Tech & Sourcing @ Morgan Lewis


This blog is the finale to our Cracking AI and Outsourcing Conundrums series, a series in which we’ve discussed thought-provoking topics and set the stage for dynamic discussions with outsourcing customers and providers on the opportunities and risks of generative AI (GenAI) solutions in the outsourcing space. In this Part 4, we examine certain top-of-mind issues arising in connection with ownership and use rights when leveraging GenAI.

In Part 1 to this series, we discussed at a high level the challenges of requiring outsourcing providers to drive innovation through GenAI while also complying with an outsourcing customer’s AI policies. In Part 2, we dove into the conundrum of balancing a company’s need for enhanced quality checks with the desire (by the company and the outsourcing provider) to realize savings when leveraging GenAI solutions. In Part 3, we considered the complexities of determining where and how GenAI is currently being used by a company’s outsourcing provider and whether there is appropriate disclosure and understanding of such use.

Concerns regarding ownership and use rights is one of the impediments to GenAI adoption, and, with the potential for GenAI tools to process sensitive business data or produce deliverables that will be embedded in critical operations, the concern is one that should be examined and addressed.

Not all GenAI tools are alike just as the use cases, data at issue, and outputs are not the same with respect to every GenAI solution. In order to understand and potentially mitigate the potential risks, business and legal teams will need to examine each tool and assess the appropriate ownership and use rights to the underlying GenAI technology, the input data, the data used to train the GenAI tools, and the training instructions and prompts as well as the output and other items such as requirements documents and the use cases themselves.

Set out below are some gating questions to consider when thinking about ownership and use rights:

The AI Technology

  • What is the basis for the solution? Is it commercially available software that is used by many customers? Is it being developed specifically for the customer as a net new solution or is it modified or configured from preexisting software for use by the customer?
  • Is the solution a multiclient tool or is it a separate instance that is trained and hosted specifically for the customer?

Input and Training Data

  • Is the input data being used to create/prompt the output? Is the data being used to train the model for the customer only or for general users?
  • Who provides the input data? Is the input data customer proprietary data or are there also third-party sources? Who provides the third-party data?
  • Is the input data sensitive or personal information? Could it include downstream client or vendor data?
  • Are there other uses for the input data or output data such as general provisions relating to the improvement of the services? What does improvement of the services mean in the context of GenAI—could it mean training the tool?


  • What is the intended output? How will it be used by the customer or the provider and is it critical to ongoing business operations?
  • Can the provider say that the customer will own the output, under copyright law or otherwise? Is the right to use enough—could lack of ownership potentially impair title to critical items such as software or documentation?
  • Will the use of GenAI inadvertently override the other IP provisions in the agreement such as transfer of ownership of deliverables to a customer?


  • Who creates the instructions or prompts to the AI tool? Do they contain any competitive information or sensitive data?
  • Can others see or use these instructions or prompts?

Other Considerations

  • Use cases and prototypes: Are the use cases specific to the customer’s business or could they provide a competitive advantage?
  • Requirements documents for the build of GenAI tools: Who provided the requirements? Are they confidential to the customer or do they contain sensitive information?


This blog marks the end of our Cracking AI and Outsourcing Conundrums series. The series provoked a good deal of discussion regarding the promise and danger of GenAI solutions, with the consensus being that customers and providers of outsourcing services desire finding ways to implement GenAI in a compliant manner that enables the benefits but at the same time provides the appropriate level of transparency, privacy, and intellectual property protection. A tall order, but one that business and legal teams will be tackling in the next year as the GenAI landscape continues to evolve.

Look out for future blogs at Tech & Sourcing @ MorganLewis on these and other top-of-mind topics for technology and outsourcing lawyers and sourcing professionals.