One of the key concepts in contracting for generative AI (GenAI) is allocating rights to data that the GenAI tool processes and generates, as well as any data used to train, test, and improve the underlying AI model. A new concern in these contracts relates to the use of a GenAI tool (or data generated by this tool) for competitive purposes and corresponding contractual restrictions. This blog post outlines some of the relevant considerations when evaluating and negotiating contractual provisions relating to these data rights and use restrictions.
Data Categories
Understanding the different types of data sets relevant to a GenAI model is key to allocating data ownership rights and restrictions. These data sets include the following:
- Training data: Data that is used to train and test the GenAI tool and the underlying model, either during the initial development or finetuning performed later on
- Input: Data that a user enters into a pre-trained GenAI solution to produce a desired result or output, including GenAI prompts
- Output: Data generated by the GenAI tool based on input, logic, and algorithms the AI tool uses based on its training data.
Data Rights and Obligations: Key Considerations
Contractual allocation of rights, restrictions, and related considerations are specific to each deal, data set, and use case. The chart below includes some general trends and considerations in these areas—noting that this is a rapidly developing area for both customers and vendors:
|
Data Rights and Obligations (Not Exhaustive) |
Training Data |
Input |
Output |
|
Ownership Rights between Parties |
Often not addressed in GenAI contracts. |
Typically allocated to customer.
|
Increasingly allocated to customer, with caveats that Output may not be unique, given the nature of GenAI. |
|
Responsibility for Use of Data Set |
Vendors are expected to secure appropriate rights to training data and to protect customers against “downstream” risks associated with claims of improper use of training data in the GenAI solution. |
Customers are expected to secure appropriate rights to the Input and to protect vendors against “downstream” risks associated with claims of improper use of Input in the GenAI solution. Some GenAI tools may not be designed to handle personal data or sensitive data (e.g., protected health information). Customers may also need to flow down obligations with respect to the processing of Input to the vendor. |
Customer view: Responsibility to be allocated in a manner consistent with training data (i.e., vendor responsibility). Vendor view: Tends to be increasingly closer to the customer view, but often addressed through separate, relatively weak and heavily caveated provisions.
|
|
Permitted Use of Data Set |
Not applicable. |
Customer view: Limit vendor’s use solely to generating Output, based on confidentiality and data privacy restrictions associated with the data, as well as any potential risk of competitive use. Vendor view: Broader right to use data—either to finetune the model (may be acceptable to the customer, depending on the use case) or—to further train or improve the model (increasingly less common) or related services (still prevalent in relation to anonymized or usage data). |
Customer view: Limited in the same manner as the Input. Vendor view: Contract often silent on this point but in negotiation, increasingly aligned with the customer view.
Caution: This is a technically challenging area for drafting due to overlapping defined terms that may have inadvertent consequences (e.g., customer’s obligations with respect to Input extended to Output). |
Restrictions on Competitive Use
Similar to customers’ concern with GenAI vendors using the Input to develop competitive models, products, or services, vendors increasingly seek to limit customers’ right to use GenAI tools or Output to shortcut the development of competing products. Key considerations in negotiating these restrictions include the following:
- Scope of vendor’s restriction – Does the restriction apply to a particular GenAI model in use or any available model? Does it extend to the Output? What about restrictions on previews and similarly pre-release versions of the tools?
- Who is covered? – Consider whether the restriction extends beyond the “customer” to its employees, contractors, agents, and other third parties whom the customer may be unable to control (e.g., downstream end-users).
- Restricted purpose – The restricted purpose could be narrowly defined (e.g., data sets generated for the purpose of training a GenAI model) or broadly defined to encompass the development or improvement of any competing product or service, similar to a noncompete on the business.
- Consequences of breach – What happens if a party violates the restriction? Potential consequences include suspension of use, termination of the agreement, damages, or injunctive relief. With respect to damages, the parties may consider whether related damages will be subject to a cap, and whether such damages include consequential or indirect damages.
The considerations discussed above are not exhaustive, and highly product and deal specific. Our technology and outsourcing team is well-versed in helping customers and vendors consider, negotiate, and draft these provisions with respect to GenAI.