In responding to my recent post** on the EU AI Act, Tim Cummins made a point that reframes the entire ProcureTech AI conversation:
“Only around 8% of organisations have that ‘readiness’. Many are headed in the wrong direction — doubling down on controls within a fragmented architecture… This really is a battle for relevance and survival.”
That observation matters because the EU AI Act does not regulate intention, ambition, or capability. It regulates deployment — and fragmented commercial architectures fail under deployment pressure.
The deadline: August 2, 2026 — EU AI Act deployer obligations take full effect
The liability: Vendors sell AI capability; YOU bear the regulatory risk as the deployer
The penalty: Up to €15 million or 3% of global turnover for deployer non-compliance
The gap: Neither Coupa nor Zycus systematically assesses client readiness before selling AI features
The comparison: Coupa (HFS 6.6, Moderate Risk) vs. Zycus (HFS 5.1, Elevated Risk)
The signal: Every future HFS assessment will now include Deployer Compliance Enablement scoring
On August 2, 2026, the EU AI Act’s deployer obligations take full effect.
If your organization uses AI-powered procurement technology in the EU, you become a “deployer” under the regulation — with legal obligations for AI literacy, data quality monitoring, human oversight, and post-deployment accountability.
The penalty for deployer non-compliance with high-risk AI obligations: up to €15 million or 3% of global annual turnover.
The Question No One Is Asking
Vendors are aggressively marketing AI capabilities — agentic procurement, autonomous sourcing, AI-powered spend intelligence.
But here’s what they’re not telling you:
They have no obligation to assess whether you’re ready to deploy their AI compliantly.
They sell the capability. You bear the regulatory liability.
The First Comparison: Coupa vs. Zycus
We applied the Hansen Fit Score™ framework to assess how well each vendor’s operating model supports deployer compliance readiness:
Key Findings:
Vendor
HFS Score
Capability–Outcome Gap*
Deployer Exposure Risk**
Coupa
6.6
4.8 points
MODERATE
Zycus
5.1
3.6 points
ELEVATED
Capability–Outcome Gap = difference between vendor capability scores and observed implementation outcome performance within the HFS methodology (scale: 0–10).
*Deployer Exposure Risk reflects governance readiness alignment, not a legal audit of the vendor’s AI stack.
Why the difference? Coupa shows a stronger enterprise change-management footprint and more mature governance artifacts. Zycus shows higher variance in deployment outcomes and weaker evidence of readiness gating before advanced AI feature enablement.
Important: We have not seen evidence that either vendor systematically assesses client organizational readiness as a condition of sale. This is a systemic industry pattern, not a critique unique to these two vendors.
What This Means for You
If you’re evaluating, implementing, or currently using AI-powered ProcureTech:
Know your obligations — The EU AI Act makes YOU responsible for compliant deployment
Assess your readiness — Your Hansen Fit Score determines both implementation success AND regulatory exposure
Ask the hard questions — Demand implementation success metrics and readiness assessments from your vendors
What’s Next: The ProcureTech AI Readiness Series
Starting now, every Hansen Fit Score™ Consolidated Assessment will include Deployer Compliance Enablement scoring — measuring how well vendors support your ability to meet EU AI Act obligations.
We’re assessing the full ProcureTech landscape — Coupa, Zycus, SAP Ariba, GEP, Ivalua, Jaggaer, Oracle, and others — to answer one question:
Is your vendor ready to help you comply, or are they just ready to sell?
Hansen Fit Score™ — Measuring what matters: implementation success, not capability theater.
The Hansen Fit Score is not a legal compliance certification — it is a governance readiness diagnostic. What the EU AI Act now mandates, HFS has measured since 1998.
Procurement Insights
Do You Know If Your ProcureTech Vendor Is Ready for the EU AI Act?
Posted on February 6, 2026
0
In responding to my recent post** on the EU AI Act, Tim Cummins made a point that reframes the entire ProcureTech AI conversation:
That observation matters because the EU AI Act does not regulate intention, ambition, or capability. It regulates deployment — and fragmented commercial architectures fail under deployment pressure.
** The EU AI Act Just Made Organizational Readiness the Law
THE SHORT VERSION FOR BUSY EXECUTIVES
On August 2, 2026, the EU AI Act’s deployer obligations take full effect.
If your organization uses AI-powered procurement technology in the EU, you become a “deployer” under the regulation — with legal obligations for AI literacy, data quality monitoring, human oversight, and post-deployment accountability.
The penalty for deployer non-compliance with high-risk AI obligations: up to €15 million or 3% of global annual turnover.
The Question No One Is Asking
Vendors are aggressively marketing AI capabilities — agentic procurement, autonomous sourcing, AI-powered spend intelligence.
But here’s what they’re not telling you:
They have no obligation to assess whether you’re ready to deploy their AI compliantly.
They sell the capability. You bear the regulatory liability.
The First Comparison: Coupa vs. Zycus
We applied the Hansen Fit Score™ framework to assess how well each vendor’s operating model supports deployer compliance readiness:
Key Findings:
Capability–Outcome Gap = difference between vendor capability scores and observed implementation outcome performance within the HFS methodology (scale: 0–10).
*Deployer Exposure Risk reflects governance readiness alignment, not a legal audit of the vendor’s AI stack.
Why the difference? Coupa shows a stronger enterprise change-management footprint and more mature governance artifacts. Zycus shows higher variance in deployment outcomes and weaker evidence of readiness gating before advanced AI feature enablement.
Important: We have not seen evidence that either vendor systematically assesses client organizational readiness as a condition of sale. This is a systemic industry pattern, not a critique unique to these two vendors.
What This Means for You
If you’re evaluating, implementing, or currently using AI-powered ProcureTech:
What’s Next: The ProcureTech AI Readiness Series
Starting now, every Hansen Fit Score™ Consolidated Assessment will include Deployer Compliance Enablement scoring — measuring how well vendors support your ability to meet EU AI Act obligations.
We’re assessing the full ProcureTech landscape — Coupa, Zycus, SAP Ariba, GEP, Ivalua, Jaggaer, Oracle, and others — to answer one question:
Is your vendor ready to help you comply, or are they just ready to sell?
For the full analysis of how EU AI Act deployer obligations map to the Hansen Framework, read: The EU AI Act Just Made Organizational Readiness the Law →
Access the Full Vendor Assessments:
Hansen Fit Score™ — Measuring what matters: implementation success, not capability theater.
The Hansen Fit Score is not a legal compliance certification — it is a governance readiness diagnostic. What the EU AI Act now mandates, HFS has measured since 1998.
-30-
Share this:
Related