint
- SUPPLYSupplier AI governance and oversight
- CLASSIFICATIONBuyer-specific RAI risk classification
Reading the exhibit. Both columns existed inside FEtch. Neither side could speak the other's language without intermediation.
Three phases. External load falls as internal capability rises.
The structure was deliberate. Mid-market technology firms cannot sustain a permanent AI governance function. They need to clear the threshold once, internalise the capability, and call for external judgement only when the stakes warrant it.
PHASE 01 · TRANSLATE
Clear the gate
Produce the documentation set required by the immediate assessment. Bridge engineering input and the buyer's standards.
Output: assessment-ready response · SER to buyer · time-boxed
PHASE 02 · TEMPLATE
Transfer the capability
Convert the artefacts into reusable frameworks FEtch could populate themselves on future opportunities.
Output: reusable artefact suite · handover · closes the engagement
PHASE 03 · OVERSEE
Keep judgement on call
A bounded advisory layer for review and judgement on subsequent governance work. The permanent low-amplitude option.
Output: on-call senior judgement · FEtch retains control · hours per quarter
For FEtch, Phases 1 and 2 were sufficient for the commercial requirement. Phase 3 remains available.
What was delivered.
Responsible AI assessment response
A complete response covering all domains the buyer required.
AI model inventory
Mapped against EU AI Act risk tiering and the buyer's classification framework.
Documented AI risk register
Covering FEtch's AI footprint, with named owners and treatment positions.
ISO 42001 readiness action plan
The gap to certifiable conformance, with sequenced remediation steps.
EU AI Act readiness mapping
Applicability, obligations, and timelines.
Governance positions
Data lineage, evaluation methodology, incident response, human oversight, supplier AI governance.
The response was delivered on time. The buyer accepted it. The multi-year enterprise relationship proceeded.
The Responsible AI assessment was a significant commercial gate for us. Troy got us through without pulling the engineering team off their roadmap, and left us with documentation that forms the basis for our own AI governance and sets us up for the next one.
Most firms selling AI into enterprise are operating below it without knowing.
The signal is rarely in the product. It is in the pipeline. If you recognise these patterns, the question worth asking is not how to improve your compliance posture. It is where the gap actually sits in your organisation, and what the architecture for crossing it looks like.
- ›Deals that should close stall at procurement.
- ›Responsible AI assessments come back with questions the engineering team cannot answer in governance language.
- ›Reviewers on the buyer side are asked to interpret documentation rather than validate it.
