How to Choose an LLM Provider Without Getting Burned
Choosing an LLM provider is harder than it looks, because almost every vendor now claims to build custom AI and a good number are reselling the same overseas API behind a login screen. This guide sets out the criteria that genuinely separate an implementation partner from a thin wrapper: where your data physically goes, whether the model strategy locks you in, how the provider connects to the systems you already run, and how they prove accuracy before you sign anything.
Before You Shortlist: Understand What You Are Actually Buying
Most disappointing AI projects in Australia were lost at the selection stage, not the build stage. The organisation wrote a requirements document describing a chatbot, ran a beauty parade of demos, and picked the vendor with the best-looking one. Twelve months later the system is accurate enough to demo and not accurate enough to use. The fix is upstream: understand the market, define your requirements in terms a vendor cannot dodge, and choose criteria that predict production performance.
Three Kinds of Provider, Three Kinds of Outcome
The Australian market has three broad categories. Hyperscalers and their partners (AWS, Microsoft, Google) offer mature platforms and Sydney or Melbourne regions, but you build on their stack and their commercial terms. Generalist consultancies bring change management and governance depth, and often subcontract the engineering. Specialists build the system themselves and live or die on whether it works. None of these is automatically right. What matters is matching the category to the problem: a platform rollout, a transformation programme, or a hard technical build on sensitive data are three different purchases.
Define Requirements Before You Meet Vendors
A vendor cannot give you a meaningful proposal against "we want AI for our documents". Before your first meeting, write down three things: the two or three use cases with the clearest value, the classification of the data each one touches (public, internal, commercial-in-confidence, personal information under the Privacy Act, or government PROTECTED), and your realistic query volumes. Those three inputs determine model size, hosting model, and cost more than any other decision. They also let you compare proposals against each other rather than against the vendor's own framing.
Your Criteria Decide the Winner
Whoever sets the evaluation criteria sets the result. If your criteria are demo quality, brand recognition and day-one price, you will select for polish and sales budget. If your criteria are data sovereignty, model portability, integration evidence and a documented evaluation methodology, you will select for systems that survive contact with production. We publish our criteria openly because they are the ones we would use ourselves, and because a buyer who applies them rigorously will occasionally rule us out for good reasons. That is a better outcome than a bad fit.
The Four Criteria That Predict Whether the Build Will Work
Everything else in a vendor evaluation is negotiable. These four are not, because each one determines a cost or a risk you cannot renegotiate after go-live.
Criterion 1: Where Your Data Actually Goes
Every provider will say your data is secure. Very few will draw the data flow on a whiteboard. Ask for the diagram, then follow each hop to a physical jurisdiction and a named legal entity.
- Which region hosts inference, embeddings and logs (ap-southeast-2 is not the same as a US control plane)
- Whether APP 8 cross-border disclosure obligations are triggered by any hop in the flow
- Whether prompts and outputs are retained, used for training, or visible to vendor staff
- Whether the hosting meets IRAP, the Hosting Certification Framework or CPS 234 if those apply to you
Criterion 2: Model Strategy and Lock-In
The model your provider chooses today will not be the best model in eighteen months. What matters is whether you can change it without rebuilding the system, and who owns the work if you leave.
- Open-weight models (Llama, Qwen, Mistral) you can host yourself versus a single closed API
- Whether the retrieval layer, prompts and evaluation set are portable or vendor-proprietary
- Who owns fine-tuned weights, embeddings and the indexed corpus if the contract ends
- What happens commercially and technically when the upstream provider deprecates a model
Criterion 3: Integration With What You Already Run
AI value comes from the system reaching into where work actually happens. Ask for evidence of integrations with your stack specifically, not a logo wall of technologies the vendor has heard of.
- Document and records systems: SharePoint, Objective, Content Manager, network file shares
- Line-of-business software: LEAP, Xero, MYOB, JobAdder, TechnologyOne, Procore, SimPro
- Identity and access: Entra ID or Okta, so document permissions carry through to retrieval
- How permissions are enforced at query time so staff cannot retrieve what they cannot open
Criterion 4: How They Prove Accuracy
A demo proves a vendor can find questions their system answers well. An evaluation methodology proves the system answers your questions well. Insist on the second and discount the first.
