For SaaS service the right to audit will be evaluated in due time.
When PNO is a Beneficiary EU consortium the right to audit is mostly arranged in an appendix of the consortium agreement; see quote below. When not the right to audit can be covered in a Processing Agreement.
The introducing Beneficiary is entitled to perform an audit of the accessing Beneficiary/Third Party’s Processes for Personal Data both during the term of the Action and for seven (7) years after the completion of the Action] in accordance with the foregoing and the provisions of the Consortium Agreement. For this purpose, the accessing Beneficiary/Third Party will inform the introducing Beneficiary upon request and provide necessary documents and information to the introducing Beneficiary. The accessing Beneficiary/Third Party is obliged to perform internal audits to ensure compliance with its obligations.Source: European IMI project Appendix 2: Actions involving Personal Data and/or Human Samples
The transfer of Personal Data on a Controller-to-Controller basis does not modify the acknowledgment and/or allocation of intellectual property rights of clauses 6, 7 and 8 of this Consortium Agreement. This transfer shall only be the consequence of honoring the rights (e.g., ownership, licenses or Access Rights) that both the introducing Beneficiary and the accessing Beneficiary/Third Party shall have on the relevant Background and Results according to clauses 6, 7 and 8 of this Consortium Agreement.