Product
How it works Identify Qualify Book Sync Follow up Integrations Security & GDPR
Solutions
By Department
Sales Marketing Customer Success Product Executive RevOps
By Industry
SaaS Consulting Expert Services Law Firms Engineering Firms Financial Services IT Services B2B Ecommerce
Pricing
Resources
All resources Blog Customer stories Guides ROI calculator Comparisons
Company
About Team Careers Facts Contact
Legal
Terms of Service Privacy Policy Data Processing Agreement Acceptable Use Policy Cookie & Storage Policy End-User Privacy Notice Security Overview Subprocessor List
Sign in
REQUEST A DEMO GET STARTED
The Cloop blog
The procurement form your CISO won't sign, AI vendor evaluation for European professional services
Trust

The procurement form your CISO won't sign

Senior counsel forwards the security questionnaire on a Wednesday. Eighteen pages, eighty-seven questions. By Thursday the CISO has answered fourteen and flagged the rest red. This is where most AI sales pilots end at European professional services firms.

By Tapio Junes · · 11 min read

In short

  1. Most AI sales pilots at European professional services firms end at procurement, not at the demo or in pricing.
  2. Professional services have GDPR plus three more concerns layered on: client confidentiality, sectoral regulators, and conflict-of-interest rules. The bar is higher because the trust is older.
  3. There are fourteen questions every CISO asks an AI vendor in 2026. Five of them are the ones US-built tools cannot answer well, and that is where the form goes red.
  4. Vendors that built EU-first answer those five in one sentence each. Vendors that bolted GDPR onto a US product spend eight to twelve weeks trying to.
  5. Run the procurement checklist before the demo, not after. The vendors that survive it are usually the ones worth piloting.

The senior partner forwards the security questionnaire on a Wednesday. Eighteen pages, eighty-seven questions, due Friday. By Thursday afternoon the CISO has answered fourteen and flagged the rest red. The vendor on the form is a US-incorporated AI sales tool with a G2 badge and a Delaware office address. The deal stalls. Sometimes it stalls quietly for a quarter, sometimes it stalls loudly with a partner email, but it stalls.

This is where most AI sales pilots end at European professional services firms. Not at the demo. Not in pricing. Not in legal review of the master agreement. At procurement, after the brochure has done its job and the form has not.

The procurement gate is where you find out which vendors actually built for Europe and which ones bolted on a "GDPR-compliant" line and called the work done. It is also the most efficient filter you have, if you run it early.

Why professional services have it harder

Every B2B firm in the EU has GDPR exposure. Professional services firms have GDPR plus three more things on top, and the three more things are the ones that actually kill deals.

First, client confidentiality is contractual, not just regulatory. A law firm that leaks client information through a vendor does not just face a GDPR fine. It faces malpractice claims, bar association sanctions, and conflict-related disputes that end careers. An accounting firm that exposes audit data faces the same thing under different statutes. The standard is higher because the trust is older. Bar associations have been writing client confidentiality rules for two centuries. GDPR is twenty years old.

Second, the regulators are sectoral and they overlap. In Finland alone you sit under the Asianajajaliitto if you are a law firm, the Finanssivalvonta if you do anything regulated-financial, the Tietosuojavaltuutettu for GDPR specifically, and the Kuluttaja-asiamies if you have consumer-facing work. Each has its own AI guidance, the patchwork is changing yearly, and "we are GDPR-compliant" answers exactly one of them. Across the EU the same pattern repeats with different names. Spain has its own Bar rules, Germany its own BaFin, France its own CNIL guidance.

Third, the conflict-of-interest rules make audit trails non-negotiable. If your AI tool ever surfaces client A's information to anyone touching client B's matter, even by accident, you have a regulatory event. Most AI sales tools have no concept of conflict walls because their original buyers were SaaS startups, not law firms. The product was never asked the question, so the architecture has no answer.

Stack the three on top of GDPR and you get a procurement gate that looks similar to a US one on paper, with a far higher rejection rate in practice.

The fourteen questions every CISO asks

This is the actual list, unabridged, that lands on the CISO's desk. We have seen variants of it from twenty different procurement teams across six countries. The wording shifts, the questions don't.