- A written evaluation set of real questions from your staff with known correct answers
- Measured metrics before go-live: context precision, context recall, faithfulness, answer relevance
- A defined accuracy threshold that gates production release, agreed in writing beforehand
- Ongoing measurement in production, not a one-off score in an acceptance document
Pricing Models and What Each One Hides
The pricing structure tells you what the vendor is optimising for. Compare on three-year total cost including infrastructure and change, not on the implementation line item.
- Per-seat SaaS: predictable, but you are renting a generic product, not building an asset
- Fixed-price build: shifts risk to the vendor, and rewards them for scope discipline
- Time and materials: honest for genuine discovery work, dangerous without a scoped ceiling
- Token pass-through: fine at low volume, compounds badly once the system becomes useful
The RFP Question Checklist
Put these to every vendor in writing and compare the answers side by side. Vagueness on any of them is a finding in itself, and the pattern of dodges is more informative than any single answer.
- Sovereignty: draw the data flow; name every region, subprocessor and retention period
- Model: which weights, hosted where, and what does migration to a different model cost us?
- Evaluation: show us a real evaluation report from a previous build with the client redacted
- Exit: on termination, what do we receive, in what format, and how long does it take?
How to Run the Selection Process
A disciplined selection takes about six to ten weeks and saves considerably more than that later. The sequence matters more than the paperwork.
Scope and Classify
Write down two or three use cases, classify the data each touches, and estimate query volumes. Decide up front whether sovereignty is a hard constraint or a preference, because that single answer removes or restores most of the market.
Shortlist Across Categories
Shortlist three to five providers deliberately spanning hyperscaler partners, consultancies and specialists. A shortlist drawn from one category only compares vendors to each other, never the underlying approach.
Test With a Paid Proof of Concept
Run a small scoped proof of concept on your real documents with your real questions, against the evaluation set you wrote. Pay for it. Free pilots are sales activities and are optimised to impress rather than to measure.
Contract on Evaluation Gates
Structure the agreement so payment milestones align with measured accuracy thresholds and a working exit. If a provider will not put an accuracy gate in the contract, they are not confident their system will pass it.
Contract Red Flags and Procurement Mistakes
These are the patterns that show up repeatedly in Australian AI procurement, and each one is visible before you sign if you know to look.
Contract and Vendor Red Flags
None of these is proof of a bad provider on its own. Two or more together should stop the process while you ask harder questions.
- A quote far below the market for genuine custom work, which usually means an API wrapper
- Reluctance to name the underlying model, hosting region, or subprocessors in writing
- Accuracy claimed as a percentage with no evaluation set, methodology or measurement defined
- No exit clause covering return of data, embeddings and fine-tuned weights in a usable format
- Terms that permit your prompts or documents to be used to improve the vendor's own models
Common Mistakes in Australian AI Procurement
The failures we are most often called in to repair were procurement failures long before they were engineering failures.
- Buying a platform before defining a use case, then hunting for a problem it fits
- Treating a demo on the vendor's curated documents as evidence about your messy ones
- Selecting on day-one price when three-year total cost of ownership tells a different story
- Ignoring the Voluntary AI Safety Standard guardrails until an internal audit surfaces them
- Leaving legal, privacy and the records manager out until contract stage, then re-scoping
Take the Next Step in Your Evaluation
Private LLM Cost Australia
Once you know who and how, the next question is how much. Transparent implementation, infrastructure and three-year total cost of ownership ranges for Australian deployments.
See the cost breakdown →Sovereign AI Australia
Go deeper on criterion one: what data sovereignty actually requires in practice, and how to verify a provider's claims against the Privacy Act and your regulator.
Understand sovereignty requirements →Open Source LLM for Business
Go deeper on criterion two: how open-weight models compare with closed APIs on capability, cost, portability and the lock-in risk you inherit either way.
