I
Impetora
Methodology

Sub-processor

A sub-processor is a third party that processes personal data on behalf of a processor, typically an infrastructure or software vendor sitting beneath the primary service provider.

What is Sub-processor?

Under GDPR, controllers must approve sub-processors used by their processors, and processors must contractually flow GDPR obligations down. For an AI system, common sub-processors include the model API provider, the cloud region, the vector database, the observability tool, and the email or notification service. The list is published on the vendor's website and updated with notice.

How does Sub-processor apply to enterprise AI?

Enterprise procurement teams audit sub-processor lists for residency, certification, and contractual flow-down. AI vendors selling to enterprise must publish a current list and a notice mechanism for additions.

Related terms

Regulation

GDPR

The General Data Protection Regulation (GDPR) is the EU's data-protection regulation, governing the processing of personal data of people in the EU and EEA.
Methodology

Data Residency

Data residency is the requirement that personal or regulated data stays within a specified geographic region throughout processing, storage, and backup.
Governance

AI Audit Trail

An AI audit trail is the persistent, tamper-evident record of every input, output, tool call, model version, and decision an AI system has made, sufficient to reconstruct any past interaction.

External references

Impetora

Need help applying Sub-processor to your enterprise? Submit a short brief and we reply within one business day.

Submit a projectBack to glossary
Discovery call

Book a discovery call

Tell us what you would like to build. We reply within one business day.

30-minute call. Free of charge. No obligation.