  1. Where does the data physically live? Country, city, data centre operator. Not "EU-based servers" as a marketing phrase. The exact rack, ideally with the operator's compliance certifications attached.
  2. Who is the data controller, who is the processor? If the vendor cannot draw the data flow with controller and processor labelled in under thirty seconds, they have not thought about it.
  3. What sub-processors are involved? Names, locations, what each one does. A list of three is normal, a list of fifteen is a red flag.
  4. What is the lawful basis for processing personal data? Legitimate interest, consent, contract performance, each has a different downstream obligation. The vendor needs to name it.
  5. How is the DPA structured? Article 28 SCCs included? Modular DPA or a custom one? Public version reviewable in advance, or only after NDA?
  6. What happens to customer data when we leave? Export format, deletion timeline, written confirmation of deletion. Soft answers like "we delete on request" are not enough.
  7. Is customer data used to train AI models? The answer that matters is the contractual one. Marketing pages do not count. Show the clause in the DPA.
  8. What encryption? At rest, in transit, key management. AES-256 and TLS 1.2+ are baseline. Where do the keys live, who can rotate them, what is the recovery path.
  9. Authentication? SSO, SAML, MFA, integration with our identity provider. Microsoft Entra ID and Google Workspace cover most European firms. Anything less is a sign the product was not built for them.
  10. Audit logs? What gets logged, who can pull them, retention period, format. Procurement reviewers want SIEM-friendly JSON, not screenshots.
  11. Schrems II? Any data crossing into a non-adequate jurisdiction. The US is not adequate. The UK currently is. Switzerland is. The mapping is an exact compliance question.
  12. Sub-processor change notifications? Days of advance notice, mechanism for objection, what happens if we object.
  13. Data subject rights workflow? Time-to-respond on access, deletion, portability requests. Forty-eight hours is good, two weeks is policy minimum.
  14. Incident notification? Hours from breach detection to disclosure. Twenty-four hours is the bar, seventy-two is the legal floor under GDPR.

If a vendor cannot answer all fourteen in writing, the questionnaire bounces. If they answer twelve and wave at the other two, the questionnaire bounces and the partner stops returning calls.

The five questions most US tools fail

The fourteen questions are not equal. Five of them are the ones US-built tools cannot answer cleanly, and the procurement gate effectively narrows to those five.

Where the data physically lives. Most US AI sales tools host on AWS or GCP, often in eu-west-1 (Dublin) or europe-west2 (London). Dublin is in the EU. London is in the UK. Both look fine on a slide. The follow-up question that breaks them is "and the inference layer? Where does the LLM run?" Almost always the answer is "OpenAI / Anthropic / a US-hosted model." That is a Schrems II event. The brochure does not mention it.

AI training on customer data. Almost every vendor will say "we don't train on your data" on the marketing page. The procurement question is "show me where it says so contractually, in the DPA, with no exceptions for 'aggregated' or 'anonymised' use." Most vendors have weasel words there. Cloop's DPA does not.

Sub-processor list with EU-only constraint. A US tool's sub-processor list often includes Twilio, Segment, Stripe, OpenAI, plus a US-based observability stack. Each one is a separate compliance question. EU-built tools have a shorter list and the names are EU-incorporated.

Personnel access. Who can see customer data on the vendor side? "Our support team" is too vague. The procurement question is "are any of those people based in the US, India, the Philippines? What is the access control trail?" Most US vendors run twenty-four-hour support out of multiple jurisdictions and the answer to the location question is uncomfortable.

Contractual audit rights. Article 28 GDPR gives data controllers the right to audit processors. Most vendors have a clause that funnels this through a "third-party report on request" model. Procurement teams want a real audit right with a real notice window. This one is rarely a deal-killer on its own, but it is the question that signals whether the vendor is serious.

If a vendor passes all five, the rest of the form usually flows. If it fails two of them, the form goes red and stays red. (For the partner-level read of why Article 28 is the gating clause behind these five questions, see GDPR Article 28 for AI sales tools.)

How Cloop answers, specifically

We are biased here. We are the vendor.

What we will do is give the actual answers, in one sentence each, the way the procurement questionnaire wants them. None of this is marketing, all of it is verifiable by reading the linked pages.

Where the data lives. Hetzner Helsinki, fi-hel-1 zone. The rack is in Finland, the operator is German-incorporated under EU law, the data does not leave the EU.

Inference layer. Nebius B.V., Netherlands. EU-incorporated, EU-hosted, Schrems II compliant.

AI training prohibition. Contractually prohibited in the standard DPA, no exception clauses for aggregated or anonymised data.

Sub-processor list. Public at /legal/subprocessor-list/, with thirty-day advance notification on changes.

Authentication. Microsoft Entra ID (Azure AD), Google Workspace, SAML 2.0 on Team plans. Conditional Access supported. (Full security overview is public.)

Encryption. AES-256 at rest, TLS 1.2+ in transit. Keys managed by Hetzner with EU-based rotation.

Audit logs. JSON-formatted, SIEM-compatible, retained for thirty days on Solo and twelve months on Team. Customer-pullable on request, immediate.

Incident notification. Twenty-four hours from detection to disclosure, written into the DPA.

Data subject rights workflow. Forty-eight-hour response on access, deletion, portability. Standard form at /legal/end-user-privacy-notice/.

You can read all of this in advance. We do not require an NDA to share the DPA, the sub-processor list, or the security overview. The reason is simple. If procurement cannot read the answers before the demo, the demo is wasted time on both sides.

A practical procurement checklist

If you are evaluating an AI sales tool at a European professional services firm in 2026, run this list before you book the demo. Not after. The vendors that survive it are the ones worth piloting.

