Managed AI Agreement

Not a project.
A managed program for the AI domain of your business.

A recurring, comprehensive program where Unió Digital owns the AI domain on your behalf. Same model as your Managed Services Agreement, applied to AI: governance, monitoring, vendor management, training, and incident response.

Start with the Free Assessment What This Means

Two questions most leaders can't answer.

  1. Are you aware what your employees are using AI for today?
  2. What guardrails do you have in place: written policy, monitoring, governance?

If you don't have specific answers to both, you have an exposure problem. Customer data, contracts, financial records, and code are routinely pasted into public AI tools without IT visibility. Vendor security postures shift monthly. New shadow tools emerge weekly. State AI regulations are landing.

A one-time AI policy doesn't solve this. The work is ongoing. That's the case for a managed program.

What "Managed AI" actually means.

Top-tier MSPs are not selling AI services as a catalog of point offerings. They are selling Managed AI Agreements: recurring, comprehensive contracts where the MSP owns the AI domain on the client's behalf. Same logic that produced the MSP industry in the first place.

Clients do not want to manage AI vendor relationships, governance, risk, training, and security separately. They want one provider to own it. The work is ongoing, not project-based. AI tools change monthly. Vendor security postures shift. New shadow tools emerge. Training never finishes.

Under a Managed AI Agreement, Unió Digital runs your AI program the way we run your IT program. Tools come and go. The program stays current.

The eight components included in every Agreement.

Required base. Modules stack on top of these.

Shadow AI monitoring

Ongoing surveillance for unsanctioned AI tool use. Monthly AI Usage Report from your existing security stack.

Governance management

Run your AI governance program. Policy maintenance, exception handling, sanctioned-tool list. Quarterly governance review.

DPA management

Data Processing Agreements with each AI vendor (OpenAI, Anthropic, Microsoft, embedded SaaS). Negotiation, renewal, scope review.

Risk monitoring

Vendor risk (subprocessor postures, breach disclosures), data risk (PII, PHI flowing to AI), and regulatory risk (state AI laws, FTC actions).

Tools review

Quarterly review of which AI tools are sanctioned, deprecated, or scope-changed. Sanctioned-list updates as the market evolves.

Enablement and training

User training. New employees, new features, new use cases. Quarterly cadence at base level. Subscription-shaped at higher tiers.

Security audits

Semi-annual AI-specific security audits: prompt injection patterns, data exfiltration patterns, governance compliance.

AI incident response

On-call coverage for AI-specific incidents: data leak via AI tool, prompt injection event, sanctioned-tool failure, vendor breach affecting your data.

Three packages. Or build your own.

Most clients pick one of three. Custom configurations are a sales conversation away.

Foundation

Awareness, governance, policy.

For companies that want AI awareness, governance, and policy in place before active deployment.

  • The 8-component base
  • Quarterly enablement
  • Quarterly governance review
Most Common

Operations

Active deployment with real governance.

For companies actively deploying AI tools and needing governance, monitoring, and ongoing user training.

  • Everything in Foundation
  • AI Security module
  • Microsoft Copilot Managed
  • Enhanced Enablement (monthly)

Strategy

Unió is your AI partner end-to-end.

For strategic-tier clients where AI is becoming material to business outcomes. Includes vCAIO advisory and workshops.

  • Everything in Operations
  • Automation Services
  • Business Intelligence Automation
  • vCAIO Advisory (Quarterly)
  • Workshops included

Pricing: bespoke at this stage. The free assessment includes a 90-day plan with named owners and dollar estimates.

From assessment to Agreement.

Four stages. The first is free.

1

Assessment

30-minute free conversation. Five deliverables, including a 90-day plan you can act on whether or not we work together.

2

Workshop

Operational Discovery Workshop or AI 2x2 Workshop. Half-day or 90 minutes. Output: prioritized initiative roadmap.

3

90-Day Plan

Named initiatives, owners, dollar estimates, success criteria. The plan that becomes the first quarter of the Agreement.

4

Agreement

Recurring program kicks off. Quarterly governance reviews from there. Tools change; the program stays current.

Start with the Free Assessment

Inside the Agreement

Managed AI Workspace.

One governed interface for the AI tools your team needs. Less shadow AI by giving employees a sanctioned tool that's actually better than the free public alternatives.

Microsoft Copilot for Microsoft 365 productivity. Anthropic Claude for analysis and document work. OpenAI ChatGPT and custom GPTs for general-purpose assistance. All accessible from a single workspace with role-based controls, prompt logging, sensitivity-label awareness, and DLP at the edges.

Single sign-on

One identity per employee across every sanctioned AI tool. No personal logins, no shared keys, no shadow accounts.

