Most identity-graph purchases fail for one predictable reason: the buyer buys a lookup table, expects a resolution engine, and blames the channel when lift does not appear. In 2026, graphs face tighter procurement scrutiny when joined to location, health, or financial outcomes. This guide covers coverage and match rates, refresh and decay, confidence tiers, and compliance artifacts before you operationalize a feed. Start at Identity Graph, MAID Feed, and maid licensing questions.
Split results by identifier type in the scorecard: MAID-only matches, HEM bridges, CTV household IDs, and any cookie or IP bridges still in the graph. Buyers often discover that headline match rate is carried by a lane they cannot activate on the DSP or in email. If your production stack is CTV-heavy, weight CTV-to-MAID and CTV-to-visit stability higher than raw email expansion.
The best diligence step is a governed seed match. Provide 10K–100K hashed first-party records (emails, phones where allowed, stable customer IDs). Ask for match counts by identifier type — MAID, HEM, household/CTV ID — and confidence tiers. Headline graph size is often inflated by low-confidence probabilistic links or stale IDs; your seed exposes real usable resolution. Same pattern as B2B database evaluation.
Pre-register metrics before files move: match rate, precision on a labeled holdout, freshness distribution, and lift on the activation surface you will use. A 90% match rate with stale emails loses to a 55% rate with verified contacts. Use seed match testing and enterprise pilot checklist.
Contract for observed decay metrics, not marketing refresh language. Ask vendors to show month-over-month match stability on a fixed internal panel you provide once per quarter. If stability drops while headline graph size grows, you are accumulating low-confidence links — a common post-ATT pattern on iOS-heavy feeds.
Graphs are not static. MAIDs churn — especially iOS post-App Tracking Transparency. Emails go dormant; households change. Monthly refresh may suffice for research; weekly is often the baseline for activation and measurement. If you run weekly CTV flights with quarterly graph refresh, decay dominates performance.
Ask for observed decay curves by identifier type and written refresh guarantees. Tie SLAs to remedies in the license. Cross-read data refresh cadence and drift monitoring for production operations.
Deterministic links (shared logins, explicit bridges) support high-confidence measurement. Probabilistic links support upper-funnel reach. Require vendors to expose proportions and scores you can threshold: suppression may accept 0.6+; attribution often needs 0.85+. Map vocabulary to IAB Tech Lab standards. Opaque lookup tables fail governance reviews.
Ask for sourcing posture, sensitive-category exclusions, opt-out and deletion workflows, retention and downstream-sharing limits. Model diligence on data brokers post-FTC consent orders and FTC location enforcement. Review sourcing methodology and privacy policy for consistency with contract exhibits.
Location-adjacent joins trigger extra review: geofence exclusions, minors handling, and precision limits. Pair with sensitive location checklist before any mobility join on the graph.
The diligence packet should specify delivery channel, schema versioning, incident contacts, deletion propagation, and support SLAs — not only match rates. Validate in clean room joins if that is the production path. For measurement design, pair the graph with cross-channel measurement and CTV attribution.
GSDSI publishes graph and MAID feed specs for buyer pilots via pilot process. Location buyers should scope POI data when visits are the outcome layer.
Procurement should score two seed matches when possible: one on CRM individuals, one on campaign exposure cohorts. Graphs that win on CRM but fail on CTV-to-visit joins are lookup tables, not measurement graphs. Require written answers on international coverage if you activate outside the US — cross-border density varies more than US headline counts suggest.
Legal should receive confidence-tier histograms from the seed match, not a single match-rate PDF. Histograms show whether the vendor wins on probabilistic mass you cannot use. Pair results with 5 questions to ask before licensing a MAID feed when mobility fields attach to graph exports.
Post-signature, monitor graph drift the same way you monitor bounce rates: weekly match stability on a fixed 5K-row panel. Alert when deterministic share drops or median freshness ages beyond SLA. That operational habit prevents the Q3 surprise where performance collapses because iOS panel composition shifted without a vendor notice.
Identity graphs used in clean rooms still need confidence histograms — aggregation hides overmatching until lift tests fail. Ask how opt-outs remove edges versus nodes; edge-only removal can leave stale household links.
International programs need country-level match curves, not one global number. Cross-border transfers need Chapter V tools beside match results — see GDPR Article 27 diligence.
Executive summaries should separate measurement match rates from activation match rates. They diverge when probabilistic mass is high but not deployable on your DSP or email stack.
Buyers running audience targeting and risk and fraud on the same graph must document different confidence thresholds per program in the contract. Using one threshold for both is how fraud teams over-suppress audiences marketing needs, or marketing over-expands IDs risk teams rejected.
Require vendors to notify you when top source apps change by more than five points of panel share quarter-over-quarter. Share shifts often precede match-rate swings and compliance questions.
When graphs feed clean-room measurement, store join rules and confidence floors in the clean-room policy document — not only in the graph license. Clean-room operators need the same thresholds as activation teams or they will publish aggregates built from links marketing is not allowed to use. Reconcile graph documentation with clean room joins and annual re-certification calendars.
Operationally, assign a single owner for vendor evidence, refresh calendars, and committee scorecards so procurement, legal, and analytics do not maintain three conflicting versions of the same feed specs. The owner publishes monthly status: match stability, schema version, open incidents, and upcoming methodology reviews. That rhythm prevents the six-week surprise where production diverges from the pilot without anyone noticing. Tie the owner’s checklist to pilot process and sourcing methodology so external auditors and enterprise buyers see the same story in diligence packets and on the public site.
Operationally, assign a single owner for vendor evidence, refresh calendars, and committee scorecards so procurement, legal, and analytics do not maintain three conflicting versions of the same feed specs. The owner publishes monthly status: match stability, schema version, open incidents, and upcoming methodology reviews. That rhythm prevents the six-week surprise where production diverges from the pilot without anyone noticing. Tie the owner’s checklist to pilot process and sourcing methodology so external auditors and enterprise buyers see the same story in diligence packets and on the public site.