Compare open-source options →Frequently Asked Questions
For genuine custom work in Australia, a small single-use-case deployment on cloud-hosted sovereign infrastructure runs roughly $25,000 to $60,000 to implement, a medium build with retrieval and one integration $60,000 to $120,000, and a large multi-use-case or on-premises enterprise deployment $120,000 to $280,000, plus infrastructure. If someone quotes $5,000 for a custom LLM, they are almost certainly configuring a prompt on top of an overseas API and reselling it. That can be a perfectly reasonable purchase, and if it suits your use case you should buy it knowingly rather than believe you are getting a bespoke system. What you are not getting is data sovereignty, model portability, or an asset you own. Ask what the price includes: data ingestion, evaluation, integration and support are where real cost sits.
Use both, in sequence. Discovery and scoping genuinely cannot be fixed-priced accurately, because nobody knows the state of your documents until they look at them. A short time-and-materials or fixed-fee discovery engagement is the honest structure there, and it should produce an architecture, an evaluation set and a costed build proposal you could take to another vendor. The build itself should then be fixed-price against that scope, because by then the unknowns are resolved and the vendor is the party best placed to carry delivery risk. Be wary of open-ended time and materials for the build phase: it rewards slow progress and leaves you carrying every estimate error. Equally, be wary of a fixed price quoted before anyone has seen your data, which usually means the vendor has priced in a large contingency or plans to argue about scope later.
No honest provider will guarantee that an LLM is correct one hundred per cent of the time, and a vendor who offers that is telling you they do not understand the technology. What is realistic, and what you should require, is a measured accuracy threshold on a defined evaluation set that gates production release. In practice that means: before the build, you and the provider agree on 200 to 500 real questions from your staff with known correct answers. The system is measured against that set on context precision, context recall, faithfulness and answer relevance. You agree thresholds in advance, and the final payment milestone depends on meeting them. This turns accuracy from a marketing adjective into a contractual test. It also gives you a regression suite for every future change to the system.
For sovereignty, what matters legally is where the data is processed and stored and which jurisdiction can compel access, not where the provider has an office. An Australian-owned integrator deploying onto a US-controlled platform does not give you sovereignty, and an offshore firm deploying entirely into ap-southeast-2 on infrastructure you control might. That said, an Australian provider matters practically in three ways. They are accountable under Australian law, including the Privacy Act and the Australian Consumer Law. They understand the regulatory context you actually operate in, whether that is OAIC guidance, APRA CPS 234 and CPS 230, the Information Security Manual, or the Voluntary AI Safety Standard. And support in your timezone matters enormously when a production system misbehaves at 9am Melbourne time and your vendor is asleep in California.
Compare them on four axes rather than on capability alone, because at the top end capability is closer than most vendors admit. First, sovereignty: open-weight models can run entirely inside your boundary, while an API wrapper sends your prompts to whoever holds the API. Second, unit economics: API costs scale linearly with usage forever, and a system that becomes genuinely useful becomes genuinely high-volume, which is where private hosting pulls ahead. Third, portability: you can move an open-weight deployment between providers and hardware, while a wrapper vendor sits between you and a model you could otherwise call yourself. Fourth, effort: an API wrapper genuinely is faster and cheaper to stand up. If your data is low-sensitivity, volumes are modest and you need something in a fortnight, the wrapper is the right answer, and we will say so.
Plan for four to seven months end to end and you will not be disappointed. Selection itself, from shortlist to signed contract, typically takes six to ten weeks including a paid proof of concept, and longer if procurement runs a formal tender or a panel process applies. Discovery and architecture take two to four weeks. The build for a first production use case usually runs eight to twelve weeks, including data ingestion, retrieval tuning, integration and evaluation against the agreed test set. Then allow three to four weeks for security review, user acceptance and a staged rollout, and longer if an IRAP assessment or an internal privacy impact assessment sits on the critical path. The single biggest schedule risk is not engineering. It is document access: getting the right people to grant the right permissions to the right repositories.
Put Us on the Shortlist, Then Put Us Through the Checklist
Bring us your use cases, your data classification and your volumes, and we will answer every question on this page in writing. If a different approach suits you better, we will tell you that too. Call +61 3 9999 7398 or send us the shortlist.