Role-based access

Different teams get different model access and different policy. Healthcare administrators don't share scope with marketing.

Prompt logging

Every prompt logged for audit and review. Risk signals surface to the operations team automatically.

No model training on your data

Tenant-scoped or enterprise tier on every connected model. Your prompts and outputs don't become someone else's training set.

Built for your industry.

Generic Managed AI catalogs don't speak your operational language. Ours do.

Mining

DPA management for AI-touched MSHA training records. Custom agents on safety procedures and accident reporting. Multi-site connectivity that AI tooling has to respect. IT/OT segmentation kept intact.

Construction

Microsoft Copilot rollout against RFI summarization, submittal review, and subcontractor processing. Contract-data leakage prevention. Multi-site team enablement under one governance program.

Healthcare

BAA-gated AI tool selection. PHI containment in every component. HIPAA Security Rule mapped controls. Custom agents on intake forms and administrative workflows that explicitly exclude PHI scope.

Why Unió Digital owns AI for our clients.

MSP chassis, applied to AI

We already operate recurring service contracts at scale. The motion of selling, scoping, and running monthly programs is in muscle memory. The Managed Services Agreement chassis carries the Managed AI Agreement without re-inventing the operating model.

Vertical depth

Mining, construction, healthcare. We've built AI workflows against MSHA, RFI patterns, and HIPAA constraints. Your industry's vocabulary is our vocabulary.

One vendor across the surface

The same partner that runs your IT, low voltage, and physical security now runs your AI. One contract. One accountability. Your AI partner already knows your data and permissions.

Managed AI Agreement: FAQs.

How is a Managed AI Agreement different from one-off AI consulting?

One-off AI consulting produces a deck and a roadmap. A Managed AI Agreement is a recurring program where Unió Digital owns the AI domain on your behalf, the same way a Managed Services Agreement covers IT. Tools change monthly and governance has to keep up. A program does that. A consulting engagement doesn't.

How does this fit alongside our existing Managed Services Agreement?

Three options. Bundle it into the existing MSA as an expanded scope. Add it as a recurring module on top. Or stand it up as a separate Managed AI Agreement. Each has different revenue and renewal mechanics. We walk through the trade-offs in the assessment so you can pick the structure that fits your accounting and procurement reality.

What is the contract length?

Initial term is typically 12 months, then month-to-month after with documented exit terms. We don't lock clients in past the initial term. The relationship is recurring because the work is recurring, not because the contract requires it.

What does this cost?

Pricing is bespoke at this stage. Foundation tier (the 8-component governance baseline) starts the lowest. Operations and Strategy tiers scale based on seat count, environment complexity, and module selection. The free assessment includes a 90-day plan with named owners and dollar estimates.

Do you support healthcare practices with PHI scope?

Yes. We work with HIPAA-covered practices today and treat PHI scope as a first-class concern in every component of the Agreement. The AI Policy template explicitly excludes PHI from public AI tools, sanctioned tools are configured to respect the regulatory perimeter, and BAAs with underlying tooling vendors are managed under DPA management.

What happens if our AI vendor (OpenAI, Anthropic, Microsoft) has a breach?

DPA management and risk monitoring are two of the eight base components. We track subprocessor breach disclosures in real time, assess scope against your data flow, and run AI incident response if the breach affects you. You hear about it from us before you hear about it from the news.

Can we build a custom configuration outside the three packages?

Yes. The packages are marketing-side bundles. Underneath, the operation runs as the 8-component base plus modular add-ons. Sales builds custom configurations from the same modular menu on request. Most clients pick a named package, but custom is a sales conversation away.

How do we get started?

Book the free AI Readiness Assessment. 30-minute conversation, five deliverables, no commitment. The 90-Day Plan is yours either way. If the program fit is right, we move to a Workshop and then to Agreement onboarding. If the fit isn't right, you keep the deliverables and act on them however you want.

Related AI Services

Productized modules and adjacent services that fit inside the Agreement.

Microsoft Copilot

Deployment, governance, training.
AI Security

Shadow AI monitoring, DLP, incident response.
Automation Services

Workflow automation, AI agents, integrations.
BI Automation

KPI dashboards, scorecards, anomaly alerts.

Book a Managed AI conversation.

Start with the free assessment. The 90-day plan is yours either way.

Start with the Assessment

Further Reading

Authoritative references

Ryan Gyure, Managing Partner & Co-Founder of Unió Digital

Written by Ryan Gyure, Managing Partner & Co-Founder of Unió Digital.

Ryan has led Arizona managed IT, cabling, and security delivery since 2016. He authors and operates the Managed AI program at Unió Digital. More about Ryan · LinkedIn