Five questions buyers, funders and partners will ask about your AI product

The bar for adopting AI-enabled health and care tools has risen sharply. Whether you are pitching to a hospital system, a national health body, a regional commissioner, an investor, a research funder or a programme partner, the questions you can expect to face are now substantially more rigorous than they were even two years ago.

This is true across markets. The NHS, for example, refreshed its Digital Technology Assessment Criteria in early 2026 and now expects suppliers to evidence clinical safety, data governance and explainability in considerable detail. Equivalent frameworks are tightening in the United States, across the EU, and in regulated industries that are adopting AI at pace. The specifics differ. The underlying expectations do not.

For small and medium-sized teams preparing to engage with these audiences, understanding the questions in advance is one of the most practical steps you can take. Five come up consistently.

1. How does your AI reach its decisions, and can the people using it understand and challenge them?

Explainability is now treated as a core requirement, not a nice-to-have. Buyers, governance leads and end users expect to be able to interrogate a recommendation, understand its basis, and override it where appropriate. A system that returns an output without any meaningful account of how it arrived there will struggle in any serious review. Being able to articulate clearly what the model does, what data it was trained on, what its limitations are, and how users are expected to interact with it is essential. This needs to be built into the product, not written into the marketing copy.

2. Have you completed a Data Protection Impact Assessment, and does it reflect the real data flows?

A DPIA, or its equivalent in other jurisdictions, is now a near-universal expectation for any product handling personal or sensitive data at scale. NHS procurement requires one as part of DTAC. EU-funded consortia expect one as part of governance documentation. Investors increasingly ask for one as part of due diligence. A DPIA drafted quickly to tick a box, without genuinely mapping data flows, identifying risks and documenting mitigations, will not hold up to scrutiny. A thorough, honest assessment of what data is collected, where it goes, how long it is retained and who has access is the foundation everything else rests on.

3. What is your clinical or operational risk management process, and who owns it?

Buyers want to see a systematic, documented approach to managing risk, not a verbal assurance that the product has been tested. In the NHS this is framed around clinical safety standards such as DCB0129 and the appointment of a Clinical Safety Officer. In other settings the framing is broader, but the substance is the same: a named owner, a documented process for identifying and mitigating risks, and a clear plan for monitoring and acting on issues over time. Teams that arrive without this in place tend to lose ground quickly.

4. How have you tested for bias, and what populations was your model trained on?

If a model was trained primarily on data from certain demographic groups, age ranges or clinical populations, its performance may degrade, sometimes significantly, when used with people outside those groups. Funders, regulators and adopting organisations are now asking for explicit evidence of bias testing and mitigation. Being able to demonstrate that you have thought carefully about representativeness in your training data, and that you have taken steps to identify and address disparities in performance across different groups, is increasingly a differentiator rather than a bonus.

5. What happens when it goes wrong?

Every AI system will at some point produce an incorrect or misleading output. The question being asked is not whether your system is perfect, but whether you have a credible plan for when it is not. That means clear incident reporting processes, escalation pathways, mechanisms for collecting and acting on user feedback, and a documented process for updating and revalidating the model when issues are identified. Products without a clear answer here struggle to build the trust that sustained adoption requires.

Preparation is product design, not paperwork

Preparing for these questions is not primarily a documentation exercise. It is a product and governance design exercise. Teams that build safety, data governance, explainability and bias management into their development from an early stage tend to find buyer engagement, funding applications and investor diligence considerably less painful than those that treat compliance as a sprint at the end.

Lemic Consulting works with digital health and AI teams to review products for ethical, legal and governance risks before launch and ahead of buyer, funder or investor engagement. If you would like independent input on where your product stands, get in touch.