  1. Ask for the DPA. If the answer is "we will share it after NDA," that is your answer about how serious they are about EU compliance. Move on.
  2. Ask for the sub-processor list. Should be public on a URL. Count the names. Count how many are US-incorporated. Count how many are EU-incorporated.
  3. Ask where the LLM inference happens. Not "where the application is hosted." Specifically the model. Most US tools hand-wave this question.
  4. Ask for the security overview. EU-hosted firms publish it. US-pivoting firms send a SOC 2 report and assume that closes the conversation. SOC 2 is not GDPR.
  5. Ask whether customer data is used to train any AI model, ever, for any purpose, including fine-tuning the vendor's own product. Get the answer in writing.
  6. Ask the location of every person who can read your data. Vendor employees, contractors, support staff, devs.
  7. Ask for the deletion clause. Time to delete, format of confirmation, retention of any backup.
  8. Ask for the breach notification clause. Hours, not days.
  9. Ask for SSO with your identity provider. Most professional services firms run Microsoft Entra ID. If the vendor does not support it natively on a Team-tier plan, the procurement gate will not open.
  10. Ask whether the vendor has any pending or settled regulatory action in any EU jurisdiction. The answer should be "no." Verify with a Google search anyway.

Ten questions. Mostly answerable from a vendor's website if they built for Europe. Mostly unanswerable if they did not.

Before the pilot ships to legal

Don't ship the AI sales pilot to legal until you have the answers to the ten questions above. We mean this literally. The most expensive thing a partnership can do in 2026 is approve the procurement form, sign the master agreement, run the pilot, and then realise eight months later that the data has been crossing into a non-adequate jurisdiction the whole time.

Nobody on the partnership wants to be the partner who agreed to the deal that breaks the firm. The procurement gate exists to keep that from happening. Run it before the demo, not after.

Tapio Junes
Founder, Cloop

Building Cloop, the AI sales rep for B2B websites. Previously ran outbound and inbound motions in Nordic SaaS.

Frequently asked questions

Is GDPR really the gating issue, or is this overblown?

It is gating, but not the only one. For European professional services firms the layered concerns stack like this: GDPR (regulatory baseline), client confidentiality (contractual and bar/association rules), sector regulators (Finanssivalvonta, Asianajajaliitto, equivalents across the EU), and Schrems II for any data crossing into a non-adequate jurisdiction. Failing any one of them ends the pilot. Most US AI sales tools fail at least two by default, so the gate fires early.

Won't every vendor say 'we are GDPR-compliant' and pass the form?

They will say it. The question is whether the answer survives a follow-up. Procurement teams in Europe have learned to ask 'where physically is the data, who is the sub-processor, what is the lawful basis, show me the DPA clause.' Vendors that bolted GDPR onto a US product cannot answer those without a long pause. Vendors built EU-first answer in one sentence and point at the public DPA. The follow-up is where the form fails.

How long does this procurement gate actually take?

For a well-prepared vendor, two to four weeks at a professional services firm. The CISO drafts the questionnaire, the vendor responds in writing, the DPO reviews, the partnership signs off, the SCC and DPA are exchanged, the trial begins. For a US vendor without EU residency answers, the same gate runs eight to twelve weeks and stalls or restarts when each clarification round fails. We have watched both timelines play out in 2025 and 2026.

What if our firm uses ChatGPT or Claude already without this scrutiny?

Most do. The reason is that those are individual user tools where the firm is not the data controller for client matter content (or shouldn't be, by policy). An AI sales tool plugged into your CRM is different by architecture. It is processing identified visitor data, sending it to your sales team, storing conversation logs, and writing into your record-of-truth system. The firm becomes the data controller and the vendor becomes the processor. That is the trigger for the full GDPR Article 28 procurement workflow, not the technology itself.

Can we just self-host the AI to avoid the whole issue?

Self-hosting solves data residency. It does not solve sub-processor management, audit trails, AI training prohibitions, sectoral regulator rules, or the operational reality that you do not run a hosting business. For most professional services firms the right answer is to pick a vendor that already cleared the procurement bar in Europe and pointed the architecture at your concerns from the start. Cloop's architecture (Hetzner Helsinki, Nebius Netherlands, public DPA, public sub-processor list) was designed exactly for that buyer.

Keep reading

Conversion

From Dark Funnel to Light Pipeline

The dark-funnel analysis was right for years. In 2026 it has acquired a new layer, AI conversations, that no intent-data platform can observe. Here is the three-layer view, why two of them are now where pipeline is decided, and what to do this quarter.

Tapio Junes··14 min
Qualification

Multilingual B2B qualification: what Finnish, Swedish and English really require

Translation quality is table stakes. The harder problem is picking the right language at the right moment, and reading intent in a language where the verb comes last. Here is what actually matters.

The Cloop team··9 min
News

HubSpot, Salesforce, Dynamics 365, Pipedrive, Cloop is now native in all four

Today we're shipping native integrations with HubSpot, Salesforce, Dynamics 365 and Pipedrive. One AI SDR, four CRMs, no middleware, and a sync model designed for RevOps to audit at 2am.

The Cloop team··5 min